Beruflich Dokumente
Kultur Dokumente
6.12
Discuss the contention that the control environment is the most important part of
a system of internal controls because it provides the foundation.
The control environment sets the tone of the entity and influences the control consciousness
of its people. People, through their actions, determine the effectiveness of internal controls. If
the control environment does not encourage ethical behaviour and high quality work, the
people within an organisation could fail to implement controls or override them when
performing their duties. Even the best control system is not 100% effective, and all systems
are less effective if the people working with them do not support the systems.
However, all components of an internal control system are important. Having a strong control
environment will not be sufficient by itself to ensure that an organisation is able to achieve its
objectives.
6.15
What sort of risks would an entitys risk assessment process consider? Give some
examples for a retailer. Which of these risks would be relevant to financial
reporting? Explain.
An entitys risk assessment process would consider risks to its achievement of its objectives
at all levels. These would include: risks to revenue through product competition, to attracting
and retaining staff, exchange rate risks, transport interruption risks (both freight and
passenger transport delays affecting staff and customers), climate change risk, financing risk
(obtaining and servicing loans), supply risks, and risks relating to protection of assets from
theft and fraud etc.
A retailer would have a particular focus on the risk of not being able to buy the appropriate
products from reputable suppliers, product quality risks which would lead to sales returns
and/or warranty claims, exposure to exchange rate risks if suppliers are located in other
countries, transport risk affecting imports, competitive risks from other retailers in the same
location or servicing the same type of customer, staff risks relating to attracting and retaining
the right type of staff for all shifts, physical risks including power interruption, shopping
centre building issues, financing risks relating to funding product purchases and paying
expenses prior to receipt of cash from customers, and protection of assets and the integrity of
sales and other transactions in the accounts. The retailer would be interested in identifying
and controlling risks to its ability to operate and achieve its objectives.
All uncontrolled risks for the entity could affect the ability of the entity to survive (i.e. be a
going concern). Therefore, all risks are of interest to the auditor. However, the auditor is most
directly concerned with risks relating to protection of assets and the integrity of transactions
in the accounts. The auditor must consider the risk to the accounts so that the audit can be
planned with appropriate consideration of the risk of material misstatement
6.16
6.17
A client should have processes for monitoring the effectiveness of its internal controls
because circumstances and conditions change over time and controls need to adjust
accordingly. An out-of-date control system may not be able to alert management to new risks,
or control new types of transactions. The monitoring process allows the client to assess the
need for changes to internal controls. As such, the auditor will be interested in the
effectiveness of the monitoring system and whether the clients management are able to be
sure that internal controls remain current and valid. The auditor will also be able to assess the
clients management attitude to internal control systems through evaluation of the monitoring
processes within the client.
6.18 Discuss the role of internal audit in an entitys system of internal controls. Is
internal audit an essential element of a control system? Explain.
Internal audit is a part of an entity with responsibility for assessing the performance of the
entitys control systems and making evaluations of clients activities. Internal auditors
provide information about the functioning of the entitys internal control system, its strengths
and weakness, and make recommendations for improvements, to the entitys management.
Although internal audit departments are usually separate to other functions within the client,
they are not independent of the client.
Not all organisations have an internal audit department. Smaller organisations usually do not
have an internal audit function and many larger organisations outsource the internal audit
function to a third party. However, as organisations become larger, the level of importance
placed by an entity on its internal audit function can be a guide to its overall commitment to
internal control.
6.21
Why dont auditors usually test entity-level controls as part of the audit?
Entity level controls are the collection of the internal control components of control
environment, entitys risk assessment process, the information system, control activities, and
control monitoring (ASA 315/ISA315). The entity level controls exist at an organisational or
entity level rather than at a more detailed transaction level.
The auditor is required to gain an understanding of the entity level controls, but they are not
specifically tested. They are not specifically tested because of the difficulty in trying to do so.
For example, there is rarely audit evidence that a control such as the ethics/tone at the top of
an organisation is in existence and operating effectively, in the same way that there would be
evidence that sales transactions above a specified level must be authorised by the sales
manager. In addition, entity-level controls by themselves are not usually sensitive enough to
prevent or detect and rectify material errors, such as controls over large sales transactions
would prevent an incorrect sales figure entering the system.
6.22 In the sales transaction process, a key control affecting the accuracy assertion for
sales is Credit committee review and approve all applications for credit over $1000.
Explain the impact of this control on the valuation assertion for sales receivable
(debtors).
A control such as Credit committee review and approve all applications for credit over
$1000 will require applications for credit over the specified amount being separately
authorised. This control is related to the accuracy assertion for sales because it prevents sales
transactions being recorded that are incorrectly processed. For example, if a data entry error
is made so that a sale for $500 is incorrectly entered as $5,000, the transaction would not be
accepted until it had been authorised. Because there is a data entry error, the person
responsible for authorising the transaction should notice that it is not for $5,000, but should
be entered as $500. The control also impacts on the valuation assertion for sales receivable
because it would prevent the incorrect sale being entered to the debtors account, and thus
prevent it from being overstated. In addition, if sales are genuinely being made for amounts
over $1,000, the authorising person has a chance to consider if the debtor has capacity to pay
large amounts. Procedures to check the credit-worthiness of debtors is likely to improve the
chances of the amounts being paid by the debtors (because only debtors that can and will pay
their debts are allowed to buy on credit), increasing the likelihood that debtors are valued
correctly.
Workshop questions
5.24
The auditor should inspect all outstanding contracts for supply of inventory to
determine if amounts have been paid in advance and determine if they are recorded
correctly in the accounts.
5.25
5.28
Revenue assertions 1
Required
(a) Does the procedure address the stated assertion? Explain.
(b) If your answer to (a) is no, provide the correct assertion or explain what work would
be required to address the assertion.
(c) Explain what type of evidence is obtained by performing the stated procedure. How
persuasive is it?
(a) The completeness assertion relates to the claim by management that revenue shown in
the profit and loss is a complete record of all revenue earned by the client. If the
auditor tests the revenue that has been recorded in the accounts they are testing the
occurrence assertion that recorded revenue did occur, not the completeness
assertion.
(b) A more appropriate test of the completeness of revenue would be to select a sample of
the delivery dockets or customer orders and trace the details to the revenue account. This
test would detect any orders or deliveries of goods that were not subsequently invoiced to
the customer and recorded as a debit to debtors and credit to sales.
(c) The evidence obtained from the procedure described in the question is documentary
evidence. The sales invoice is internally generated. The customer order is generated by a
third party. The delivery docket that has been authorised by the customer is verified by a
third party. The third party documents are more persuasive than internally generated
documents.
5.34
Gathering evidence
Required
(a) Discuss Susans comment that they have already started the audit. What evidence
have they gathered so far?
(b) Explain what work is being done with the spreadsheets of financial data. Give some
specific examples for this client. How is this type of work relevant to all stages of the
audit?
(c) When Susan is touring the clients premises, she is taking notes of equipment and
furniture items she sees, especially anything that looks either newly purchased or older
and unused. Why might she be doing this? Explain.
(a) Susan has been gathering the following types of evidence:
- Oral: Susan has been holding conversations with staff. During these conversations she
will be discovering how they perform their duties, whether there are staff shortages in
certain areas at various times, how management are communicating their attitudes
towards control systems and profit targets, whether controls are overridden at various
times.
- Physical evidence: Susan has inspected physical assets of the company during her
tours. She can see if assets exist, whether they are being protected, their condition,
how they are used. For example, she can see if construction equipment appears to be
new or well maintained. She can also observe staff performing their duties, both on
the construction sites and in the offices.
- Computational evidence: Susan is calculating ratios and reviewing the trial balance.
She is looking for indicators of problems, such as unusual fluctuations, and whether
the data appear to reflect the state of the business as described by management.
(b) The spreadsheets are reviewed to identify unusual patterns which could indicate
problem areas for further investigation, and to calculate trends and ratios, including
common size statements, to quantify the fluctuations. Susan will use the results of the
analytical procedures to justify increased or decreased focus on specific areas, and the
nature, timing and extent of further procedures.
For example ,for this type of business Susan will be using the data to determine if
profitability is comparable to previous periods and with other similar clients. It will be a
guide to such considerations as to whether revenue recognised on building in progress is
consistent with the progress and cost of the construction?
(c) Observing the assets during the tour provides a starting point for investigating the
assertions of completeness (whether the items she observes are in the accounting
records) and valuation (whether the items appear to be in poor condition, and thus
have impaired values) of PPE. The older items or unused items are more likely to be
obsolete and thus either impaired in value or scrapped from the accounting records.
The newer items are more likely to be of higher value, but could also be not recorded
in the accounting records.