Chapter 7

System & Controls

Chapter 7.

System and controls

1. Introduction
2. How do ICS operates
3. Ascertaining the systems
4. Documenting client systems
5. Testing the system
6. The revenue cycle
7. The purchase cycle
8. The payroll system
9. The inventory system
10. Capital expenditures
11. Bank and cash system
12. Reporting to those charged with governance
Internal Control
The process designed, implemented and
maintained by management to provide
reasonable assurance about the achievement of
an entitys objectives with regard to

Reliability of financial reporting;

Effectiveness of operations;
Compliance with laws.
Components of Internal Control
CE - RP - IS - CA MC

Control Environment (CE)

Entitys Risk Assessment Process (RP)

Information System relevant to Financial

Reporting (IS)

Control Activities (CA)

Monitoring of Controls (MC)

Components of Internal Control
CONTROL ENVIRONMENT

Governance & management function & management philosophy &

operating style.

RISK ASSESSMENT PROCESS

It forms the basis for how management manage business risk relevant to
financial reporting.

INFORMATION SYSTEM

Business process relevant to financial reporting & communication.

CONTROL ACTIVITIES

Policies & procedures design to perform operation of the business.

MONITORING OF CONTROLS

The process of assessing the effectiveness of controls.

Use of Internal Control by Auditors
Auditors shall
assess the adequacy of internal controls used
for the financial reporting &
identify risks of material misstatements,
which will provide him the basis for designing &
performing audit procedures.

Auditors are only concerned with assessing the

policies & procedures which are relevant to
financial reporting.
Ascertaining Internal Control

Enquiries from clients relevant staff

Observing the controls

Tracing transaction through the system

Inspecting documents

Reading procedure manual

Examine previous audit file

Documenting Internal Control

Narrative Notes (NN)

Internal Control Questionnaire (ICQs)

Internal Control Evaluation Questionnaire (ICEQs)

Flow Charts (FC)

Organizational Charts (OC)

Testing Internal Control

Having documented the systems the auditor needs to

assess whether controls are actually implemented and are
effective.

Test of Controls are performed to ensure that the

prescribed controls are implemented and operating
effectively throughout the audit period.
Systems and the Auditor
Types of Auditors Testing

Test of Controls (ToCs)

Test of Controls are designed to evaluate the operating
effectiveness of controls in preventing or detecting and
correcting material misstatements.

Substantive Procedures (SPs)

Substantive Procedures are designed to detect material
misstatement at the assertion level.
Transaction Cycles

Sales

Purchase

Inventory

Payroll

Bank & cash balances

Capital & revenue

COs CAs ToCs
Control Objectives (COs).

The purpose of internal control.

Control Activities (CAs).

Policy and Procedures included in internal control.

Test of Control (ToCs).

Whether or not control objectives achieved, and controls

are operating effectively.
Sales Cycle
Take Order

Document Order Make Order

Raise Dispatch Notes Dispatch Goods

Raise Invoice Account for Invoice

Dispatch invoice Chase Payment

Receive Payment

Record Payment
Purchase Cycle
Raise Requisition Call quotations

Raise Order

Receive Goods Produce Goods

Raise GRN

Receive Invoice Match Invoice with GRN

Record Invoice

Send Payment Record Payment

Inventory Cycle
Goods Received

Receipt Recorded GRNs

Inventory Movement
Controlled & Recorded

GDNs Dispatch Recorded

Goods Dispatched
Payroll Cycle
Attendance Recorded & Entered

Gross Pay, Deduction & Net Pay Calculated

Other Adjustment Made

Final Payroll Prepared & Pay slips

Produced & Approved

Payments to Employees

Payment to Tax Authorities

Recording of Payroll
Cash Cycle
Request for Payment

Approval of Payment Supporting checked

Payment Made

Recorded in Cash Book

Acknowledgement Receipts
COs for Sales
Goods are supplied only to customers who pay promptly
and in full.

Orders are dispatched promptly and in full to the correct

customer.

Only valid sales are recorded.

All sales and related receivables are recorded accurately

& at an appropriate value.

Sales are recorded in the correct accounting period.

Typical ToCs for Sales
Test of Control for Sales

Observe and evaluate whether proper segregation of duties is operating.

Test a sample of sales invoices for authorized sales order form & shipping docs.

Examine application of controls for approval. Occurrence & Existence

Review & test entitys procedures for numerical sequences of invoices.

Review entitys procedures for sending out monthly statements and dealing with
customer queries.

Review entitys procedures for granting credit to customers.

Examine a sample of sales orders for evidence of proper credit approval by the
appropriate senior staff member.

Review all new customer files to ensure satisfactory credit reference have been
obtained.

Compare prices & terms on a sample of sales invoices to the authorized price list.
Typical ToCs for Sales - continued
Test of Control for sales

Review & test entitys procedures for accounting for numerical sequences of invoices.

Trace a sample of shipping documents to the sales invoices and ledger.

Review a sample of reconciliations performed.

Completeness
Inspect the open-order file for unfilled orders.

Vouch recorded sales to supporting documents.

Accuracy
Compare dates on sales invoices with dates of correspondence shipping
documentation.
Cut Off
Compare dates on sales invoices with dates recorded in the sales ledger.

Review sales ledger for proper classification.

Classification
Examine a sample of sales invoices for proper classification.

Test application controls for proper codes.

COs for Purchase
All purchases are properly authorized to ensure only
necessary goods are procured

All purchases are made from approved suppliers.

Allpurchases and related payables are recorded

accurately and at an appropriate value.

Purchases are recorded in the correct accounting period..

Typical ToCs for Purchases
Test of Control for Purchases

Inspect policies & procedures and inquire about them.

Observe & evaluate segregation of duties. Occurrence & Existence

Examine a sample of orders to ensure they are appropriately

authorized.

Review the delegated list of authority for purchases.

For a sample of orders, examine the Goods Receipt Notes (GRN) &
match it to the order.

Observe receipt of goods by staff to confirm whether the check is

done.

Inspect a sample to confirm whether stores staff undertakes this

check.

Examine supporting documentation for a sample of invoices.

Typical ToCs for Purchases - continued
Test of Control for purchases

Examine supporting documentation for a sample of invoices.

Review entitys procedures for accounting for pre-numbered
documents.
Completeness
Examine application controls.
Examine documentation for evidence of this check.
Right & Obligation
Examine supporting documentation for a sample of invoices.

Examine supporting documentation for a sample of invoices.

Recalculate the mathematical accuracy of a sample of suppliers
invoices. Accuracy Classification & Valuation
Review reconciliations for evidence of this check.
Review purchases journal and general ledger for reasonableness.
Compare dates on reports to dates on relevant vouchers. Cut Off

Compare voucher dates with recording dates in purchase journal.

COs for Inventory
Inventory levels meet the production requirements and
customer demand.

Inventory levels are not excessive, preventing

obsolescence and unnecessary storage costs.

Inventory is safeguarded from theft, loss or damage.

Inventory movements are recorded on a timely basis.

All inventory items are recorded.

Typical ToCs for Inventory
Test of Control for Inventory

Review documentation in use. Occurrence & Existence

Review a sample of reconciliations to confirm they are performed and
then reviewed by an independent person.

Observe and evaluate proper segregation of duties.

Review security systems in place (e.g. locked warehouse, CCTV etc).

Review policies and procedures in place; discuss procedures with

relevant staff.

Review procedures for counting inventory.

Attend inventory count.

Typical ToCs for Inventory - continued
Test of Control for Inventory

Review entitys procedures relating to consignment inventory.

Review reconciliations performed and whether reviewed by
independent person. Completeness
Right & Obligation
Review entitys procedures relating to consignment inventory.

Review and test entitys procedures for taking physical inventory.

Review and test entitys procedures for developing standard costs.
Inspect variance reports produced. Accuracy Classification & Valuation

Discuss with inventory managers how this is done.

Observe the procedures being performed.

Inspect documentation to confirm daily processing. Cut Off

Review reconciliations performed.
Review entitys procedures and documentation used to classify
inventory.
Presentation & Disclosure
Review entitys working papers for evidence.
COs for Payroll
Only genuine employees are paid.

Employees are only paid for work done.

Employees are paid at authorized rates of pay.

Gross pay is calculated and recorded accurately.

Net pay is calculated and recorded accurately.

Correct amounts owed are recorded & paid to the tax

authorities.
Typical ToCs for Payroll
Test of Control for Payroll

Observe and evaluate proper segregation of duties.

Review a sample of starters and leavers in the year to ensure correct
documentation is in place. Occurrence & Existence
Review and test authorization procedures in place.
Review policies and procedures in place for charging status and
consider whether adequate.
Review personnel files for a sample of employees whose status
changed in the year.
Observe employees use of time clock.
Inspect a sample of clock cards for evidence of approval by
appropriate level managers.
Review and test procedures for entering and removing employee
numbers from the payroll master file.
Review budgeting procedures.
Typical ToCs for Payroll - continued
Test of Control for Payroll

Review numerical sequence of clock cards.

Completeness
Observe and evaluate proper segregation of duties.

Recalculate benefits and deductions for a sample of employees.

Review budgeting procedures. Accuracy Classification & Valuation

Inspect documentation for evidence of managements review.

Review reconciliation before and after reports to payroll master file.
Review reconciliation payroll master file to general ledger.
Confirm whether discrepancies are followed-up promptly and resolved.
Review entitys procedures for reporting changes to the payroll department.
Check sample of starters and leavers. Cut Off
Review chart of accounts.
Review procedures for classifying payroll costs. Presentation & Disclosure

Review budgeting procedures.

COs for Cash
Petty case levels are kept to minimum, preventing theft.

Payments can only be made for legitimate business

expenses.

Cash is safeguarded.

Receipts are banked on a timely basis.

Cash movements are recorded on a timely basis.

Communicating Deficiencies in Internal control
Auditors main responsibility is to report on financial statements however, auditors
are encouraged to report deficiencies, if any, in internal controls relevant to financial
reporting.

Deficiencies shall be reported in a DES-R manner:

Deficiency Effect Suggestion Response

Deficiency = Deficiency found by auditor in internal controls.

Effect = Potential effect of the deficiency.
Suggestion = Auditor Suggestion to overcome the deficiency.
Response = Management actual or proposed response for correction.