Uol Aa Notes (l6 l10) .May2021
Uol Aa Notes (l6 l10) .May2021
Uol Aa Notes (l6 l10) .May2021
Learning objectives
Audit sampling is one method auditors use to gather evidence to reach an opinion on
financial statements. When auditors select transactions, documents, accounts balances
for testing they take a sample, using audit sampling as a technique.
The two concepts are related: when auditors assess significance of errors or
misstatements in sample, they are putting into operation concept of materiality.
What is sampling?
Auditors wish to be reasonably certain that audit conclusions are soundly based at
reasonable cost. Audit sampling is used to achieve both aims and auditors select a
sample from a population
The objective of sampling: ‘to provide a reasonable basis for the auditor to draw
conclusions about the population from which the sample is selected’ (ISA 530).
AY 2020-2021 Page | 1
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
Statistical sampling
Auditors use statistical and mathematical models to calculate sample size and select
the samples. For sample to be representative, there must be homogeneity in the
population.
Sample can only be truly representative if it is taken from the whole population.
a) Random sampling
This method tries to ensure that each item in the population has the same chance of
selection as any other item
AY 2020-2021 Page | 2
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
When testing company’s internal controls auditors use attribute sampling, in which
there are two responses to a test:
– yes the control has been applied correctly, or
– no the control has not been applied.
When testing account balances, auditors are concerned with determining if balance is
correctly stated.
The greater expected error/deviation rate, the greater sample size must be to conclude
that actual error rate is less than tolerable error rate.
Tolerable deviation rate: when testing controls this is maximum deviation rate in the
sample auditors are willing to accept and still conclude initial evaluation of control
risk is valid.
Tolerable error when testing amounts is related to materiality level set by auditors.
The lower the tolerable error rate, the greater sample size.
AY 2020-2021 Page | 3
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
First stage: determine number of errors in sample. Auditor must define error or
deviation.
Next stage: auditors estimate on basis of sample results, at given level of confidence,
upper error rate in population – known as ‘projecting errors’.
Auditors use reliability factor relevant to number of errors in sample to assess upper
error rate at a certain confidence level.
If upper error rate is 2.14% at 80% confidence level, auditor can state with 80%
degree of confidence there will be no more than just over two errors out of every 100
items in population.
MUS: sampling method that allows auditors to estimate amount of most likely error
(MLE) and likely upper error limit (UEL) in monetary terms.
Auditors specify confidence level and tolerable error. Using confidence level,
tolerable error and estimate of likely error, AND statistical sampling tables, determine
appropriate sample size.
Using sample results auditors calculate MLE and, at confidence level used, the UEL.
If UEL less than tolerable error, auditors can accept.
If UEL more than tolerable error, auditors may adjust UEL for errors found to
determine if that reduces UEL to below the tolerable error.
If UEL remains above tolerable error, auditors should carry out additional procedures,
such as extending detailed testing or performing alternative audit procedures.
AY 2020-2021 Page | 4
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
Disadvantages include:
More time consuming and costly than non-statistical sampling.
Documents must be separately identified for selection.
Statistical sampling is more difficult to understand, but specialized computer
statistical sampling packages may get round this problem.
Statistical sampling only significant use is in specialized audit situations such as audit
of banks or insurance companies.
Modern day auditing uses risk-based auditing which places greater emphasis on
analytical review and the investigation of large or unusual items detected using audit
software.
Financial statements do not give a true and fair view when misstatements are
significant or material.
Materiality and size (Amount) are related but we will see later that factors other than
size may be important.
At outset of audit – particularly during planning, auditors have to decide what level of
error or misstatement could occur in the financial statements before an investor’s
decision would be influenced.
AY 2020-2021 Page | 5
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
Materiality level and amount of evidence auditors need are related – lower the
materiality level the greater quantity of evidence that auditors must acquire – and the
greater the cost.
Most common profit figure is profit before tax or profit before tax from continuing
operations. (most users look at profit figure when making decision)
Materiality levels may be set for other figures, such as total assets and net assets.
Auditors often calculate materiality levels on a number of different criteria and then
decide on appropriate materiality levels for different aspects of the audit.
Auditors should give same emphasis to under- and overstatements type of error.
Auditors set materiality levels at planning stage in context of audit risk: consider
material individual items.
Auditors assess general risks and component risk, assigning materiality, depending
on:
– Importance of heading
– Nature
– Auditors’ past experience
– Trend in a/c balance.
AY 2020-2021 Page | 6
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
Audit firm may decrease materiality if inherent or control risk high, thereby
influencing nature and scope of work.
Audit firms may reduce materiality level when arriving at tolerable level to be prudent
or because of evidence from other tests.
Auditors may change views on materiality level for account balances if significant
changes in figures or as a result of audit evidence.
Auditors calculate and evaluate the effect not only of misstatements found but of
misstatements not discovered.
Auditors extrapolate from test results. Closer value of misstatements found to set
materiality level, more likely sum of detected and undetected misstatements will
exceed materiality. May extend tests.
Audit committee should also receive from the auditors a list of the misstatements
found during audit and corrected by management.
AY 2020-2021 Page | 7
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
For clients who are required to comply with the UK Corporate Governance Code,
auditors have to identify their overall materiality level and how they have applied the
materiality concept in planning and performing the audit. This is a fairly recent
innovation and it will interesting to see how it operates in practice and what effect it
has on users perceptions of the value of the audit.
AY 2020-2021 Page | 8
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
Q6.1)
Consider the following statements and explain why they may be true or false:
a) Statistical sampling methods do not require auditors to exercise judgement.
b) Tolerable error is the amount of error auditors expect to find in an account
balance.
c) Monetary unit sampling is a form of statistical sampling that enables auditors
to estimate both the most likely monetary error in an account balance and the
upper error limit.
d) Auditors only use the concept of materiality at the final stage of an audit when
considering whether the financial statements give a true and fair view.
e) The most important factor influencing the materiality of an item in the
financial statements is its monetary value.
f) When setting a materiality level for the financial statements an important
factor influencing the auditors’ decision is likely to be the company’s profit
for the year.
Required:
a) List three situations where the auditors would be unlikely to use audit
sampling techniques.
b) Explain what you understand by the following terms:
i) Attribute sampling;
ii) Monetary unit sampling.
c) Describe the factors which auditors would consider when determining the size
of a sample.
d) Describe to what extent statistical sampling enhances the quality of audit
evidence.
a)
Three situations when the auditor would be unlikely to use sampling techniques are:
(i) When the population is very small it is practical for the auditor to examine all
the items in the population. It may also be more cost effective. This is because
the time it may take the auditor to design and implement a sampling strategy
may outweigh the additional time they spend checking all the items rather than
a sample.
(ii) When individual transactions or balances are material they will usually be
automatically tested by the auditor as a matter of course and therefore not be
subject to audit sampling techniques.
AY 2020-2021 Page | 9
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
(iii) Where the company's records are held in such a way that it is impossible to
identify the population, it may be more convenient and cost-effective for the
auditor to use alternative audit procedures to verify the account balance or
transactions.
(iv) Where items are specifically identified as high risk, they may all be checked.
An example would be the items included in a computer generated exception or
error report.
(v) Where auditors have obtained evidence to suggest that some form of fraud
may be occurring, they may carry out a complete check of specific types of
transactions or balances where they believe the fraud may be taking place
rather than checking a sample of those transactions or balances.
bi)
Attribute sampling is commonly applied in compliance testing where the auditor is
testing whether a company's control procedures are implemented properly. From the
sample selected auditors are concerned with identifying whether for each item in the
sample the control has been applied or not. Thus the auditors are essentially
concerned with identifying two attributes relating to the control procedures; YES! -
the control has been applied, or NO! - the control has not been applied. In applying
attribute sampling to internal control procedures the auditor's objective is to determine
the likely error/deviation rate and upper error/deviation rate in the population.
From these two figures the auditors can decide whether the amount of confidence they
have in the control being tested is justified or whether they need to revise their
estimate of control risk. Attribute sampling can also be used to estimate likely error in
account balances and indeed the statistical foundation of it forms the basis of
monetary unit sampling.
bii)
Monetary unit sampling is used to provide the auditor with an estimate of the most
likely and upper error limit in monetary terms which may exist in an account balance.
The auditor can then compare the upper error limit with the tolerable error and decide
on an appropriate course of action. This course of action will depend on whether the
upper error limit is less than or in excess of the tolerable error. The auditor may also
be influenced by how close the upper error limit is to the tolerable error.
c)
The factors auditors consider when determining the size of a sample are:
- The expected error rate or amount in the population. This would depend
among other things on the effectiveness of the internal control system, the
results from other related audit tests and the auditor's results relating to testing
this internal control in the previous year's audit.
- The confidence level used by the auditor. This would depend on the auditors'
assessment of inherent and control risk over the internal control or account
balance being tested, the degree of assurance the auditor has gained from other
audit tests of the same (or related) internal controls or account balances, and
AY 2020-2021 Page | 10
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
the materiality of the account balance or the importance of the internal control
being tested
- If the population is stratified this would also influence the sample size.
Normally stratification results in a smaller sample sizes.
d)
Although the question does not state what is meant by 'enhance' it is probably safe to
presume that it means quality or reliability of the evidence has been improved. In a
question of this sort students should attempt to give a balanced answer including,
where appropriate, both arguments for and against the proposition that using statistical
sampling will enhance the quality of audit evidence.
It may be argued that the use of probability theory and the requirement that the
auditor specifies their confidence level, expected error level and so on enhances audit
evidence. The use of random selection methods does reduce the possibility of bias in
determining the sample and this is likely to increase the reliability of the audit
evidence.
In addition, it may be argued that quantification of the results of the sample enhances
the audit evidence. The use of a systematic and statistically based method is also
likely to improve the consistency with which audit sampling is conducted.
It must be reiterated, however, that the results of the sample and hence the evidence
obtained will be influenced by the auditor's judgement in relation to the aspects
mentioned above. Thus, if the auditors' judgement of these aspects is faulty the use of
a statistical sampling method will not of itself compensate for the inappropriate
judgement.
It has been suggested that in non-statistical or judgmental sampling the auditor can
use their instinct in determining the size of the sample and sample selection and this
can be more effective in identifying errors and misstatements and hence producing
reliable evidence than mechanically applying statistical sampling methods.
Finally it should be mentioned that statistical sampling only enables the quantification
of sampling risk. Like other audit testing it does not control for non-sampling risk.
Thus, if the statistical sampling tests are poorly conducted by audit staff they will not
produce reliable audit evidence. It may also be considered that the very fact of
quantifying sampling risk may obscure the existence of non-sampling risk. As with
other audit tests, non-sampling risk can be reduced by the audit firm instigating good
training and review procedures.
AY 2020-2021 Page | 11
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
Q6.3)
During the audit of Level Ltd for the year ended 31 March 2015, your audit tests
reveal that trade receivables include £30 000 for a customer who went into liquidity
shortly before the end of the financial year. Leven’s profits for the year amount to
£190 000 and receivables shown in the balance sheet are stated at £585 000. The
directors do not wish to reduce the stated profits to £160 000 and the receivables to
£555 000 and suggest that accounts will still give a true and fair view if the notes to
the accounts explain that the debtor has gone in to liquidation and that no amount is
expected to be received from the liquidator. Do you agree? What would you say to the
directors?
The case of Leven Ltd gives a chance to consider the principle that disclosure of
circumstances in the notes to the accounts may not be enough to cause the accounts to
give a true and fair view.
What the directors are proposing needs further appraisal. Are they really suggesting
that: (a) The profit and loss account and balance sheet figures are not true and fair in
themselves; but that (b) If readers take information in the notes to the accounts and
makes the necessary adjustments themselves, they will have been given all the
information necessary to make proper decisions and that, therefore, the accounts taken
as a whole will give a true and fair view?
It seems unlikely that a rational person would agree with them. The amount in
question (£30,000) is clearly material, at more than 15% of stated income and more
than 5% of stated trade receivables/debtors. In these circumstances the auditor would
have to explain that an adjustment to the financial statements should be made if a
modification of the audit opinion is to be avoided.
Q6.4)
Roberts and Dwyer (1998) appear to suggest that auditors should disclose the level of
materiality they have used when conducting the audit. Given that this is now a
requirement for companies that are required to follow the UK Corporate Governance
Code, can you suggest and reason why auditors may be unwilling to follow this
suggestion for all companies they audit?
The reasons why auditors might be unwilling to disclose the level of materiality they
have used include:
a) They might believe it would give some insight into their audit process. For
instance, employees of the company might recognise that a particular area in
the company is unlikely to come under the scrutiny of the auditors because its
monetary value falls below the materiality level. This might provide the
opportunity for employees to commit fraud with less chance of detection.
b) Auditors might want to resist the notion that they use one figure as an
indication of the level of materiality. Auditors might regard one figure as too
crude for what they do in practice, where they may use different materiality
AY 2020-2021 Page | 12
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
levels for different account items and which may involve different levels of
risk.
c) The giving of a figure for materiality might suggest that auditing can be
reduced to one figure. This, it might be argued, ignores all the qualitative
factors auditors might use when determining if a particular item is material.
e) Auditors might be concerned that if the figure for materiality is disclosed and
the auditor is sued for negligence, the courts might attach great importance to
the figure which might be to the detriment of the auditors. For instance, if
there was an error in the accounts for an amount in excess of the disclosed
materiality level, the courts would rightly ask why the auditors did not detect
an error of a magnitude which the auditors themselves considered material.
Q6.5)
Outline what you believe the term non-sampling risk means and give some examples
of what you consider to be a non-sampling risk.
Non-sampling risk is any risk arising from sampling other than that attributable to
sampling risk.
Sampling risk is that risk arising from the inherent nature of the statistical techniques
used in the sampling process. For instance, when we state something with 95%
confidence, this means that there is a 5% chance that our conclusions are incorrect.
Thus, sampling risk is essentially an outcome of the fact that we have tested a sample
rather than the population and that the sample may not be representative of the
population.
Non-sampling risk, therefore, tends to be risk that originates from the auditor.
Examples of non-sampling risk include:
- The auditor incorrectly defining the population.
- The auditor misapplying the statistical sampling technique.
- The auditor failing to perform audit tests that are consistent with the audit
objectives set for the test.
AY 2020-2021 Page | 13
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
- The auditor failing to recognise that an error has occurred when they have
examined a document or some other piece of evidence; or, conversely,
concluding that the document contains an error when it doesn’t.
Q6.6)
Give some examples of qualitative characteristics an auditor might take into account
when deciding if a particular item in the financial statement is materially misstated.
The qualitative characteristics an auditor might take into account when deciding if a
particular item is materially misstated include:
a) The requirement that the item is specifically required to be disclosed by
company law, for instance, directors’ remuneration.
b) Where the misstated item has arisen because of some fraudulent or illegal
activity.
c) The nature of the item; for instance, if the cash figure is misstated this may be
seen as more serious that a misstatement of the deferred tax figure.
d) The number of times similar errors or misstatements have arisen either in the
current or past audits.
e) Whether the misstatement affects the balance sheet or profit and loss account,
or both.
f) The nature of the misstatement, for instance, the inappropriate disclosure of an
accounting policy.
g) Where the item is related to the misclassification of an item in the financial
statements.
Q6.7)
ISA 320 Materiality in Planning and Performing an Audit provides guidance on the
concept of materiality in planning and performing an audit. Define materiality and
determine how the level of materiality is assessed.
In assessing the level of materiality there are a number of areas that should be
considered.
Firstly the auditor must consider both the amount (quantity) and the nature (quality)
of any misstatements, or a combination of both. The quantity of the misstatement
refers to the relative size of it and the quality refers to an amount that might be low in
value but due to its prominence could influence the user’s decision, for example,
directors’ transactions.
AY 2020-2021 Page | 14
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
In assessing materiality the auditor must consider that a number of errors each with a
low value may when aggregated amount to a material misstatement.
In calculating materiality the auditor should also consider setting the performance
materiality level. This is the amount set by the auditor, it is below materiality, and is
used for particular transactions, account balances and disclosures.
As per ISA 320 materiality is often calculated using benchmarks such as 5% of profit
before tax or 1% of total assets. These values are useful as a starting point for
assessing materiality.
Explain why auditors may need to reassess materiality as the audit progresses.
It may be that during the audit, the auditor becomes aware of a matter which impacts
on the auditor’s understanding of the client’s business and which leads the auditor to
believe that the initial assessment of materiality was inappropriate and must be
revised. For example, the actual results of the audit client may turn out to be quite
different to the forecast results on which the initial level of materiality was based.
Or, a change in the client’s circumstances may occur during the audit, for example, a
decision to dispose of a major part of the business. This again would cause the auditor
to consider if the previously determined level of materiality were still appropriate.
AY 2020-2021 Page | 15
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
The initial calculation of materiality for the Jovi Group was based on the client’s
listed status, and therefore on an assumption of it being high risk. It is therefore
important that any events, such as those explained above, are taken into account in
assessing a new level of materiality for this client to ensure that sufficient appropriate
evidence is obtained to support the audit opinion.
a)
(i) In the context of ISA 530 Audit Sampling and Other Means of Testing,
explain and provide examples of the terms ‘sampling risk’ and ‘non-sampling’
risk. (4 marks)
(ii) Briefly explain how sampling and non-sampling risk can be controlled by the
audit firm. (2 marks)
b)
Tam Co, is owned and managed by two brothers with equal shareholdings. The
company specialises in the sale of expensive motor vehicles. Annual revenue is in the
region of $70,000,000 and the company requires an audit under local legislation.
About 500 cars are sold each year, with an average value of $140,000, although the
range of values is from $130,000 to $160,000. Invoices are completed manually with
one director signing all invoices to confirm the sales value is correct. All accounting
and financial statement preparation is carried out by the directors. A recent expansion
of the company’s showroom was financed by a bank loan, repayable over the next
five years.
The audit manager is starting to plan the audit of Tam Co. The audit senior and audit
junior assigned to the audit are helping the manager as a training exercise.
Comments are being made about how to select a sample of sales invoices for testing.
Audit procedures are needed to ensure that the managing director has signed them and
then to trace details into the sales day book and sales ledger.
‘How about selecting a sample using statistical sampling techniques’ adds the audit
senior.
‘Why waste time obtaining a sample?’ asks the audit junior. He adds ‘taking a random
sample of invoices by reviewing the invoice file and manually choosing a few
important invoices will be much quicker.’
AY 2020-2021 Page | 16
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
Required:
Briefly explain each of the sample selection methods suggested by the audit manager,
audit senior and audit junior, and discuss whether or not they are appropriate for
obtaining a representative sample of sales invoices. (9 marks)
a)
Sampling risk
Sampling risk is the possibility that the auditor’s conclusion, based on a sample, may
be different from the conclusion reached if the entire population were subjected to the
audit procedure.
The auditor may conclude from the results of testing that either material
misstatements exist, when they do not, or that material misstatements do not exist
when in fact they do.
Sampling risk is controlled by the audit firm ensuring that it is using a valid method of
selecting items from a population and/or by increasing the sample size.
Non-sampling risk
Non-sampling risk arises from any factor that causes an auditor to reach an incorrect
conclusion that is not related to the size of the sample.
b)
The audit manager suggests checking all invoices, effectively ignoring any statistical
sampling; in other words this is not statistical sampling. Audit tests will be applied to
all of the sales invoices. This approach may be appropriate for the audit of Tam
because:
– The population is relatively small and it is likely to be quicker to test all the
items than spend time constructing a sample.
– All the transactions are not large but could be considered material in their own
right, e.g. compared to project. As all the transactions are material, then they
all need to be tested.
The audit senior suggests using statistical sampling. This will mean selecting a limited
number of sales invoices from the population using probability theory ensuring a
random selection of the sample and then applying audit tests to those invoices only.
This approach may be appropriate because:
– The population consists of similar items (i.e. it is homogeneous) and there are
no indications of the control system failing or changing during the year. There
AY 2020-2021 Page | 17
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
is the query about how long it will take to determine and produce a sample,
which may make statistical sampling inappropriate in this situation.
The audit junior suggests using ‘random’ sampling, which the junior auditor appears
to understand as manually choosing which invoices to look at. The approach therefore
involves an element of bias and is not statistical or true ‘random’ sampling.
END OF LECTURE 6
AY 2020-2021 Page | 18
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
Learning objectives
a) To explain the important of audit planning and the planning documents that
the auditor produces at the end of the planning exercise
b) To define audit risk and suggest why risk-based approaches have become
more important in recent years.
c) To identify the components of audit risk and give practical explanatory
examples.
d) To identify risk in a number of practical scenarios and show how auditors
approach risk.
e) To define business risk, show how business risk approaches differ from audit
risk approaches and whether relevant to the audit of companies of all sizes.
f) To show how enhanced expectations of corporate governance have increased
business risk.
g) To explain why business risk approaches by auditors may widen the audit
expectations gap.
h) To explain why judgement is a vital aspect of accounting and auditing.
i) To make the distinction between judgement and technical compliance with
accounting standards.
j) To explain the relationship between audit judgement and audit risk.
k) To suggest what it is that enables successful audit judgements to be made.
‘The objective of the auditor is to plan the audit so that it will be performed in an
effective manner.’
b) Helping the auditor identify and resolve potential problems on a timely basis
c) Helping the auditor properly organize and manage the audit engagement so that
it is performed in an effective and efficient manner
AY 2020-2021 Page | 19
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
Two documents - The Audit Strategy and the detailed Audit Plan
The audit strategy sets the scope, timing and direction of the audit, and guides the
development of the more detailed audit plan.
AY 2020-2021 Page | 20
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
An audit plan converts the audit strategy into a more detailed plan and includes the
nature, timing and extent of audit procedures to be performed by engagement team
members in order to obtain sufficient appropriate audit evidence to reduce audit risk
to an acceptably low level.
Auditor must obtain reasonable assurance financial statements are free from material
misstatement – obtaining sufficient appropriate evidence reduces audit risk.
AY 2020-2021 Page | 21
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
Auditors do not just look at audit risk (AR), they also look at business risk (BR).
(Auditor addresses both business risk and audit risk)
Business risk – risk that could adversely affect entity’s ability to achieve its
objectives – could affect audit risk
Components of Audit Risk & Business Risk (Taken from GMC, Chap 5 pg 175)
AY 2020-2021 Page | 22
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
Audit risk (AR) = Inherent risk (IR) x Control Risk (CR) x Detection Risk (DR)
Inherent risk – susceptibility of assertion to material misstatement, assuming no
related controls
Control risk – risk material misstatement could occur that internal control will not
prevent, detect and correct on a timely basis
AY 2020-2021 Page | 23
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
Definitions:
Healy and Wahlen (1999): ‘Earnings management occurs when managers use
judgement in financial reporting and in structuring transactions to alter financial
reports to either mislead some stakeholders about the underlying economic
performance of the company or to influence contractual outcomes that depend on
reported accounting numbers.’
Income smoothing may be defined as measures that serve to reduce fluctuations in the
earnings of an entity’. It can range from good business methods through short-term
measures that affect earnings, which are not necessarily in the long-term interests of
the entity, to fraudulent reporting.
Examples of short-term measures not in long term interests of entity – cutting R&D or
cutting maintenance expenditure.
Remuneration of key people within the entity often tied to reported earnings. Income
smoothing avoids swings in remuneration.
To influence decisions by external investors and analysts. E.g. it might also be used to
influence the entity’s share price.
AY 2020-2021 Page | 24
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
Approaches to business risk and inherent risk both use ‘top-down’ approach initially –
entity considered in entirety
Decide steps necessary to prevent company achieving objectives or, in auditors’ case,
perform procedures to ensure financial statements give a true and fair view of results
and financial position.
Factors that increase inherent risk, such as management inexperience and lack of
skills, may make it less likely that business objectives will be obtained.
Factors increasing control risk, e.g. poor control environment, may inhibit achieving
business objectives.
Analysis of business risk and inherent risk helps auditors design work to prove
financial statements give a true and fair view. Both kinds of analysis give auditors a
better understanding of the entity and its operations.
Auditors consider inherent risks in relation to impact they may have on financial
statements
Business risk approach considers risks that inhibit the company in achieving its
objectives. Many company objectives have little or only an indirect bearing on the
financial statements.
While factors that fail to reduce impact of inherent risk may also fail to reduce impact
of business risk, business and audit objectives are so dissimilar that the factors cannot
be regarded as creating a similarity.
Impact that a business risk approach might have on the audit process
Improves basic audit of financial statements and makes less likely erroneous
conclusions will be reached.
AY 2020-2021 Page | 25
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
Expands potential for giving assurance to management beyond traditional audit and
‘adds value’ to audit from client perspective.
Better understanding of client’s business and its risks will reduce audit firm’s own
‘business risk’ – sometimes referred to as ‘engagement risk’.
The business risk approach and smaller clients and smaller audit firms
Business risk approach needs wide variety of expertise within firm to identify
business risks and allow dialogue on equal terms with experts in client company.
Therefore, most of us will think that business risk approach most appropriate in the
audit of large multinational companies by the Big 4 audit firms?
But business risk approach is about attitude of mind on auditor’s part – involving
acquiring knowledge about business rationale.
Small audit client does not usually have wide expertise and therefore, smaller audit
firms may usefully discuss business risks with management as an aid to them. This
means that firms other than large firms might be able to use business risk approach.
This business risk approach is a “wider” approach and therefore may be more
expensive, but benefits could exceed costs. So we conclude that it is still useful for
small companies audit.
ISA 520:
Analytical procedures: ‘evaluations of financial information through analysis of
plausible relationships among both financial and non-financial data. Analytical
procedures also encompass such investigation as is necessary of identified
fluctuations or relationships that are inconsistent with other relevant information or
that differ from expected values by a significant amount.’
(Note: Textbooks sometimes use the term Analytical review or Analytical review
procedures)
AY 2020-2021 Page | 26
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
The auditor should apply analytical procedures as risk assessment procedures and in
the overall review at the end of the audit. (it means the use of analytical procedures in
these 2 stages of the audit is compulsory, you got to use!)
They can also be used as a source of substantive audit evidence when their use is
more effective or efficient than tests of details in reducing detection risk for specific
financial statement assertions. (the use of analytical procedures as a substantive
procedure is not compulsory, you can choose not to use)
Aid in reducing overall audit risk and in particular reducing detection risk.
Used at several points in the audit process. (It can be use in 3 different stages of the
audit)
The relationship between audit judgement and risk is direct, as it is exercised in the
context of risk.
In forming judgements, auditor makes initial risk assessments and then modifies them
on basis of controls in existence and of the validity of figures in the accounting
records. Any assessment of risk involves judgement.
AY 2020-2021 Page | 27
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
AY 2020-2021 Page | 28
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
Sets scene for relationship between management and auditor – prevents subsequent
disagreements.
AY 2020-2021 Page | 29
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
Q7.1)
The audit firm consists of a collection of individuals with varying degrees of
experience and expertise. Briefly describe the role that individual staff members play
in achieving audit objectives.
1) The Engagement Partner (who has overall responsibility for the assignment)
3) Other audit staff, including people with varying degrees of experience – the
senior in charge who will be present throughout the assignment - and staff
with less experience such as semi-senior or junior staff whose work will be
closely supervised.
4) Other professional staff with special skills, including IT and tax experts, who
will be used at particular points of the audit work.
Apart from members of the Engagement Team, there are other individuals and
functions that play a role in achieving audit objectives. These include:
4) Others in the Audit Firm’s chain of command, including those at the top of the
firm who are responsible for the Firm’s Control Environment. It is important
to note that the activities of the firm must be organised to produce the
professional service when it is required. It is quite likely, for instance, that
there will be a partner in charge of the computer/IT services and of the
taxation services. In preparing the audit plan, approaches will have to be made
to the specialist services to ensure that their staff will be available when
required. It will also be desirable that the person in charge of the typing
services is aware of deadlines and other reporting requirements (for instance,
complicated diagrams and layouts) on a timely basis.
AY 2020-2021 Page | 30
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
Q7.2)
What are the main practical differences between the audit risk approach and the
business risk approach to auditing?
There is a very different approach to audit risk and business risk as can be seen from
their definitions:
Audit risk - the risk that auditors may give an inappropriate audit opinion on financial
statements.
Business risk - the risk that the entity will fail to achieve its objectives.
Clearly, audit risk involves an approach from the auditors' point of view, while the
business risk approach looks at risk from the company or businessman perspective. Of
course, both approaches do have, as an important end, an expression of opinion on the
financial statements of the company.
The protagonists of the business risk approach spend a lot of partner and manager
time (the most expensive time) finding out about the company, often going into areas
that only have an indirect relevance to the financial statements, but which may
nevertheless have a bearing in the medium or long term and even in the short term.
Auditors using this approach will look at company objectives such as increasing
market share and we concluded that this objective might have an impact on the going
concern status of the company. Similarly, a company objective of increasing customer
satisfaction might well have a bearing on the financial statements as customers will be
more likely to pay and to purchase company products in the future. A concern for the
environment may well avoid costly court cases by persons alleging personal damage,
or avoid fines by government for infringement of laws protecting the environment.
So both approaches will include the important audit objective of giving an opinion on
the financial statements. The business risk approach is however likely to give the
audit firm the chance of earning additional income by the provision of advice and
assurance services to management. The audit risk approach does involve the auditor
in expensive fact finding too and often inherent risk and business risk cannot be easily
differentiated.
However the audit risk approach does tend to concentrate on the financial statements.
We must remember that the financial statements only give one view of the company.
There are many other views that the business risk approach might uncover.
Q7.3)
‘It is very easy to apply the audit risk model. All you have to do is to multiply figures
together to determine the amount of testing you have to do.’ Discuss this statement.
If only this were true, but it is not. You will remember that the formula is expressed as
follows:
Audit risk (AR) = Inherent risk (IR) x Control Risk (CR) x Detection Risk (DR)
AY 2020-2021 Page | 31
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
The problem with formulas is that they tend to give a spurious sense of accuracy
whereas it is clear that a considerable amount of judgement is involved in its
application. Thus:
- Audit risk (AR). The auditors have to decide what level of risk they can live with,
that is, what is tolerable to them. This clearly is a matter of judgement as to what is
material (see earlier lecture on this topic) in relation to the financial statements.
If auditors have got all these judgmental decisions right they can apply the formula
and calculate the desired level of detection risk - which they can then translate into a
desired level of tests of detail.
We might mention that the business risk approach tends not to assess inherent risk and
control risk separately, but nonetheless judgement is involved.
Q7.4)
Explain to your assistant what is meant by audit judgement and give examples of its
application. How certain can you be that your judgement has produced the right
answer?
You might like to explain what is meant by audit judgment to your assistant in more
simple terms. The main point is that there is usually much uncertainty surrounding
human activity so that we are all having to make judgments all the time in our daily
lives.
For instance, do I trust this person when he says he will pay back the £10 he wishes to
borrow until next Friday? The same is true in business life and auditors are
continually having to make judgements about the actions of management, controls in
force and figures in the financial statements.
Some things are easy and do not involve much judgement, if any. For instance, IAS
11 and FRS 102 allows profits on uncompleted Construction (long-term) contracts to
be reflected in the profits of this year. There is no argument about this and therefore
no exercise of judgement. Where judgement does have to be exercised is on the
AMOUNT of profit that you can take up.
AY 2020-2021 Page | 32
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
This contract is only 10% complete - is this too soon to judge whether any profit can
be taken up? This contract is running late. What is the likelihood that penalty clauses
will be invoked, thereby reducing expected profit and affecting the amount of profit
that can be taken up.
There are many other examples: This inventory is unsold at the year-end. Will it be
sold above cost? This debtor outstanding at the balance sheet date has not paid at the
time of the audit. What is the likelihood that he will pay? The company says this item
of plant has a twenty- year life. I have to judge that management's assertion is valid.
Why 20 years? Why not 15 or 25 years?
You should also say to your assistant, however, that judgment is not exercised in a
vacuum. The auditors may have a lot of information to help them make judgments.
For instance, in the case of the debtor, a review of the account shows that this debtor,
though slow-paying has always paid the balance outstanding in the past. Regarding
the inventory, the auditor might look at how well the inventory has moved in the past
in order to form a view about the movements in the future,
Finally, you can say to your assistant that the exercise of judgement becomes easier as
experience is gained. In the meantime you will help him or her to make the necessary
judgements and explain why they have been made.
Q7.5)
Discuss the major factors that might influence managers in engaging in earnings
management. Consider audit procedures that might be appropriate where earnings
management might be expected.
AY 2020-2021 Page | 33
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
We can regard (a) above as plainly wrong, (b) as sharp practice, using the
opportunities within GAAP for showing a desired outcome, (ci) is clearly an
acceptable practice but (cii) are short-term measures that may have an unfortunate
long-term effect.
AY 2020-2021 Page | 34
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
Recent political developments have caused the company greater uncertainty since
most customers are based overseas and there has been some anti-British feeling on
continental Europe. While the fall in the value of sterling now makes the bikes much
cheaper to these overseas customers, the cost of the company’s supplies will go up.
FastTrack has 6 engineers/mechanics who build the bikes and test the machines, 2
general labourers and one accounts clerk who handles all the records and transactions.
Control over the operations takes the form of the CEO and major shareholder, Mr
Bossi, taking a keen interest in arrangements and records. He will often do spot-
checks and at random question the accounts clerk about even the most trivial items.
More recently, Mr Bossi has been distracted by his attempts to find other business
ventures in case the worst happens and FastTrack fails. He is also thinking about
selling the business brand and intellectual property to a foreign competitor – though
he has not told the staff that since they would almost certainly lose their jobs.
He is concerned about the fact that the rising bank overdraft has called for the annual
accounts to be made available as soon as possible after the year-end. He in turn has
called you to ask what you can do to save his company and the jobs of the employees.
Required:
a) Identify audit risk factors in the above scenario and anything that would
make you feel uneasy about the situation. (15 marks)
There were some fairly obvious circumstances in the scenario set out. The better
candidates were able to identify all or most of them and the very good answers gave
brief explanations of why each was considered a potential problem. Weaker answers
simply stated, for instance, that the fact that the company had an overdraft was a
problem. Generally, a list of bullet points is never going to be sufficient to obtain
good marks and candidates are encouraged to fill out their answers with pertinent
discussion, provided they do not exceed the time allocated. Some of the specific
factors would include the fact that the product is very specialised in a niche market
meaning that it is likely to be more precarious than a more general product market.
AY 2020-2021 Page | 35
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
The Government pays course providers in stages over the period of study for each
level of the qualification. Typically, 25% at the start of the course, 25% after three
months and the remaining 50% on the successful completion of the course. Students
not studying under the apprenticeship scheme must either pay full fees in advance or
pay monthly over the study period. Discounts are provided for fees paid in full at the
start of the program.
BPL has experienced an increase in student numbers over the past 12 months
following the closure of one of its competitors. In order to service this increase, BPL
recruited two new members of staff during the year, both of whom are experienced
trainers and required high salaries as a result.
BPL now has 25 members of staff, 10 of these are administration and support staff
with the remaining being lecturers and management, of which a third are part time.
The accounts department consists of one financial controller and two accounts
administrators.
The financial controller is part ACCA qualified and joined BPL in May 2016; the
accounts administrators also joined during the year and are both AAT trainees. BPL’s
payroll is outsourced to a local bookkeeper.
Your firm has audited BPL for the past three years but this is the first year you have
been involved. Previous audits have all resulted in unmodified audit reports although
there was an emphasis of matter included in the audit report to the year ended 31st
December 2015 due to uncertainty over BPL’s cash flow.
Required:
a) State the inherent risks associated with this audit and how the audit team
should respond to these risks. (15 marks)
Very good answers to part (a) included coverage of both the risks and the auditors'
response to the risks. However, many answers concentrated on only the risks and,
therefore, marks were lost unnecessarily.
Well-prepared candidates understand the audit process so that they know what to look
out for and how to respond to the problem. For example, the fact that candidates can
be enrolled but not pay full fees up-front poses the problem of non-payment of fees.
Auditors could respond to this by examining past drop-out rates which might give an
indication of the amount needed to allow for bad debts.
AY 2020-2021 Page | 36
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
The closure of a competitor may seem to be an advantage for the client, but it could
also be an indicator of trouble ahead - maybe market demand for this sort of education
is in general decline. The auditors would need to do more investigating to find out the
factors behind the closure.
With respect to the hiring of highly-paid lecturers, some candidates suggested that the
auditors challenge management about these high salaries, while others suggested that
the auditors sit in on lectures to see if these new recruits were really worth the money;
these are examples of auditing candidates themselves falling into the expectation gap
since such operational questions are outside the remit of the financial statement audit.
AY 2020-2021 Page | 37
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
Established in 1965, Sparkle Hotel Ltd is a country hotel offering luxury facilities on
a large country estate. Fred Frodden, a ruthless businessman who, despite being aged
76, is the CEO and majority shareholder. Fred does not like to have his ideas
challenged and is known for his bullying attitude towards his staff. The current chief
accountant, Bob Nobles, was appointed 6 months ago. He is the fourth chief
accountant in three years. Bob is engaged to Fred’s granddaughter.
The operations director is Fred’s son, William, who owns 25% of the company’s
shares and is due to replace Fred on his retirement. William is an excellent manager
with exceptional people skills. He is always on site though he will openly admit he
does not have a head for numbers and relies on Bob for advice.
The accounting system uses a small network of desktop computers with an old
version of a popular accounting package. Bob is in sole charge of the accounting
function. He has two assistants who are part-time, part-qualified accounting
technicians with no recent training.
When a guest arrives, a reception record is entered onto the computer so that the room
and any other services the guest uses are charged to the room. William, who often
mans the reception after 6pm at weekends, prefers to write out manual records for the
receptionist to enter onto the computer system on a Monday morning.
The restaurant and bar are staffed by casual (zero-hours contract) workers whom the
restaurant manager pays in cash each week. Details of payments to staff are recorded
in a payroll book and passed to the accounting department for processing. The
restaurant customer/guest paying the bill is required to sign a paper slip which
includes name and room number (if applicable), total expenditure and whether paid in
cash or charged to the room. The accounts office enters these details onto the
computer system every morning.
The financial statements for the year ended 31st March 2016 showed a fall in turnover
for the third consecutive year and post-year end bookings continue to fall.
Nevertheless the company reports a healthy profit margin. Salaries and wages are the
most significant expense in the financial statements and have remained at a constant
level over the years. Fred is unconcerned; he draws a modest salary, receives no
dividends but still affords cruises and a new car every year.
Required:
a) Write a memo identifying the audit risks posed by Sparkle Hotel Ltd and
your suggested responses to these risks. (15 marks)
Weaker candidates often ignored the instruction to produce the answer in the form of
a memorandum. This is not a big issue but the one or two marks that were available
for presentation were needlessly sacrificed.
AY 2020-2021 Page | 38
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
Better prepared candidates set out their answers neatly and in correct form.
In the body of the answer, generally candidates were able to identify the weaknesses
or factors that would cause auditors some concern – the bullying attitude of the chief
executive, the rapid turnover of senior staff and the lack of tighter controls on
transactions. Surprisingly few candidates mentioned that the continuing decline in
revenues might cause some concern for the long-term viability of the business.
Perhaps the most common reason for lower marks on this part of the question was the
failure to suggest appropriate audit responses to the identified weaknesses. Candidates
were expected to do more than say simply ‘do more substantive tests’; better
candidates suggested specific tests that could be performed – for example, a detailed
review of the bank statements to look for unusual transactions and being alert for
unusual expenses or invoices while carrying out audit work. A frank discussion with
the chief executive about the funding of his lifestyle might be necessary as will a
consideration of the auditor’s ability to continue with the audit engagement, if the
discussion does not allay their concerns.
Some answers showed some naiveté in failing to appreciate that a common feature of
smaller family businesses is that members of the family are involved in senior
positions. The suggestion that more outsiders should be brought in would not be
realistic in this setting. Similarly, the idea that the owner should be made to sell his
shares is as impractical as it is wrong.
END OF LECTURE 7
AY 2020-2021 Page | 39
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
Learning objectives
a) Explain why the audit evidence search is a central concept of auditing.
b) Identify the stages of the audit process and show that evidence has to be
collected in different ways at each stage.
c) Explain the relationship between audit evidence and audit risk.
d) Show there are different grades of audit evidence and that evidence may be
upgraded or downgraded.
e) Explain the relationship between audit evidence and the application of audit
judgement.
f) Show to what extent the evidence-gathering process might be affected by a
decision by the auditor to rely on the directors and the control environment
they have introduced.
g) Form conclusions on the basis of evidence available in selected scenarios.
h) Explain the difference between an audit, a limited assurance engagement, a
compilation engagement and an engagement involving agreed upon
procedures, and suggest how the evidence-gathering process may differ
between them.
AY 2020-2021 Page | 40
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
ISA 500 Audit Evidence – Need to obtain sufficient appropriate audit evidence
Sufficiency and appropriateness related – the higher the quality (appropriate), the less
may be required (sufficient).
Example: If your friend tells you that he got S$10 m in his OCBC bank account. Is his
words reliable evidence?
AY 2020-2021 Page | 41
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
3. Audit evidence obtained directly by the auditor more reliable than evidence
obtained indirectly or by inference.
8. Evidence about future particularly difficult to obtain and less reliable than
evidence about past events.
AY 2020-2021 Page | 42
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
What is relevant?
Example: The auditor would want to audit the assertion of existence of a motor
vehicle. He asked the client to show him the original invoice from the car supplier
Honda Ltd. Is this a relevant evidence to audit existence? If not, what evidence should
the auditor gets in order to audit the assertion of existence?
Assertions about classes of transactions and events for period under audit
i. Occurrence – transactions and events that have been recorded have occurred
and pertain to the entity (It happened, its genuine, its real)
ii. Completeness – all transactions and events that should have been recorded
have been recorded – (whatever need to be in is already in, did not miss out
any)
iii. Accuracy – amounts and other data relating to recorded transactions and
events have been recorded appropriately – (the amount is right, it is accurate)
iv. Cut-off – transactions and events have been recorded in the correct accounting
period – (this will indirectly linked to accuracy, if the transaction is recorded
in the wrong accounting period, then the amount recorded will not be accurate
too)
v. Classification – transactions and events have been properly classified in the
financial statements (eg. long term non-current items we put under current,
that is wrong classification)
vi. Presentation & disclosure – transactions and events have been properly
presented and disclosed in the financial statements
Assertions about account balances at the period end (as at period end)
i. Existence – assets, liabilities, and equity interests (It exist, its genuine, its real)
ii. Completeness – all assets, liabilities and equity interests that should have been
recorded have been recorded – (whatever need to be in is already in, did not
miss out any)
iii. Valuation and allocation – assets, liabilities, and equity interests are included
in the financial statements at appropriate amounts and any resulting valuation
or allocation adjustments are appropriately recorded – Accurate
iv. Rights and obligations – the entity holds or controls the rights to assets, and
liabilities are the obligations of the entity – (ownership, belongs to the
company)
v. Presentation & disclosure – transactions and events have been properly
presented and disclosed in the financial statements
AY 2020-2021 Page | 43
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
Table 1
Assertions Occurrence:
about classes of transactions and events that have been recorded or disclosed have
transactions occurred and pertain to the entity.
and events and Completeness:
related all transactions and events that should have been recorded have
disclosures been recorded and all related disclosures that should have been
included in the financial statements have been included.
O Cut-off:
transactions and events have been recorded in the correct accounting
C period.
C Classification:
C transactions and events have been recorded in the proper accounts.
A Accuracy:
amounts and other data relating to recorded transactions and events
P have been recorded appropriately, and related disclosures have been
appropriately measured and described.
Presentation:
Transactions and events are appropriately aggregated or
disaggregated and are clearly described, and related disclosures are
relevant and understandable in the context of the requirements of the
applicable financial reporting framework.
Table 2
Assertions Completeness:
about account all assets, liabilities and equity interests that should have been
balances and recorded have been recorded and all related disclosures that should
related have been included in the financial statements have been included.
disclosures at Obligations and rights:
the period-end the entity holds or controls the rights to assets, and liabilities
are the obligations of the entity.
C Valuation and allocation:
O assets, liabilities, and equity interests are included in the financial
V statements at appropriate amounts and any resulting valuation or
E allocation adjustments are appropriately recorded and related
P disclosures have been appropriately measured and described.
Existence:
assets, liabilities, and equity interests exist.
Presentation:
Assets, liabilities and equity instruments are appropriately aggregated
or disaggregated and are clearly described, and related disclosures are
relevant and understandable in the context of the requirements of the
applicable financial reporting framework.
AY 2020-2021 Page | 44
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
Assertion: All trade receivables shown in the financial statements are collectable
Audit objective: To prove within reason that all trade receivables shown in the
financial statements are collectable
Suggested audit step to prove collectability: Test amounts received from credit
customers after the year-end
If auditors form good impression of management, evidence from them may be relied
on by auditor to greater extent.
Close involvement of audit team with management may reveal lack of integrity –
reason for withdrawing from engagement.
A basic idea of agency theory is principals cannot trust managers to use resources
properly. But, auditors cannot start with presumption that management lack integrity.
A major issue is that business risk approach brings auditor close to management and
independence may be threatened
Protagonists of business risk approach suggest audit failures are not because auditors
fail to perform tests of detail, but because they missed clear indicators of impending
catastrophe.
AY 2020-2021 Page | 45
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
The stages of the audit process and evidential requirements at each stage
Generally, we can break down the entire audit process into 3 broad stages:
2) the testing (include both control testing and substantive testing) stage; and
3) the completion (also known as the final review or overall review) stage.
The following 4 diagrams depicts the different stages of the audit process and for each
stage, we can see the evidence gathering procedures and process, with the
corresponding purposes or objectives.
AY 2020-2021 Page | 46
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
AY 2020-2021 Page | 47
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
AY 2020-2021 Page | 48
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
AY 2020-2021 Page | 49
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
Beside audit services, audit firms also provide other assurance or non-assurance
services. Examples:
Find out what accounting principles and practices are common in entity’s industry.
Get general understanding of business, the risks facing it, nature of the transactions,
accounting principles used, and the presentation and content of the financial
statements. Generally review the financial statements using limited analytical
procedures and discuss critically with management.
Obtain letter from management saying they have been given all the books and records
and other information pertinent to the preparation of the financial statements.
Not full audit; accountant aims to obtain limited assurance financial statements
comply with legislation and accounting standards. Evidence-gathering procedures
include:
– Determine accounting principles and practices in industry.
– Get good understanding of business, how organized, operating characteristics,
risks facing it and related controls, nature of transactions, assets and
liabilities – goes further than compilation engagement work but very few
detailed tests.
– Analytical procedures to identify relationships between figures appearing
unusual and discuss with management. May advise management on
appropriate adjustments to financial statements.
– Letter of representation from management confirming significant oral
representations by management during review.
– At completion of review read financial statements to ascertain appear to
conform to requirements of Companies Act and accounting standards.
AY 2020-2021 Page | 50
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
Agreed procedures would require the accountant to seek evidence the items subject to
the agreed procedures have been stated appropriately.
What are the advantages and disadvantages for an audit firm to provide non-
audit service to their audit clients?
Advantages:
Disadvantages:
AY 2020-2021 Page | 51
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
Q8.1)
Below is a list of sources of audit evidence:
(i) The chief accountant, who is a member of CIMA, explains why inventory
levels are higher at the end than at the beginning of the year.
(ii) A storeman in the main store explaining how the store control system
operates.
(iii) An invoice from a supplier of electricity.
(iv) A trainee accountant, presently studying for professional accounting
examinations, explaining the reason why telephone charges were lower this
year than last.
(v) A letter to the auditor from a lawyer confirming that, as far as he is aware,
there are no legal matters of material significance.
(vi) A confirmation from a credit customer agreeing that a balance in the books of
the entity is correct.
(vii) A calculation of tax charge and liability made by the auditor.
(viii) Inventory count sheets, the count having been observed by the auditor.
(ix) The company’s order book, showing orders received from customers. This
book is required for company planning purposes.
(x) Estimates of useful life of newly acquired plant, made by the production
director.
Required:
Suggest which sources may be regarded as reliable, explaining why this is so, and
how you might upgrade (corroborate) the evidence, if required?
i)
The chief accountant is a well-informed officer of the company. For this reason,
evidence emanating from him or her is good evidence. However, he or she is internal
to the organisation and the auditor would seek corroborative evidence that the
statement is acceptable. For instance, if the auditor finds that sales forecasts indicate a
higher level of sales in the coming year than in the year just ended, this might help to
prove the chief accountant's statement.
ii)
The storeman is again internal to the organisation and his statements should perhaps
be viewed with caution. However, such officials are frequently a very useful source of
evidence as they may be very well informed about a small segment of the company's
activities and may, indeed, be much better informed about them than the chief
accountant. For instance, the chief accountant may believe that inventory control
officials check physical inventory against inventory records at regular intervals,
whereas the storeman knows that this is not the case. On the other hand, it must be
said that often people in organisations are not aware of the whole picture so that care
must be taken in evaluating statements made by them. For instance, inventory control
officials may carry out inventory counts at night when the storeman is not on duty. It
would therefore be necessary to corroborate the statements made by the storeman.
AY 2020-2021 Page | 52
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
iii)
An invoice from a supplier of electricity is a document in the hands of the company
emanating from a third party. It may be regarded as a particularly reliable document
for the following reasons: – Electricity invoices are normally issued at regular
intervals during the year and can be easily compared with previous electricity
invoices, although there is a possibility that they may be forged. – The electricity
usage will be metered and meter readings can easily be tested by the auditor.
Electricity charges may be corroborated in general terms by assessing general levels
of activity.
iv)
Invoices of the Telephone Company will support the telephone charges and these
invoices are as reliable as the electricity invoice referred to above. The explanations
for the charges being lower this year depends upon whether they appear reasonable in
the light of what the auditor knows about the company. For instance, if company sales
are much lower because of a downturn in economic activity, telephone charges may
be lower if they are correlated to sales. Analytical review of activity levels could thus
help to corroborate telephone charges. Your view of the trainee accountant's ability
may also affect the credence given to his statements.
v)
The letter from the lawyer would be regarded as good evidence in itself because it
comes from an independent professional person and has been sent direct to the
auditor. The main problem for the auditor is identifying which legal advisors the
company had used. In particularly difficult cases involving perhaps complex legal
matters, the auditor might wish to corroborate the opinions of the company's legal
advisor(s) by seeking a second opinion.
vi)
The letter from the debtor is also good evidence, coming as it does from an
independent third party direct to the auditor. We would be inclined to regard it as less
reliable than that from the lawyer, however, for the reasons outlined in the text.
Confirmations from credit customers would not normally be the sole evidence sought
by the auditor in confirming trade receivables balances and sales invoices. Other
corroborative evidence would include other supporting evidence like subsequent cash
collection of the debt.
vii)
Most qualified auditors will have knowledge of taxation, although it is an area in
which one may get rapidly out of date. Assuming that the auditor is a tax expert or has
called upon expert help from within the audit firm, the computation of tax charge and
liability would be reliable evidence for the auditor, especially if the computation is
checked by others within the firm. Although the computation has been made by the
auditor, it would be necessary to ensure that management was in agreement with it.
AY 2020-2021 Page | 53
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
viii)
Inventory count sheets are prepared as a result of a physical count carried out by
company staff. If the system that the company has established to control the inventory
count is good and the auditor's observation has confirmed that the count has been
properly carried out, the inventory count sheets may be regarded as good evidence,
particularly if supported by the auditors own count sheets (that would serve to
corroborate the company's figures). Remember that inventory count sheets prepared
by the company are internal documents and may therefore be subject to manipulation.
ix)
The company requires the order book for its own planning purposes and in the normal
course of business. Such evidence is better than evidence prepared on an ad hoc basis
and may be used by the auditor for testing such matters as the saleability of inventory.
Provided that the auditor can corroborate its accuracy by reference to correspondence
from customers, salesmen’s' records etc., the order book may be good evidence.
x)
The estimate of useful life is a more difficult matter as it relates to the future and the
future is notoriously cloudy. In itself the estimate by the production director is poor
quality evidence, but it may be upgraded on the basis of past experience,
manufacturer's specifications, experience of others in the industry and so on.
Remember also that, within the company, the production director may be the best
qualified to estimate the useful lives of production plant. The auditor should certainly
discuss the matter with him or her.
Q8.2)
Explain the meaning of the following terms:
(i) Interim examination.
(ii) Final examination.
(iii) Inconsistent audit evidence.
(iv) Systems-based evidence.
(v) Third-party evidence.
(vi) Persuasive evidence.
i)
The term 'interim examination' is used for that part of the audit carried out prior to the
year-end. Normally, the interim will be used to review and test the operation of
systems and to test the accuracy and completeness of the recording of transactions and
balances. The results of this work and the conclusions drawn therefore will be used
during the final examination in planning and in supporting conclusions on the final
work. In the case of large assignments, there may be more than one interim
examination, and indeed for very large engagements, auditors may be present in the
company and its various locations throughout the year.
AY 2020-2021 Page | 54
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
ii)
‘Final examination' is the term given to the work on the financial statements after the
year-end. Note that in the case of small assignments, the systems, transaction testing
and work on the final financial statements are likely all to be carried out in the same
period.
iii)
'Inconsistent audit evidence' is evidence that does not support other evidence, thereby
downgrading it and rendering it of less value. It may reveal that the auditor has
initially formed a view that is not sustainable. For instance, let us assume that you are
auditing a roofing company, which makes provision for customer claims on the basis
of 3% of turnover per annum. The auditors may have satisfied themselves that 3% is
adequate on the basis of past experience, but a recent article in the trade press has
suggested that rate of claims is likely to rise because of problems in the use of new
materials. In this case the reliability of evidence based on past experience would be
reduced because it is inconsistent with more up-to-date evidence.
iv)
'Systems-based evidence' is evidence that has been produced or influenced in some
way by the accounting and control system in use by the company. For instance, a
supplier's invoice which has been checked by company officials and stamped to
indicate agreement with purchase order and goods received note has been checked by
the system. A sound system of control tends to make such evidence more reliable.
v)
'Third party evidence' is evidence emanating from persons or organisations external to
the company and therefore possesses the important quality of independence. It is
usual to distinguish between third party evidence coming from: - Professional people
such as lawyers or other accountants - Non-professional people such as customers and
suppliers - Third party evidence coming direct to the auditor such as a letter from a
bank manager confirming a bank balance, and third party evidence in the hands of the
company, such as the suppliers invoice referred to above. On the whole third party
evidence is reliable as far as the auditor is concerned.
vi)
The use of the term ‘persuasive’ in relation to audit evidence indicates that often
(normally) the evidence collected by the auditor is not conclusive. For instance, if the
auditor checks 10 items of inventory on hand with the inventory count sheets and
finds that the sheets are correct in each case, this may well persuade the auditor that
the inventory count is being properly conducted and that the inventory sheets are
reliable. Auditors would, however, be very unwise to draw the conclusion that the
inventory count was 100% correct on the basis of their test. They may of course
obtain sufficient confidence on the basis of the persuasiveness of the evidence in the
context of tolerable error.
AY 2020-2021 Page | 55
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
Q8.3)
An important objective of the business risk approach is to make the audit more
profitable by cutting down on the amount of evidence obtained by substantive tests of
detail. Discuss.
It is undoubtedly true that the audit will be less costly if audit effort is reduced.
Whether it will make the audit more profitable may be doubtful as detailed tests of
detail are normally performed by less costly staff, whereas the business risk approach
involves much greater expenditure of time by senior staff such as partners and
managers.
However, the protagonists of the business risk approach suggest that it will make the
audit more effective because intensive investigation of business risks and the quality
of management will make it more likely that audit effort will be directed to the high
risk areas.
This may involve tests of detail but the argument is that few audit failures occur as a
result of insufficient tests of detail but because warning signs of critical matters such
as lack of liquidity or unsaleability of goods are ignored or not detected because of
unimaginative auditing and failure to use such obvious tests as analytical review in a
sufficiently effective way.
That is not to say that tests of detail are useless. We don't know all the facts behind
the WorldCom debacle but extended testing of capital and maintenance expenditure
might well have detected that the capital/revenue decision was being incorrectly
made.
On the other hand, in view of the magnitude of the figures an outsider might well
wonder why analytical review comparing current year with prior year did not discover
that something strange was going on. It is of course worth mentioning that additional
assurance work by the auditor on behalf of management as a spin-off of the business
approach, may well mean that the total profitability from the relationship with the
company may be enhanced.
Q8.4)
You are the engagement partner of an audit assignment with an entity specializing in
the provision of information technology services and software. At the beginning of
the financial year the company entered into a contract with the government of China
and you have been discussing the implications of the contract, including the
investment in necessary new technology and amounts receivable from the Chinese
government. What evidence would you look for to satisfy yourself that business risks
have been considered and that the company has taken reasonable steps to reduce the
risks? Would this work be useful in ascertaining that management is competent and
trustworthy? Assume this is not a new client.
AY 2020-2021 Page | 56
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
As this is not a new client, the auditor should already be well informed about the
abilities of management. You will appreciate, however, that finding out about the
integrity of management, and how skilled they are, is no easy matter and it is not done
in a single meeting at the beginning of the audit but over a period of time, perhaps
even over a period of years.
However, in this particular case management is entering new territory and the auditor
would want to be satisfied that they are aware of the business risks and to ascertain
what steps they have taken to minimise these risks. The following are the kinds of
thing that the auditor should consider:
- Has the company the expertise, both technically and legally to handle a
contract of this kind?
- What steps have management taken to ensure that they can finance the new
business? In particular, have they ascertained when payment for the services
and goods provided will be made?
- Has the company discussed the implications of the contract with persons in
their own country, knowledgeable about conditions in China?
- Has management obtained legal advice on the contract and have they
ascertained under which laws the contract is enforceable.
- Has the company employed people with the necessary linguistic skills and
with a good knowledge of the Chinese cultural and business scene.
No doubt there are many other matters that would need to be taken into account, but if
the auditors discover that management have considered all relevant matters and that
the answers to questions such as those set out above can be answered positively, then
they will have gone a long way to satisfying themselves that management is
competent.
You may feel that the auditor's task is a difficult one and we would agree, but it can
also be most interesting and rewarding. We think you will agree that forming a view
on the integrity and competence of management is vital. The members of the
management team, both individually and as a group are a vitally important source of
audit evidence. These are the people who are running the company and they are,
AY 2020-2021 Page | 57
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
therefore, very well informed about the company, the risks it faces and the controls in
place. The problem for the auditor is that they are not independent of the company; in
fact their success is closely bound up with the company. This means that the auditor
has to take steps to corroborate evidence coming from management to increase its
reliability.
Another important step would be to make a record of any important matters discussed
with management and any significant decisions made or conclusions formed, together
with the evidence to justify those conclusions. We suggested that written evidence
would be superior to oral evidence, whether it is on paper or kept in electronic form
by the auditor.
Q8.5)
Explain how a review engagement differs from an audit engagement. Explain why a
report on a review engagement might be useful to the person requesting that the
engagement be carried out.
The basic difference between a review engagement and an audit is that the latter
requires auditors to collect enough appropriate evidence to satisfy themselves that the
financial statements give a true and fair view of what they purport to show. A review
engagement on the other hand does not have the same evidential requirements as the
report contains a disclaimer to the effect that a full audit opinion is not being given.
Thus, it would be unlikely that a review engagement would require the auditor to
attend inventory counts or to seek confirmation of balances from customers and
suppliers - unless of course the review engagement were to be extended to an agreed
upon procedures engagement.
AY 2020-2021 Page | 58
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
- At the completion of the review, read the financial statements to ascertain that
they appear to conform to the requirements of the Companies Acts and
accounting standards.
The important point is that the review is being carried out by a professional person
and that person is giving a report on the information prepared. That means that the
reader will assume that the information has been looked at by a professional person
and will assume that it can be relied on to some extent.
Reviews can be requested instead of a full audit where, for instance, the information
will be included in group accounts although it may not be significant enough to be
material in the group context. Reviews might also be requested by people extending
finance to the company. The assurance given is lower than for a full audit but can still
carry some weight for the reasons indicated.
Q8.6)
Audit evidence is required to be both sufficient and appropriate. Explain what is
meant by this statement giving appropriate examples.
Evidence gathered has to be sufficient (that is, enough has been collected) and
appropriate to enable the auditor to form conclusions about the assertions made by
management. Appropriateness includes both reliability and relevance.
Thus, let us assume that the auditor is trying to conclude that the trade receivables
figure represents balances that are collectible. What would be relevant evidence in
this respect? Well we suggest that you might look at the company's system for
checking credit worthiness. If this system is sound it will go some way to persuade the
auditor that the trade receivables are collectable - in other words this evidence will be
relevant. Similarly, if you were to examine receipts after the balance sheet date from
customers and to look at the ageing statement showing those customers that are
overdue and for how long and those which are not overdue. Again this is very relevant
evidence to proving collectability.
Now think about reliability - after date receipts from customers would be very reliable
evidence. The ageing statement might not be particularly reliable if it were prepared
by the person in charge of the trade receivables ledger, but if it were prepared by an
independent person or were produced by computer and reviewed by the chief
accountant, it would be much more reliable.
The final question is that of sufficiency. How many of the trade receivables balances
would you test. How many of the credit worthiness records would you test? The
answer is of course: "It depends." The amount of detailed testing we would perform
could be restricted if the controls in force were adequate to reduce the impact of
inherent risk to acceptable proportions. If we had concluded that credit worthiness
checks were adequate we might take a batch (say) of 50 sales order forms and
ascertain that every one of them had been signed by a responsible official in the credit
AY 2020-2021 Page | 59
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
No doubt you can come up with other procedures, but the principle is clear – audit
evidence must be sufficient, reliable and relevant.
This is very much an open ended option and it is not possible to prescribe exactly how
an answer should be formulated. You should be able to draw on your knowledge of
the theory of auditing and your understanding of the auditing standards.
Discussions of audit risk and materiality also featured in the best essays in 2013. The
need to exercise competent and independent judgement with a degree of professional
scepticism would merit discussion if the essay were to achieve the top marks. Finally,
some elaboration on sampling of evidence and discussion of compliance and
substantive tests would be relevant.
What the weaker essays tended to do was to recite lists of types of evidence along
with appropriate uses of each type. While these may have been technically correct,
unless the candidate attempted to mould that material to answer this particular
question it is unlikely that they would have received more than a 2:2 mark at best.
Identify the various stages in the audit process, describe the main issues which
auditors address at each stage and comment upon the interrelationship between the
various stages.
AY 2020-2021 Page | 60
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
5. testing compliance
6. performing substantive tests
7. reviewing the results of all the tests
8. deciding on the form of audit report and other various opinions.
Most of the candidates who did attempt this question made a reasonable attempt at
discussing these stages in the process but what they nearly all lacked was a coherent
explanation of the links between each stage. For example, how the results of the
compliance tests will determine the nature and extent of the substantive tests and how
reviewing the results off all the tests will then lead on to the auditors making
judgements about the final audit opinion.
What this question illustrated quite starkly is that it is one thing to have the technical
knowledge of the subject area but quite another thing to be able to apply that
knowledge to answer the particular question set. Only a few of the very best scripts
were able to address each of the three components in the question: identifying the
stages in the audit process, describing what auditors do in that stage and explaining
how the stages relate to one another. It is vitally important that you learn to read the
question carefully and make every effort to answer each part.
END OF LECTURE 8
AY 2020-2021 Page | 61
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
Learning objectives
a) To explain the significance of the layers of regulation and control.
b) To define internal control and explain the significance of the control
environment and related components, and accounting and quality
assurance/control systems.
c) To explain the nature and role of systems development/maintenance controls
and describe the main features of general controls.
d) To explain the nature and role of application controls and describe the main
features of these controls.
e) To distinguish between general and application controls.
f) To explain how the auditor records systems in use.
Main interest at interim is to determine accounting records are genuine, accurate and
complete. If accounting and control systems good, and general control environment
satisfactory, more likely accounting records will be reliable.
Effectiveness of accounting and control systems closely related to control risk – has a
bearing on extent of substantive procedures.
AY 2020-2021 Page | 62
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
AY 2020-2021 Page | 63
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
Controls are to prevent, detect or correct events that the entity does not wish to
happen.
Internal control: The process designed, implemented and maintained by those charged
with governance (TCWG), management and other personnel to provide reasonable
assurance about the achievement of an entity’s objectives with regard to reliability of
financial reporting, effectiveness and efficiency of operations, and compliance with
applicable laws and regulations. (ISA 315, para 4).
Business risk approaches may result in reduced tests of controls and substantive tests
of detail; more reliance on effectiveness of control environment and analytical
evidence.
Auditors are becoming more selective in detailed work they perform, concentrating
on systems critical to their ability to form an opinion.
Important part of control environment is effective internal audit function and quality
standards group, if one exists.
Control environment sets the tone of the organization. It includes the attitude, actions
and awareness (3As) of management and those in charge of corporate governance
(TCWG) towards control and how they view the importance of controls
AY 2020-2021 Page | 64
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
– Commitment to competence
– Participation by TCWG
– Organizational structure
Entities should consider likelihood of business risks crystallizing and the significance
of the consequent financial impact on the business.
Once this has been done suitable controls should be introduced to reduce risks to
acceptable level.
3) Information system
Relevant and timely information about internal activities and external factors
essential if an entity is to be successful – including Key Performance Indicators
(KPIs).
4) Control activities
These include:
a) Authorization
b) Performance reviews,
AY 2020-2021 Page | 65
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
d) Physical controls
e) Segregation of duties
5) Monitoring of controls
Basic task is to assess the performance of controls and their adequacy and relevance
over time.
Going back to the earlier textbook GMC Chapter 7, Figure 7.1, we now look into the
second part of the internal environment which is the accounting and quality assurance
(QA) system.
What is the difference between the accounting systems and internal control system?
Users of financial information primarily concerned with the information derived from
the accounting systems and its reliability.
General controls are controls over the environment in which entity operates. Their
roles are to ensure that applications are trouble free and prevent, detect or correct
events that management do not wish to happen.
AY 2020-2021 Page | 66
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
3. Testing at each stage before permission is given to proceed to the next stage.
AY 2020-2021 Page | 67
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
B) Organisational Controls
4. Management of data – e.g. way data collected, prepared and enters system.
Quality assurance
Developed software to meet user needs: reliability, ease of use, efficient in use, easy
maintenance, clarity/completeness of system documentation, effective staff.
AY 2020-2021 Page | 68
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
If work together – collude – to defeat the object of the control, it is as if the control
does not exist.
If A keeps inventory and B is required to count and compare it with inventory records
= important control to safeguard assets. If A misappropriates inventory and B in
cahoots states there were no differences between physical and book inventories =
collusion.
Collusion is one reason fraud so often difficult to detect. Looks as though proper
segregation of duties but ineffective where two people act as one.
Controls include:
Master file copies in secure location outside computer room.
Master files identified internally and by external labelling.
Master files to be updated by persons not connected with the execution or processing
of transactions, using secured passwords.
2) Human errors
AY 2020-2021 Page | 69
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
Application controls
Application controls are applied at the data capture/input stage; processing stage; and
output stage. Commonly known as input, process and output controls.
We will cover general computerised accounting system first with input controls,
processing controls and lastly output controls.
At the end of this lecture, we will cover some special controls related to database and
e-commerce.
1) Input controls
Boundary controls are controls over user and system interface: cryptographic controls
(encryption technique); plastic cards for identification; PINs; digital signatures;
passwords; firewalls; and initiation of information/audit trail.
Input controls in place before data passes interface: design of source documentation;
design of product, customer and other codes; check digits; sequence checking; limit or
reasonableness tests; one-for-one checking; and batch controls.
Input data verified as soon as possible after entry. Two useful controls: exception
reports and sound warnings of invalid data entry.
For example, a sales clerk receives a telephone order from a customer who asks for a
delivery of 100 units of a product, at a price of $5 per unit. What is particularly risky
about this transaction? (what can go wrong?)
Then now we think of what application controls would be appropriate to reduce the
risks to an acceptable level?
AY 2020-2021 Page | 70
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
Features of password:
Degrees of access (different level of access)
Use of alphanumeric digits
Avoid passwords identified with person using
Regular/frequent changes
Shutdown of terminals if keyed in incorrect for say, 3 times.
Firewalls
Firewall – system controlling access between internet and entity network.
Intranets allow easy transfer of data between parts of the system.
Extranets – networks expanded to people and organizations outside the organization –
may be more vulnerable to outside threats.
2) Process controls
Other process controls include overflow control (insufficient memory), and controls
to ensure that the right version of the programme is used to process the transactions.
3) Output controls
Two purposes of output controls: (1) outputs are genuine, accurate and complete; (2)
outputs are distributed to those who requested or need them.
Access controls, batch control and rapid correction of errors make genuine, accurate
and complete outputs more likely.
The exception report is a special kind of output, important in the context of control.
Users of output data and information should be trained to review the output for any
obvious errors.
AY 2020-2021 Page | 71
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
Prime advantage – provide the same data to all authorized users, but there are security
and integrity problems to be solved:
a) Loss of control over data by data preparation personnel.
b) Excessive power in the hands of the database administrator.
c) Technical features to secure safety in processing may reduce control.
d) The information/audit trail is particularly important.
Auditors determine management strategy and steps to identify risks and how
controlled:
1) security risks
2) legal and taxation matters
3) practical business and accounting problems
4) the internet never sleeps
5) crisis management
Security risks
Corruption of data by viruses and hackers
Threat to privacy of personal data
Infringement of intellectual property rights
Unwanted communication, e.g. ‘spam’
Controls to reduce impact of risks:
1. Security policy
2. Firewalls
3. Private networks, such as intranets and extranets
4. Information/audit trails
5. Other security measures
i. Encryption of data
ii. Identification and authentication information
AY 2020-2021 Page | 72
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
Also – which tax jurisdiction can tax income derived from a transaction, including
VAT.
Crisis management
Systems to ensure losses minimized when things go wrong.
AY 2020-2021 Page | 73
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
1) Narrative notes
2) Visual description (Eg Flowcharts)
3) Questionnaires (Eg Internal control questionnaire (ICQ))
1) Narrative notes
The purpose of narrative notes is to describe and explain the system, at the same time as
making any comments or criticisms which will help to demonstrate an intelligent
understanding of the system.
Narrative notes
Advantages Disadvantages
They are relatively simple to record and Describing something in narrative notes can be
can facilitate understanding by all a lot more time consuming than, say,
audit team members. representing it as a simple flowchart,
particularly where the system follows a
logical flow.
They can be used for any system due to They are awkward to update if written
the method's flexibility. manually.
Editing in future years can be relatively It can be difficult to identify missing internal
easy if they are computerised. controls because notes record the detail of
systems but may not identify control
exceptions clearly.
2) Flowcharts
Flowcharts can take many forms, but in general are graphic illustrations of the physical flow of
information through the accounting system. Flowlines represent the sequences of
processes, and other symbols represent the inputs and outputs to a process.
Advantages:
1. Aids understanding of accounting/control systems.
2. To draw a flow chart properly auditor must understand how the entity
controls its operations.
3. Detect strengths, weaknesses, unnecessary procedures and documents.
Disadvantages:
1. Time-consuming to prepare and difficult to alter.
2. In simple systems, narrative descriptions better.
3. Considerable variation of symbols used.
4. Require experience to prepare and interpret.
5. In complex situations too simplistic.
AY 2020-2021 Page | 74
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
The major question which ICQs are designed to answer is 'How good is the system of
controls?'
They comprise a list of questions designed to determine whether desirable controls are
present.
One of the most effective ways of designing the questionnaire is to phrase the questions so that
all the answers can be given as 'YES' or 'NO' and a 'NO' answer indicates a deficiency in the
system.
Questionnaires
Advantages Disadvantages
If drafted thoroughly, they can The principal disadvantage is that they can be
ensure all controls are considered. drafted vaguely, hence misunderstood and
important controls not identified.
They are quick to prepare. They may contain a large number of
irrelevant controls.
They are easy to use and control. They may not include unusual controls,
which are nevertheless effective in particular
circumstances.
Because they are drafted in terms of They can give the impression that all controls
objectives rather than specific controls, are of equal weight. In many systems one NO
they are easier to apply to a variety of answer (for example lack of segregation of
systems. duties) will cancel out a string of YES
answers.
AY 2020-2021 Page | 75
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
Q9.1)
Explain the importance of internal control within organizations. What are the main
elements and what is the auditor’s interest in them?
The term “control” refers to any aspects of one or more of the components of internal
control. Note its aims:
(a) To ensure within reason that financial reports are valid and reliable
(b) To ensure within reason, that operations are effective and efficient
(c) To ensure within reason that applicable laws and regulations are adhered to
(d) To address identified business risks that may threaten the objectives in (a) to
(c) above.
The reason that the auditor is interested in the effectiveness of internal control and its
components is that good control systems reduce audit risk by mitigating the impact of
inherent risk. The auditor’s main interest, of course, is in determining that the
financial statements give a true and fair view, and the existence of strong internal
control within the organization will increase the likelihood that financial reporting is
valid and reliable.
If control risk is low the auditor will be able to reduce the amount of detailed
substantive testing.
Q9.2)
Integrity and ethical values are important factors in ensuring that internal control,
including the control environment is effective in reducing risk and in helping
management to achieve objectives. Do you think that these are just meaningless
words or are they really important in the business context? Why do you think that
auditors look for integrity and ethical values in management and throughout the
organization?
AY 2020-2021 Page | 76
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
In the textbook GMC Chapter 7, we saw that the control environment can only be
effective if integrity and ethical values permeate the organisation. However, they
CAN be just meaningless words unless management makes sure that staff know what
integrity means in the context of the organisation. For instance, management of an
electrical retailer would effectively be saying to customers that goods purchased were
safe to use. This would mean that statements about safety would have to be properly
backed up by a proper testing regime. If not, the company would expect to suffer loss
of reputation and to incur damages as the result of court cases.
An example like this can show us that integrity and ethical values have a practical
significance and are not just meaningless words. As far as auditors are concerned,
they have to decide if they can rely on company systems in achieving their own
objectives, the main one of which is to give an opinion on the truth and fairness of the
financial statement.
Q9.3)
You have recently become auditor of a small trading entity whose system is based on
a series of networked microcomputers, using bought-in software for basic accounting
functions. During the initial meeting with management, the managing director told
you that he is really scared of all ‘this computer stuff’, particularly as there is no one
in the entity who has any specialized knowledge of computers. How would you advise
him? What do you think might be the key risks in such an entity?
As an auditor, you might have preferred not to start from here (kind of late now when
the system is already been installed), but rather to have been involved when the
decisions were made to install the computer system.
AY 2020-2021 Page | 77
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
It might be useful to employ someone with basic computer skills to help staff when
problems arise and to make sure that the server is working properly when needed. It
might also be desirable to shut down the server outside normal working hours. This
person might usefully draw up a code of conduct for computer users, including a
restriction in the time that people sit at the keyboard.
b) Risk that the system has not been developed properly in the first place. You
should ask the managing director to see the documentation prepared at the time the
system was developed, including any feasibility studies, documentation concerning
the desired characteristics of the systems, and testing that was carried out, and by
whom, prior to putting the system into use. You would be particularly interested in
discovering if the bought-in software performs in the way expected, for instance,
whether appropriate information/audit trails are recorded. Is double entry properly
carried through in all cases? You should also ask what kind of training staff received
at the time the system was introduced and what kind of ongoing training is provided.
For instance, were staff informed of the need to respond to error messages, to keep
passwords private, and to report bugs in the system.
d) Risk that the company does not observe appropriate organisational controls.
For instance, does the company have a system for allocating responsibility? Are
duties appropriately segregated? You might reassure the managing director that in a
small company where there is little computing knowledge among staff and where
systems analysts and programmers are not employed there is a lower risk that people
will interfere with the proper operation of programs.
Q9.4)
At the beginning of this lecture, there is a diagram that talked about the two broad
levels of regulation and control relating to the external and internal environment.
Assume that you are the auditor of an entity providing advice to clients on financial
matters. You are aware that there have been serious reductions in the value of shares
quoted on stock exchanges throughout the world and that this will have a negative
impact on pensions in the future. Explain how management of the entity should react
to this external factor. Consider the control environment of the entity and auditors’
interest.
AY 2020-2021 Page | 78
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
A company providing financial services to the public is governed by the terms of the
Financial Services Acts, the most recent of which is the Financial Services and
Markets Act 2000 and management should ensure that staff are aware of the terms
and implications of those acts.
We do not intend to discuss the detailed provisions but clients have certain rights that
must be communicated to them. For instance, clients must be told who the regulator
is, with whom the financial advisor is registered, they have to be told whether the
advisor will recommend a wide range of financial products or if they are tied to one
company only. Clients also have to be informed of their rights, including a cooling off
period, which enables the client to withdraw (or cancel) from a contract within a
certain period of time.
Any serious fall in the quoted values of shares on stock exchanges will put
considerable pressure on companies providing financial services as one of their prime
selling tools is projected growth of stock exchange values, more or less on the lines
of: 'if growth is at the rate of 6%, the increase in value of your fund will be £n over a
period of 10 years, if growth is at the rate of 7%, the increase in value over 10 years
will be £m.
Company management would have to inform their staff that clients should be told that
conditions have changed, that growth rates of the fairly recent past are unlikely in the
future, that annual bonus and terminal rates have had of necessity to be reduced.
In other words management philosophy should include providing clients with an open
discussion of risks with the aim, among other things of discovering the client's
attitude to risk, and the time scale that is appropriate to the particular client.
Management should insist that a reasoned discussion of expectations over the time
scale take place.
Clearly, advisory staff should be kept well trained and well informed by the company
and communication lines should be clear. Management should also ensure that
advisory staff are remunerated in such a way that they will not be encouraged to
advise financial products which are more advantageous to them (because of high
commission rates) than to the clients themselves.
The auditor should ensure that the control environment within which financial
advisory staff operate is strong and reflects high integrity and the provision of
procedures to protect the public interest. This is a matter of considerable interest to
the auditor as selling inappropriate financial products (such as life assurance and
pensions) in the 1990s resulted in large successful claims against financial advisors
and assurance companies.
AY 2020-2021 Page | 79
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
Q9.5)
As organizations have become more dependent on the reliability of information
systems, they have become more aware of the need to maintain quality of systems and
the data/information derived from them. If you were asked to set up a quality
standards group, what role do you think it should have and what steps should be taken
to render it effective?
A quality standards group clearly needs to be of high quality itself. Its broad role
would be to provide independent monitoring of systems and the information derived
from those systems, information that management requires to achieve company
objectives and reduce risk. Information/computer systems have become critical to an
organisation's survival. The group would ensure at the development stage that quality
standards are incorporated in the design of the system and that they are maintained
thereafter.
The basic matters that the quality assurance group will be concerned with is whether
the developed software will meet user needs, how reliable it is, the ease of use of the
software, whether the software is efficient in terms of the resources used and how
easy it is to maintain.
The quality assurance function will also be concerned with such matters as the clarity
and completeness of documentation of the system and the training and effectiveness
of staff.
Auditors would have greater confidence that controls over development, maintenance
and operations are reliable with a consequent impact on the amount of substantive
testing required. In smaller organizations, the quality control function might be in the
hands of internal audit, which will also possess the necessary degree of independence.
The steps that should be taken to ensure its effectiveness include the following:
1) High status (or organization status), as would be evidenced by its position in
the company's organisational structure with responsibility to top management and
reporting at this level also. High status would also be evidenced by the attitude of top
management to its recommendations and by the resources that it provides to the
group.
AY 2020-2021 Page | 80
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
Q9.6)
Segregation of duties is a basic requirement of a good control system. Explain what is
meant by this statement and show how segregation of duties in a modern computer
system might differ from that in a manual system.
The reason that segregation of duties of duties is important is that data and
information derived from systems will be more reliable if no one person sees
transactions through from inception to final disposition or if one person has too much
power in critical areas. Segregation of duties is closely associated with:
a) Proper allocation of authorisation to individuals to give approval to
transactions or to hold balances.
b) Supervision by responsible officials of the activities of subordinate staff
Here is a summary of the points made, including how segregation may change in a
computer system:
i) The first basic rule of division of duties is that there should be segregation of
the functions as far as possible of: (a) Authorisation of transactions; (b) Execution of
transactions; (c) Custody of assets; (d) Recording of transactions and assets
ii) However, in computer systems this may not be possible because a large
number of actions that might be in different hands in a manual system are often
carried through by computer program. (Eg the automatic generation of purchase
orders by a computer program once a minimum inventory level has been reached).
This means that when traditional segregation of functions is not possible, there must
be additional control devices in operation - or a rethink of segregation. It is important
to consider where decision-making lies:
– Operation of a program should be segregated from the ability to
change it
– Alteration of master file data should be in the hands of a responsible
official
iii) A further basic rule of segregation of duties is that where control is dependent
on segregation of duties within a particular function, management should allocate
duties appropriately. (For example, the trade receivables' control account kept or
reviewed by the chief accountant)
iv) There should be rotation of duties at appropriate intervals for critical tasks,
such as reviewing and changing customers' credit limits for a long period of time, or
control of particular aspects of a database. There should also be independent review of
data for reasonableness, either manually or computer aided analytical reviews - this
would be part of the duties of a supervising officer.
AY 2020-2021 Page | 81
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
Q9.7)
Assume that Ann Paterson, an established customer, has telephoned asking that she be
supplied with three recently published books. She has been passed to a sales clerk
who deals with her order. Suggest controls that should be in force before her order is
accepted.
Further controls would be procedures to ensure that the clerk knows if the books are
available and when they would be despatched, that calculated the amount of the
invoice and compared Ann's credit limit with the outstanding balance, adjusted for the
new transaction.
The clerk would be prompted to inform Ann whether the order had been accepted,
and if accepted, to read the terms of the order and amount of the invoice to her. The
system should send a copy of the accepted order to her, and, if not accepted, a letter
detailing reasons for non-acceptance.
Further controls would be numbering of the orders processed by the sales clerk and
the preparation of control totals for all transactions entered by the clerk during the day
(the clerk would also need to be identified and authenticated). We would expect
sequence checking of orders entered by the sales clerk.
Q9.8)
Describe the nature of an extranet and explain why it might be a useful means of
achieving business objectives. Assume that you are auditor of an entity carrying on
business using an extranet and explain what controls you would expect to be in force
to protect it.
Both extranets and intranets are made secure by the use of firewalls, which are
specially designed systems to protect computer networks from unauthorised intrusion.
AY 2020-2021 Page | 82
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
Particular features of firewall control are those that require identification and
authentication of persons or organisations attempting entry, and identification of data
being transmitted. There are a number of different ways that firewalls identify data,
but they all try to stop data that does not meet certain criteria. They may not be able to
stop undesired interventions by persons within the extranet or intranet, such as a
disgruntled employee (heard of hacking?).
Extranets are also vulnerable to viruses as effective actions against viruses may slow
down the system to the extent that it becomes unworkable. The tighter the firewall,
the more restrictive it is and may indeed be too restrictive for effective use of email
communication. Some companies allow easy access for emails but are much more
restrictive when data packages are being transmitted.
END OF LECTURE 9
AY 2020-2021 Page | 83
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
Learning objectives
Why do auditors want to test the internal control system of their clients? Remember
this question that we discussed at the beginning of lecture 9. Two main reasons:
1) Auditors have to decide whether the system appears strong enough for them to
rely on it in arriving at conclusions.
2) Auditors perform tests of control to satisfy themselves initial conclusion about
system is valid.
We will cover 3 common internal control systems in this lecture: Namely the Sales,
Purchase and the Payroll system.
Let us revise the concept of control objectives. What are control objectives?
For sales system, the control objectives, namely, are to ensure that:
a) Customers receive the goods that they require at advertised prices and quality
b) Customers receive goods on credit only if they are likely to pay for them
c) Recorded sales are genuine, accurate and complete
d) Trade receivables' accounts are debited with sales on credit, which are
genuine, accurate and complete
e) All cash received is recorded in full before banking
f) Inventory records reflect genuine outward movements in correct quantities
Using the above control objectives generated for the sales system, you will need to
think about creating similar control objectives for the purchase and payroll systems.
AY 2020-2021 Page | 84
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
AY 2020-2021 Page | 85
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
AY 2020-2021 Page | 86
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
Ordering department
i) All orders are raised on pre-numbered purchase requisitions and sent to the
ordering department.
ii) In the ordering department, each requisition is signed by the chief buyer. A
purchasing clerk transfers the order information onto an order form and
identifies the appropriate supplier for the goods.
iii) Part one of the two part order form is sent to the supplier and part two to the
accounts department. The requisition is thrown away.
Accounts department
GRNs matched with the order awaiting the receipt of the supplier invoice.
Required:
Identify and explain five internal control weaknesses and provide a
recommendation to overcome each weakness.
AY 2020-2021 Page | 87
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
Purchase requisition
The purchase requisition is destroyed after The requisition should be filed in the
goods have been ordered. This means that there ordering department as audit evidence
is no audit trail to show who ordered the goods of goods being ordered.
or whether the order form has been completed
correctly.
Order form
Only the original and one copy of the order The order document is in three copies,
form are available – one is sent to the supplier with the additional copy being kept in
and the second to accounts. This means that the ordering department.
there is no record of goods ordered in the
ordering department. There are risks that goods
could be ordered twice and that late deliveries
cannot be identified and queried with suppliers.
AY 2020-2021 Page | 88
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
AY 2020-2021 Page | 89
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
‘The auditor’s assessment of the identified risks at the assertion level provides a basis
for considering the appropriate audit approach for designing and performing
further audit procedures.
(c) A combined approach using both tests of controls and substantive procedures
is an effective approach.’
Different approaches to audit: Control testing (CT) only, Substantive testing (ST)
only, or Combined approach (= CT plus ST)
Can auditors rely on internal controls tested in last year? Can they “re-use”
those tests done last year and not do so much testing during the current year?
YES but ……
Para A13 of ISA 315 (walk through tests in existing client): ‘The auditor is required
to determine whether information obtained in prior periods remains relevant, if the
auditor intends to use that information for the purposes of the current audit. This is
because changes in the control environment, for example, may affect the relevance of
information obtained in the prior year. To determine whether changes have occurred
that may affect the relevance of such information, the auditor may make inquiries and
perform other appropriate audit procedures, such as walk-throughs of relevant
systems.’
AY 2020-2021 Page | 90
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
In summary, we can use the following figure (taken from the textbook GMC) to work
out our audit approach.
Why not include “A” – Unlikely we use analytical procedures as test of controls, it is
meaningless.
AY 2020-2021 Page | 91
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
Then what do you mean by auditing through? How do you audit through?
AY 2020-2021 Page | 92
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
AY 2020-2021 Page | 93
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
Q10.1)
You are auditing a company engaged in the development and sale of games software
over the internet. You are satisfied that the software is of high quality and are now
directing your attention to the controls over the sale of their products. You have
confirmed that the company’s systems are fully integrated and that sales automatically
update bank and trade receivables records (depending on whether the sales are by
credit card or on credit) and quantity inventory records. Your initial discussions with
management have satisfied you that the control environment is good and you have
classified control risk as ‘medium’. (Your firm asks audit staff to classify control risk
as ‘high’, ‘medium’ and ‘low’.)
Required:
a) Explain what the three control risk classifications probably mean in practice.
b) What basic controls would you expect to see to ensure that sales are genuine,
accurate and complete, that the risk of bad debts is low, and that inventory
movements resulting from sales are genuine, accurate and complete? Suggest
suitable tests of control.
a)
Firstly, note that assessment of control risk tends to be very subjective and your firm
has given guidance to staff using terms like ‘high’, ‘medium’ and ‘low’ rather than
suggesting percentages that might give the impression of spurious accuracy.
However, ‘high’ control risk will mean that controls are so weak that you would not
rely on the controls at all, but go immediately over to substantive testing. ‘Low’
control risk would mean that you had decided that controls were very good and were
backed up by a strong control environment, including perhaps a high quality internal
audit department.
In this case you have decided that the control environment is good, but some initial
tests have revealed some weaknesses in detailed controls (so you assessed control risk
as medium). Perhaps the audit trail is incomplete or you have discovered that control
totals are not always checked, so you have decided that although controls are
generally satisfactory, you feel the need to extend substantive testing to some extent.
b)
We would expect the controls to include the following:
i) Complete audit trail from initial order to final updating of bank and trade
receivables accounts, inventory records and entry in general ledger accounts.
AY 2020-2021 Page | 94
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
iv) Controls over giving credit (for instance, submission by the customer of bank
references; issuing credit limit and updating customer master file by a
responsible official; programmed comparison of new balance with credit limit)
To test all the above controls, the auditor might use embedded audit facilities that
allow continuous review of the data and their processing (SCARF) or alternatively put
test data through the system to ensure that all the records are properly updated.
vi) Controls to ensure customers’ accounts are properly updated. A good test here
would be to check after date payments, although this would be used as a
substantive test to confirm the validity of balances at the year-end.
vii) Controls to ensure that inventory records are properly updated. A good control
here would be for the company to count inventory quantities periodically for
comparison with inventory records. The auditor might re-perform such a test
and also enquire into significant differences between quantities counted and
inventory records. This would also be a good substantive test.
AY 2020-2021 Page | 95
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
a) State the control objectives for the ordering, despatch and invoicing of goods.
(5 marks)
b)
Atlantis Standard Goods (ASG) Co has a year end of 30 June 2006. ASG is a retailer
of kitchen appliances such as washing machines, fridges and microwaves. All sales
are made via the company’s Internet site with dispatch and delivery of goods to the
customer’s house made using ASG’s vehicles. Appliances are purchased from many
different manufacturers.
Required:
Tabulate the audit tests you should carry out on the sales and despatch system,
explaining the reason for each test. (15 marks)
AY 2020-2021 Page | 96
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
a) Control objectives
Ordering of goods
– Goods are only supplied to authorised customers
– Orders are recorded correctly regarding price, quantity, item and customer
details.
AY 2020-2021 Page | 97
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
For a sample of items on the despatch To ensure that the despatch information is
department computer, accurate and that the despatch record
– agree back to the goods awaiting itself relates to a valid sale.
despatch file ensuring details of product,
quantity and customer agree.
– agree to the inventory records Ensures that the inventory system
confirming that the correct appliance correctly records the appliance ordered
record was updated. and that the inventory system remains
accurate.
– check customer signature is on file To confirm that evidence is available for
agreeing receipt of goods. receipt of goods confirming that goods
have been delivered.
For a sample of items on the despatch To ensure that goods have been received
department computer, review to see that and that procedures for investigating non-
evidence of delivery to customer is despatch or receipt are working.
available. Investigate records where no
delivery information is available
obtaining reasons for this.
Review the despatch department To ensure that the despatch process is
computer files for items not flagged working correctly and that incomplete
‘order complete’. Investigate and obtain items are being investigated.
reasons for these items.
AY 2020-2021 Page | 98
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
In the past the company has bulk ordered its clothing and accessories twice a year.
However, if their goods failed to meet the key fashion trends then this resulted in
significant inventory write downs. As a result of this the company has recently
introduced a just in time ordering system. The fashion buyers make an assessment
nine months in advance as to what the key trends are likely to be, these goods are
sourced from their suppliers but only limited numbers are initially ordered.
Greystone Co has an internal audit department but at present their only role is to
perform regular inventory counts at the stores.
Ordering process
Each country has a purchasing manager who decides on the initial inventory levels for
each store, this is not done in conjunction with store or sales managers. These
quantities are communicated to the central buying department at the head office in
Europe. An ordering clerk amalgamates all country orders by specified regions of
countries, such as Central Europe and North America, and passes them to the
purchasing director to review and authorise.
As the goods are sold, it is the store manager’s responsibility to re-order the goods
through the purchasing manager; they are prompted weekly to review inventory levels
as although the goods are just in time, it can still take up to four weeks for goods to be
received in store.
It is not possible to order goods from other branches of stores as all ordering must be
undertaken through the purchasing manager. If a customer requests an item of
clothing, which is unavailable in a particular store, then the customer is provided with
other branch telephone numbers or recommended to try the company website.
To speed up the ordering to receipt of goods cycle, the goods are delivered directly
from the suppliers to the individual stores. On receipt of goods the quantities received
are checked by a sales assistant against the supplier’s delivery note, and then the
assistant produces a goods received note (GRN). This is done at quiet times of the day
so as to maximise sales. The checked GRNs are sent to head office for matching with
purchase invoices.
AY 2020-2021 Page | 99
SIM-GE AC3093 – Auditing and Assurance
Lecture Notes (Lecture 6 to 10)
As purchase invoices are received they are manually matched to GRNs from the
stores, this can be a very time consuming process as some suppliers may have
delivered to over 500 stores. Once the invoice has been agreed then it is sent to the
purchasing director for authorisation. It is at this stage that the invoice is entered onto
the purchase ledger.
Required:
b)
As the external auditors of Greystone Co, write a report to management in
respect of the purchasing system which:
i) Identifies and explains FOUR weaknesses in that system;
ii) Explains the possible implication of each weakness;
iii) Provides a recommendation to address each weakness.
b)
Board of Directors
Greystone Co
30 Any Street
Any Town
8 December 2010
Dear Sirs,
(i) Weakness
The purchasing manager decides on the inventory levels for each store without
discussion with store or sales managers. The purchasing manager may not have the
appropriate knowledge of the local market for a store.
(ii) Implication
This could result in stores ordering goods that are not likely to sell and hence require
heavy discounting. In addition as a fashion chain, if customers perceive that the goods
are not meeting the key fashion trends then they may cease to shop at Greystone at all.
(iii) Recommendation
The purchasing manager should initially hold a meeting with area managers of stores;
if meeting all store managers is not practical, he should understand the local markets
before agreeing jointly goods to be purchased.
(i) Weakness
The purchase orders are only reviewed and authorised by a purchasing director in a
wholly aggregated manner (by specified regions of countries).
(ii) Implication
It will be difficult for the purchasing director to assess whether overall the correct
buying decisions are being made as the detail of the orders is not being presented and
he is the only level of authorisation. This could result in significant levels of goods
being purchased that are not right for particular market sectors.
(iii) Recommendation
A purchasing senior manager should review the information prepared for each
country and discuss with local purchasing managers the specifics of their orders.
These should then be authorised and passed to the purchasing director for final review
and sign off.
(i) Weakness
The store managers are responsible for re-ordering goods through the purchasing
manager.
(ii) Implication
If the store managers forget or order too late, then as the ordering process can take up
to four weeks, the store could experience significant stock outs leading to loss of
income.
(iii) Recommendation
Automatic re-order levels should be set up in the inventory management systems. As
the goods sold reach the re-order levels the purchasing manager should receive an
automatic re-order request.
(i) Weakness
It is not possible for a store to order goods from other local stores for customers who
request them. Instead they are told to contact the stores themselves, or use the
company website.
(ii) Implication
Customers are less likely to contact individual stores themselves and this could result
in the company losing out on valuable sales. In addition some goods which are slow
moving in one store may be out of stock at another, if goods could be transferred
between stores then overall sales may be maximised.
(iii) Recommendation
An inter-branch transfer system should be established between stores. This should
help stores whose goods are below the re-order level but are awaiting their deliveries
from the suppliers.
(i) Weakness
Deliveries from suppliers are accepted without being checked first.
In addition they are then checked by sales assistants to the suppliers’ delivery note to
agree quantities but not quality.
Sales assistants are producing the goods received note (GRN) on receipt of a
supplier’s delivery note.
(ii) Implication
The stores are receiving goods without checking that these are correct. Hence if a
delivery is subsequently disputed there may be little recourse for the company.
If the sales assistants are only checking quantities then goods which are not of a
saleable condition may be accepted.
The assistants may not be adequately experienced to produce the GRN, and this is an
important document used in the invoice authorisation process. Errors could lead to
under or overpayments.
(iii) Recommendation
Deliveries from suppliers should only be accepted between designated hours such as
the first two hours of the morning when it is quieter. The goods should then be
checked on arrival for quantity and quality prior to acceptance from the supplier. A
responsible official at each store should produce the GRN from the supplier’s delivery
information.
(i) Weakness
Goods are being received without any checks being made against purchase orders.
(ii) Implication
This could result in Greystone receiving and subsequently paying for goods it did not
require. In addition if no check is made against order then the company may have
significant purchase orders which are outstanding, leading to lost sales.
(iii) Recommendation
A copy of the authorised order form should be sent to the store. This should then be
checked to the GRN. Once checked the order should be sent to head office and logged
as completed. On a regular basis the purchasing clerk should review the order file for
any outstanding items.
(i) Weakness
Purchase invoices are manually matched to a high volume of GRNs from the
individual stores.
(ii) Implication
A manual checking process increases the risk of error, resulting in invoices being
accepted or
rejected erroneously.
(iii) Recommendation
The checked GRNs should be logged onto the purchasing system, matched against the
relevant order number, then as the invoice is received this should be automatically
matched. The purchasing clerk should then review for any unmatched items.
(i) Weakness
The purchase invoice is only logged onto the system as it is being authorised by the
purchasing director.
(ii) Implication
If the invoice is misplaced then payables may not be settled on a timely basis. In
addition at the
year-end the purchase ledger may be understated as invoices relating to the current
year have been received but are not in the purchase ledger.
(iii) Recommendation
Upon receipt of an invoice this should be logged into a file of unmatched invoices. As
it is matched and authorised it should then be moved into the purchase ledger. At the
year-end, items in the unmatched invoices file should be accrued for, to ensure
liabilities are not understated.
Please note that this report only addresses any significant weaknesses identified
during the audit and if further testing had been performed then more weaknesses may
have been reported.
This report is solely for the use of management and if you have any further questions
then please do not hesitate to contact us.
Yours faithfully,
An audit firm
Introduction
Blake Co assembles specialist motor vehicles such as lorries, buses and trucks. The
company owns four assembly plants to which parts are delivered and assembled into
the motor vehicles.
The motor vehicles are assembled using a mix of robot and manual production lines.
The ‘human’ workers normally work a standard eight hour day, although this is
supplemented by overtime on a regular basis as Blake has a full order book. There is
one shift per day; mass production and around the clock working are not possible due
to the specialist nature of the motor vehicles being assembled.
Shift-workers are split into groups of about 25 employees, with each group under the
supervision of a shift foreman. Each day, each group of shift-workers is allocated a
specific vehicle to manufacture. At least 400 vehicles have to be manufactured each
day by each work group. If necessary, overtime is worked to complete the day’s quota
of vehicles. The shift foreman is not required to monitor the extent of any overtime
working although the foreman does ensure workers are not taking unnecessary or
prolonged breaks which would automatically increase the amount of overtime
worked. Shift-workers log off at the end of each shift by re-scanning their
identification card.
Payment of wages
Details of hours worked each week are sent electronically to the payroll department,
where hours worked are allocated by the computerised wages system to each
employee’s wages records. Staff in the payroll department compare hours worked
from the time recording system to the computerised wages system, and enter a code
word to confirm the accuracy of transfer. The code word also acts as authorisation to
calculate net wages. The code word is the name of a domestic cat belonging to the
department head and is therefore generally known around the department.
The list of net pay for each employee is sent over Blake’s internal network to the
accounts department. In the accounts department, an accounts clerk ensures that
employee bank details are on file.
The clerk then authorises and makes payment to those employees using Blake’s
online banking systems. Every few weeks the financial accountant reviews the total
amount of wages made to ensure that the management accounts are accurate.
Termination of employees
Occasionally, employees leave Blake. When this happens, the personnel department
sends an e-mail to the payroll department detailing the employee’s termination date
and any unclaimed holiday pay. The receipt of the e-mail by the payroll department is
not monitored by the personnel department.
Required:
– Employees are only paid for work that they have done
– Gross pay has been calculated correctly
– Gross pay has been authorised
– Net pay has been calculated correctly
– Gross and net pay have been recorded accurately in the general ledger
– Only genuine employees are paid
– Correct amounts are paid to taxation authorities.
b)
The Directors
Blake Co
110 Any Street
Anywhere
3 December 2008
Dear Sirs
Management letter
As usual at the end of our audit, we write to bring to your attention weaknesses in
your company’s internal control systems and provide recommendations to alleviate
those weaknesses.
P
Weakness
The logging in process for employees is not monitored.
Possible effect
Employees could bring cards for absent employees to the assembly plant and scan that
card for the employee; absent employees would effectively be paid for work not done.
Recommendation
The shift manager should reconcile the number of workers physically present on the
production line with the computerised record of the number of employees logged in
for work each shift.
Weakness
Overtime is not authorised by a responsible official.
Possible effect
Employees may get paid for work not done e.g. they may clock-off late in order to
receive ‘overtime’ payments.
Recommendation
All overtime should be authorised, either by the shift manager authorizing an
estimated amount of overtime prior to the shift commencing or by the manager
confirming the recorded hours in the payroll department computer system after the
shift has been completed.
Weakness
The code word authorising the accuracy of time worked to the wages system is the
name of the cat of the department head.
Possible effect
The code word is not secure and could be easily guessed by an employee outside the
department (names of pets are commonly used passwords).
Recommendation
The code word should be based on a random sequence of letters and numbers and
changed on a regular basis.
Weakness
The total amount of net wages transferred to employees is not agreed to the total of
the list of wages produced by the payroll department.
Possible effect
‘Dummy’ employees – payments that do not relate to any real employee – could be
added to the payroll payments list in the accounts department.
Recommendation
Prior to net wages being sent to the bank for payment, the financial accountant should
cast and agree the total of the payments list to the total of wages from the payroll
department.
Weakness
Details of employees leaving the company are sent on an e-mail from the personnel
department to payroll.
Possible effect
There is no check to ensure that all e-mails sent are actually received in the payroll
department.
Recommendation
There needs to be a control to ensure all e-mails are received in personnel –
prenumbering of e-mails or tagging the e-mail to ensure a receipt is sent back to the
personnel department will help meet this objective.
Weakness
In the accounts department, the accounts clerk authorises payment of net wages to
employees.
Possible effect
It is inappropriate that a junior member of staff should sign the payroll; the clerk may
not be able to identify errors in the payroll or could even have included ‘dummy
employees’ and is now authorising payments to those ‘people’.
Recommendation
The payroll should be authorised by a senior manager or finance director.
If you require any further information on the above, please do not hesitate to contact
us.
Yours faithfully,
Required:
b) What factors will determine how much reliance the external auditors of
NorthLea Co. can place on the work of the internal audit department in
relation to the company’s wages system? (10 marks)
This question was the one that most candidates attempted and part a) was the one for
which the highest number of candidates obtained maximum marks. A large number of
candidates were able to produce a list of the strengths and the weaknesses and for
each of the latter were able to come up with a valid and practical control to overcome
the weakness.
Because you were asked to produce a solution to each of the weaknesses, this part of
the question was ideally suited to a columnar style answer.
Of course, such an approach did not allow for inclusion of the strengths in the system
since these do not need a response. Some candidates clearly had thought about this
and wisely started the answers to part (a) with a list of the strengths then went on to
produce the columnar tabulation of weaknesses and suggested responses.
Poorer answers often launched straight into the question with a tabular format; only to
find that strengths then had to be included in the same column as weaknesses and that
for each strength there would be a blank in the right hand column because no response
was needed. This situation could have been avoided if the candidates had only thought
through their answer before deciding on a format.
If part (a) of this question was the best attempted part of the paper, part (b) was almost
certainly the worst attempted on the entire paper. A large number of candidates sought
to answer this part of the question with explanations of audit tests that could be
performed. It appeared as though few candidates had looked at the material relevant to
the work of an internal audit department and the extent to which external auditors may
rely on the work of internal auditors. The texts are not difficult to understand.
They list a number of factors which will influence the external auditors’ decision,
such as:
the scope of the internal audit team’s review, the qualifications and competences of
the internal audit team, the level within the company to which the internal auditors
report.
a)
Strengths
Employees can be paid for work not done. A record of hours worked by each employee
There appears to be no check to ensure that should be printed from the computerised
hours recorded in the computer system actually wages system and signed by the site foreman
relate to hours worked. to confirm that the hours are accurate.
There is no check to ensure that each employee The computerised wages system should print
inputs his/her employee number. One employee a list of employees present per the computer
could input two numbers hiding the fact that one system during the day and the foreman should
employee is absent. then sign this list to confirm it is accurate.
Fake or dummy employees can be put onto The wages office should check the list of
the payroll. employees against workers personnel records
The foreman can set up employee records for of authorised employees. Any new employees
who do not exist as payment is made particularly should be verified in this way
automatically from the records of hours worked. before payment is made.
The staff in the wages office could collude by The list of employees on the payroll should be
setting up fake employee records in a similar checked for accuracy by a person outside of
way to the site foreman. the wages department, for example the
personnel department or the chief accountant.
The list of net payments should be signed by
this person to show it is correct.
Gross pay inflated by wages department staff. The computerised payroll system should be
The staff in the wages department could add programmed to produce a list of all
extra hours to the records of some employees, amendments made to the payroll. This list
and remove the net pay from the payment should be reviewed by a responsible official
received from the courier prior to making up the outside of the wages department prior to
pay packets. wages being paid.
Conrad is a young fashion designer who opened his first store in Manchester at the
start of 2013. His shop sells mainly high value designer dresses aimed at the late
twenties to early thirties professional woman. However, he also stocks several lines of
low value accessories in order to tempt other potential customers into the shop.
Conrad followed the bank manager’s advice and set up the business as a limited
company. Conrad is the only shareholder and the only director. He has invested
£100,000 of his own money. The company has a borrowing facility of £100,000 from
the bank. However, a condition of the bank loan is that he has to give a personal
guarantee on the loan.
You discover that there are four employees who work in the backroom making the
dresses and five who serve in the shop, at various times. The five sales ladies are
essentially casual workers who are paid by the hour. They try to fit the hours around
the demands of their home life and/or children. Often there is only one of them in the
shop. Conrad knows them all personally, he trusts them and is happy for whoever is
the last to leave to count up the cash, close up the shop and bank the cash on their way
home. He also allows them to make minor payments for things like materials for
window displays, tea, coffee and milk for the staff to be paid out of the takings.
However, he assures you that he has control of the bank since he is the only one who
has access to the cheque book and the internet banking. He receives but never checks
the bank statements. He says he is too busy out on the road finding new outlets,
attending trade shows and making contacts.
Conrad engaged your firm to do the accounts and prepare the tax return. He has no
accounting experience and no knowledge of or interest in financial matters. He
expressed concern when you presented him with the accounts. His sales for the year
came to £900,000 and the cost of sales in the form of materials and bought-in goods
came to £500,000. He had done some rough costing in setting his prices and aimed to
make a mark-up of 200% on cost. So he would have expected his gross profit on sales
to be £600,000, not the £400,000 shown in your accounts. He has no idea why the
figures are different but wants you to investigate and to conduct a full audit. He is also
stunned to find that while your accounts show that the company has made a £50,000
net profit, the bank balance is now up to the limit of the permitted borrowing.
Required:
Examiner comments:
Identifying various inherent and control risks in the scenario would be expected in the
context of this question. For example the fashion industry is high risk and it would be
worth the auditors finding out how Conrad attempts to be aware of changing trends,
etc.
Some explanation for Conrad’s benefit of the difference between cash and profit (a
Year One concept) was intended to be a gift for the sharp-eyed candidate but too few
candidates even mentioned this area of confusion in the mind of the client.
The need for good internal control is essential in any business. In small companies,
formal systems are often not feasible but there are other ways of reducing risks of loss
and misappropriation – namely a greater involvement from the owner.
Setting out the answer as a proper memo or report would have improved the
appearance of some attempts.
It would be important to explain that some form of internal controls and adequacy of
accounting records are essential. Without these the auditor’s report is likely to be so
heavily qualified that any value in having an audit is lost.
An audit can help to find some but cannot be expected to find all errors/
frauds/weaknesses that might save the business money in the long run.
In the real world, audits are carried out in small companies but the lack of evidence
can make them inordinately costly.
On the plus side, Conrad might find it easier to raise bank loans if he could produce
audited accounts.
Compete Ltd is a large private limited company which buys and sells computers,
mobile phones and other electronic items. It has a number of large retail stores around
the country. According to its chief financial officer, its stores, offices, warehouse and
accounting function are all highly computerised. You are the external auditor
currently examining Compete’s purchasing system and note the following features:
Inventory levels are closely physically monitored by the managers at the individual
stores. When an inventory line is close to running out, the manager emails the
purchasing department in head office to place an order for sufficient additional items
to return the inventory to its original level. Managers are instructed to keep a copy of
the email on their hard drives.
Purchasing staff check the incoming orders for reasonableness and then try to source
the best price from those on the list of approved suppliers. Once the most appropriate
supplier is identified, an order is given a unique number and the order is sent to the
supplier. An electronic copy is kept on the purchasing department’s database. The
system records a list of unfulfilled orders.
Warehouse staff check in all deliveries from suppliers. They check the deliveries for
quality and quantity against the order as shown on the system – they have read-only
access to the electronic copy of the order. They are instructed not to accept any goods
which are not supported by a delivery note from the supplier and an order from
Compete. The quality and quantity of the delivery note and order must agree exactly
otherwise the entire delivery is rejected and must be returned to the supplier.
Provided the delivery details agree with the order, warehouse staff accept the goods
from the supplier and that acceptance is recorded by a staff member pressing the
‘Accept’ button on the system, an action which removes the item from the outstanding
orders list and updates the perpetual inventory records. The hard copy of the delivery
note is stamped ‘Delivered’.
In due course, and not always on time, the supplier will sent an invoice to the
accounts payable department at Compete. The staff in this department are required to
check that the goods had been ordered and had been received before entering the
details of the supplier’s invoice onto the accounts payable system, which action debits
purchases and credits the individual supplier’s account.
At the end of each month, some suppliers send in statements showing the amount due
to them from Compete. The accounts payable staff use the statements received from
these suppliers to check the ledger accounts’ balances for accuracy.
Required:
Examiner comments:
It is important to note that just listing strengths and weaknesses was not sufficient for
full marks and some explanation as to why the issue was a strength or weakness was
required.
A tabular approach could have been used in this question listing the strength or
weakness and then how it could be tested.
1) The computerised nature of the system, which helps to strengthen controls and
minimise errors.
2) Physical monitoring of inventory levels provides an extra check of the
computer system further strengthening the controls to prevent over ordering or
running out of stock items.
3) The necessity to keep a copy of emails is a strength as it provides an audit trail
if there are queries or problems at a later date. However, it is only a strength if
it is complied with and so this would need to be tested by the auditors.
4) Having an approved list of suppliers is a strength in preventing purchases from
unsuitable suppliers or inappropriate sources however this does need to be
routinely monitored and revised.
5) The requirement for buyers to look for best prices is a strength as it ensures
company funds are not wasted; however, this should not be at the expense of
quality.
6) Having a list of unfulfilled orders is a strength as it provides a record of future
commitments for the company. However, its accuracy relies on warehouse
staff correctly pressing the accept button for orders delivered.
7) Read-only access is a strength as it prevents deliberate or accidental changes
to sales orders by warehouse staff.
8) The checking of invoices is a strength to ensure they agree with the original
purchase order and delivery note – the fact that the invoices are often received
late is an inconvenience but is out of the control of the company and not a
weakness.
Examiners provided some flexibility in terms of how these strengths and weaknesses
could be tested, however, suggestions should have been linked to the issue being
raised and involve auditors either ensuring the strength was effective or the
consequences of the weakness.
You are a member of the recently formed internal audit department of Oregano Co
(Oregano).
The company manufactures tinned fruit and vegetables which are supplied to large
and small food retailers. Management and those charged with governance of Oregano
have concerns about the effectiveness of their sales and despatch system and have
asked internal audit to document and review the system.
Sales orders are mainly placed through Oregano’s website but some are made via
telephone. Online orders are automatically checked against inventory records for
availability; telephone orders, however, are checked manually by order clerks after
the call. A follow-up call is usually made to customers if there is insufficient
inventory. When taking telephone orders, clerks note down the details on plain paper
and afterwards they complete a three part pre-printed order form. These order forms
are not sequentially numbered and are sent manually to both despatch and the
accounts department.
As the company is expanding, customers are able to place online orders which will
exceed their agreed credit limit by 10%. Online orders are automatically forwarded to
the despatch and accounts department.
A daily pick list is printed by the despatch department and this is used by the
warehouse team to despatch goods. The goods are accompanied by a despatch note
and all customers are required to sign a copy of this. On return, the signed despatch
notes are given to the warehouse team to file.
The sales quantities are entered from the despatch notes and the authorised sales
prices are generated by the invoicing system. If a discount has been given, this has to
be manually entered by the sales clerk onto the invoice. Due to the expansion of the
company, and as there is a large number of sale invoices, extra accounts staff have
been asked to help out temporarily with producing the sales invoices. Normally it is
only two sales clerks who produce the sales invoices.
Required:
a) Describe TWO methods for documenting the sales and despatch system;
and for each explain an advantage and a disadvantage of using this
method. (6 marks)
b) List TWO control objectives of Oregano Co’s sales and despatch system.
(2 marks)
c) Identify and explain SIX deficiencies in Oregano Co’s sales and despatch
system and provide a recommendation to address each of these
deficiencies. (12 marks)
(20 marks)
There are several methods which can be used by the internal audit department of
Oregano Co (Oregano) to document their system.
Narrative notes
Narrative notes consist of a written description of the system; they would detail what
occurs in the system at each stage and would include any controls which operate at
each stage.
Questionnaires
Flowcharts
Flowcharts are a graphic illustration of the internal control system for the sales and
despatch system. Lines usually demonstrate the sequence of events and standard
symbols are used to signify controls or documents.
– To ensure that orders are only accepted if goods are available to be processed
for customers.
– To ensure that all orders are recorded completely and accurately.
– To ensure that goods are not supplied to poor credit risks.
– To ensure that goods are despatched for all orders on a timely basis.
– To ensure that goods are despatched correctly to customers and that they are
of an adequate quality.
– To ensure that all goods despatched are correctly invoiced.
– To ensure completeness of income for goods despatched.
– To ensure that sales discounts are only provided to valid customers.
c) Deficiencies and controls for Oregano Co’s sales and despatch system
Deficiency Control
Telephone orders are not sequentially The three part pre-printed orders
numbered. Therefore if orders are forms should be sequentially
misplaced whilst in transit to the numbered and on a regular basis the
dispatch department, these orders will dispatch department should run a
not be fulfilled, resulting in dissatisfied sequence check of orders received.
customers. Where there are gaps in the
sequence, they should be investigated
to identify any missing orders.
A daily pick list is used by the despatch In addition to the pick list, copies of
department when sending out customer all the related orders should be
orders. However, it does not appear printed on a daily basis. When the
that the goods are checked back to the goods have been picked ready to be
original order; this could result in despatched, they should be cross
incorrect goods being sent out. checked back to the original order.
They should check correct quantities
and product descriptions, as well as
checking the quality of goods being
despatched to ensure they are not
damaged.
Signed despatch notes are returned to Upon receipt of the signed despatch
the warehouse department who file notes, a copy of these should
them. If the accounts department do not immediately be forwarded to the
receive a copy of these signed despatch accounts department, who should use
notes, they will not know when to raise them to raise the invoices in a timely
the related sales invoices. This could manner.
result in goods being despatched but
not being invoiced, leading to a loss of
revenue.
Additional staff have been drafted in to Only the sales clerks should be able
help the two sales clerks produce the to raise sales invoices. As Oregano is
sales invoices. As the extra staff will expanding, consideration should be
not be as experienced as the sales given to recruiting and training more
clerks, there is an increased risk of permanent sales clerks who can
mistakes being made in the sales produce sales invoices.
invoices. This could result in customers
being under or overcharged.
Discounts given to customers are For customers who are due to receive
manually entered onto the sales a discount, the authorised discount
invoices by sales clerks. This could levels should be updated to the
result in unauthorised sales discounts customer master file. When the sales
being given as there does not seem to invoices for these customers are
be any authorisation required. raised, their discounts should
automatically appear on the invoice.
END OF LECTURE 10