ACCA F8 (INT) Audit & Assurance - 2010 - Study text - Emile Woolf Publishing
Подождите немного. Документ загружается.
Chapter 9: Tests of controls
© EWP Go to www.emilewoolfpublishing.com for Q/As, Notes & Study Guides 215
Table continues
Control objectives Principal controls Tests of control
There should be
established authority levels
for cheque signing (usually
two signatures required for
cheques above a certain
amount).
Payments must be recorded
promptly.
All cheques must be
numbered sequentially.
Review the documents
supporting requisitions
for payment.
Review the sequence of
cheque numbers (see also
above under
safeguarding pre-signed
cheques).
5.3 Petty cash
Control objectives
There should be several control objectives for petty cash.
To avoid or reduce the risk of petty cash being stolen.
To ensure that all spending out of petty cash is properly authorised.
To ensure that only the correct amounts of cash are withdrawn from the bank to
go into petty cash.
To ensure that all spending out of petty cash is accounted for.
Controls
The controls that commonly apply to petty cash systems (where the imprest system
is used) are as follows.
The maximum amount held in petty cash should be restricted to about one
month of petty cash spending. This is to avoid holding unnecessarily large
amounts of cash that might be stolen.
Petty cash should be kept in a locked cash box in the office safe, or if there is no
safe in a locked drawer in the accountant’s desk. This is a basic physical control
over cash.
All withdrawals of petty cash should be recorded on a petty cash voucher and
vouchers must be sequentially numbered. This is to prevent the fraudulent
withdrawal of cash and failures to record cash withdrawals
All petty cash spending should be authorised in advance by a properly
authorised person (and not by the person withdrawing the cash). Authorisation
should be indicated by signing and dating the petty cash voucher which is kept
in the petty cash box until the petty cash is ‘topped up’ the next time and the
pety cash expenses are recorded in the petty cash book.
Receipts should be provided for petty cash spending and attached to the petty
cash voucher.
Paper F8: Audit and assurance (International)
216 Go to www.emilewoolfpublishing.com for Q/As, Notes & Study Guides © EWP
When money is withdrawn from the bank to ‘top up’ petty cash, the amount of
the cheque for the cash withdrawal should be checked against the total of the
petty cash vouchers in the petty cash box. The amount of cash withdrawn
should equal the total on the petty cash vouchers since the previous cash
withdrawal from the bank.
There should be occasional checks of petty cash by a senior person (not the
person responsible for holding and issuing petty cash) to ensure that the person
responsible for holding petty cash has not been taking money fraudulently.
There should be a system for the regular recording of petty cash expenses in the
petty cash book. Each entry in the petty cash book should include the voucher
number, to provide a check that all expenses are recorded (a check on
completeness).
Chapter 9: Tests of controls
© EWP Go to www.emilewoolfpublishing.com for Q/As, Notes & Study Guides 217
The inventory system and non-current assets
The inventory system
Non-current assets
6 The inventory system and non-current assets
6.1 The inventory system
Inventory is often a ‘material’ aspect of the financial statements and can also be a
relatively high risk area. Consequently, the auditor will usually want some
assurance as to controls in place for inventory.
The tests of control suggested below do not repeat tests which have been dealt with
in respect of sales and purchases. The tests here focus on other aspects, primarily
inventory movements and security. Audit work on the valuation of inventory is
normally performed at the substantive testing stage and will be dealt with in a later
chapter.
The main risks associated with inventory are as follows:
Inventory records are inaccurate.
Inventory may be stolen or damaged.
Inventory may be valued at incorrect amounts.
Too little inventory may be held, so that customers’ orders cannot be fulfilled.
Too much inventory may be held, and therefore too much money tied up.
Control objectives Principal controls Tests of control
Recording inventory
Inventory records
should be complete,
accurate and include
only items belonging to
the company.
All inventory
movements should be
recorded and
authorised.
There should be
segregation of duties
(ordering inventory,
custody of inventory,
accounting for inventory).
There should be proper
documentation for all
issues of inventory from
the store.
All goods received should
be checked and recorded
Appropriate inventory
records should be properly
maintained.
The auditor can look for
evidence that inventory
movements (as recorded
in the inventory
department) agree with
despatch documents and
goods received
documents.
The auditor should look
for documentation
providing evidence that
inventory movements are
properly authorised.
Paper F8: Audit and assurance (International)
218 Go to www.emilewoolfpublishing.com for Q/As, Notes & Study Guides © EWP
Table continues
Control objectives Principal controls Tests of control
Physical safeguards
Inventory is protected
against loss and damage.
There should be restricted
access to storage areas.
Regular inventory counts
should be performed using
appropriate procedures.
The auditor should look
for compliance with
access restrictions.
The auditor should
obtain confirmation that
periodic inventory counts
are performed, and that
counts are checked
against records of what
inventory levels should
be.
Valuation
Inventory should be
correctly valued at the
lower of cost and net
realisable value.
IAS 2 should be applied.
There should be
procedures for identifying
obsolete and slow moving
inventory items.
The auditor should look
for evidence of how
inventory valuations are
reviewed, in order to
apply the principles of
IAS 2.
Inventory management
Appropriate levels of
inventory should be
held at all times.
There should be maximum
and minimum inventory
levels for all inventory
items of value.
There should be
appropriate re-order levels
and re-order quantities.
The auditor should carry
out a review for excessive
inventory levels (possibly
via exception reports in
an IT system). (This check
is often performed in
conjunction with the
inventory count or ‘stock
take”).
The auditor should also
monitor the frequency of
out-of-stock situations.
6.2 Non-current assets
The main risks associated with non-current assets are as follows:
Non-current assets which the company does not need could be ordered.
Expenditure on non-current assets may be recorded at incorrect amounts, or as
revenue instead of capital expenditure.
Chapter 9: Tests of controls
© EWP Go to www.emilewoolfpublishing.com for Q/As, Notes & Study Guides 219
Control objectives Principal controls Tests of control
Authorisation
All expenditure on non-
current assets should be
properly authorised.
Appropriate authorisation
procedures should be in
place.
Documentation and anal
y
sis
should be produced to
support (capital)
expenditure requests.
There should be approval
procedures for the payment
of invoices to the suppliers
of non-current assets.
Many tests of control for
the purchase of non-
current assets are similar
to those for the purchase
of inventory items.
The auditor should also
look for documentary
evidence of capital
expenditure
authorisations.
Recording
All expenditure on non-
current assets should be
properly recorded.
Expenditure should be
properly analysed as
capital or revenue.
Invoices must be analysed
and account codes entered
on the invoices.
Management should review
the analysis of purchased
items as capital or revenue
items, to ensure compliance
with standard accounting
practice.
The auditor should check
the capital/revenue
analysis of invoices.
The auditor should check
that entries are made in
the non-current asset
register.
Paper F8: Audit and assurance (International)
220 Go to www.emilewoolfpublishing.com for Q/As, Notes & Study Guides © EWP
Other issues with tests of controls
Tests of controls in smaller entities
Exam technique: generating controls and tests of control
7 Other issues with tests of controls
7.1 Tests of controls in smaller entities
Control systems in smaller entities are often less sophisticated than those in larger
organisations. This is largely due to a lack of resources. In particular, a proper
segregation of duties is often very difficult in small entities. It is also likely in small
entities that there will be extensive involvement in control activity by senior
management or the entity’s owner.
In the case of smaller entities, the auditor will look for the existence of ‘minimum
business controls’. The minimum business controls should be identified, recorded
and tested, as in any other type of control system.
The auditor is unlikely to be able to use the controls existing in a small entity as a
basis for using a systems-based approach to the audit; therefore, a large amount of
substantive testing is likely to be adopted. However, the auditor may be able to rely
on the controls which are in place as a means of gaining assurance on certain aspects
of the audit, for example, on the completeness of the accounting records.
7.2 Exam technique: generating controls and tests of control
Most of this chapter has presented lists of risks, control objectives, internal controls
and tests of control, for different aspects of business and accounting operations. You
do not have to learn all these lists, because each accounting system and each
business is different. Their control objectives and appropriate controls also differ.
What you need to be able to do in the exam is to apply general principles to any
particular system or business described in an exam question.
The approach that we recommend is the approach has been explained and
illustrated in this chapter. However, it is extremely important that you should
understand this approach so that you can apply it in the exam. It is worth
summarising again!
Consider the things that could go wrong with the system. This should give you
the risks.
Consider what the controls will need to achieve in order to mitigate those risks.
This should give you the control objectives.
Think of controls which would help to prevent or detect the problem. You may
be able to base these on some of the examples given in this chapter.
Alternatively, you may find it helpful to use the list of control activities from ISA
Chapter 9: Tests of controls
© EWP Go to www.emilewoolfpublishing.com for Q/As, Notes & Study Guides 221
315 and their sub-types (performance reviews (including management controls),
application controls (including authorisation, arithmetic and accounting
controls), general IT controls, physical controls and segregation of duties).
Design audit procedures to test the operation of the control. In doing this, you
may find it helpful to think of the key audit testing procedures – inspection,
observation, enquiry, confirmation, re-calculation and re-performance and to
consider the use of test data.
Example
Your audit client operates a chain of fast-food restaurants. Six types of standard
meals are available and are heated when customers place their orders. The meals are
ordered weekly by the restaurant managers from the distribution centre at head
office. At the end of each week, unused meals from the previous week are sent back
to the distribution centre for disposal.
Required
List the controls which your client should have in operation to prevent losses to the
entity as a result of the above system.
Answer
Managers should be required to produce a monthly reconciliation of meals
bought, meals sold and meals returned to head office.
Meals sold per this reconciliation should be agreed to the monthly sales figure (a
difference could indicate theft).
Where returns are above a pre-determined level, management at head office
should investigate to identify over-ordering or a downturn in demand.
Where returns are very low, management at head office should investigate to
ensure that customers have not been turned away due to a lack of inventory.
Strict physical controls should operate to ensure that inventory is not damaged in
transit (e.g. refrigerated lorries) or once at the branch (eg sufficient, properly
working refrigerators).
Authorisation limits should be set for the number of meals any branch can order
(based on budgets and past usage).
Head office should carry out surprise inventory counts at branches.
As an alternative, the examiner might require you to identify the risks to which a
business might be exposed as a result of poor internal controls. These risks are the
same as the control objectives not being met (for example, for sales, the risk that not
all goods despatched are invoiced). However, you could also be asked to set out the
consequences of those risks and suggest controls which would address them.
Paper F8: Audit and assurance (International)
222 Go to www.emilewoolfpublishing.com for Q/As, Notes & Study Guides © EWP
Example
An entity selling goods on credit terms is exposed to the risk of invoicing errors.
Required
Set out the possible consequences of the above risk and suggest suitable internal
controls which could be implemented to address the above risk.
Answer
Possible consequences
Sales and receivables will be misstated.
Customer goodwill may be lost if they are charged too high a price (especially if
this happens repeatedly).
The time taken to correct the errors will result in delays in the payment of
invoices by customers and could lead to cash flow problems. (If customers have
been undercharged the difference may never be recovered.)
If process charged or quantities entered are too low goods could be despatched to
customers who would have been over their credit limits if the correct price had
been charged. Again, this may result in the non-recovery of debts.
Internal controls to address
Invoice checked for accuracy with respect to despatch note details, price list and
any discounts agreed with that customer (or generally available for bulk
purchases) and casts checked.
Or, in an IT system, invoice produced automatically with strong physical controls
over master files and good general IT controls).
Data entry edit controls (e.g. field and range checks) if invoices are raised
individually but then put onto an IT system.
Independent authorisation of amendments to customer details and price lists.
Amendments to standing data printed out and reviewed.
Example
Using the list of internal controls in the example immediately above, set out the audit
procedures you could use to test the operation of each of those controls.
Answer
Select a sample of sales invoices, check costs and agree to details per despatch
note, master price list and bulk/customer specific discounts.
Input a sample of dummy despatch notes and ensure invoice generated by the
system is accurate.
Chapter 9: Tests of controls
© EWP Go to www.emilewoolfpublishing.com for Q/As, Notes & Study Guides 223
Input a sample of dummy sales invoices, with prices/amounts outside the preset
parameters and with incomplete files to ensure these are rejected by the system.
Review amendment forms for customer details or prices and ensure properly
authorised.
Review print outs of standing data amendments for evidence of review.
Paper F8: Audit and assurance (International)
224 Go to www.emilewoolfpublishing.com for Q/As, Notes & Study Guides © EWP