Test of Control

Item Deficiency Control recommendation/Key control Test of control
Physical verification of NCA register has not -Additional resources should be devoted to Review records from physical verification
been undertaken, only 15% complete completing the physical verification of all visits by IA: ensure comparisons have been
+If non-current assets are not physically verified assets within the register performed and any unidentified and obsolete
on a regular basis, there is an increased risk of -If any assets cannot be located, they should assets have been written off following
assets being misappropriated or misplaced as be written off approval by the board or a responsible
there is no check that the assets still exist in -Following this full review, on a monthly basis official.
Asset
their correct location, obsolete assets may not a sample of assets at the sites should be
be identified on a timely basis. agreed back to the register to confirm
existence.
- During visits, any assets which cannot be
located should be investigated fully to identify
where they could be.
Inventory The count by teams of warehouse staff -The counting teams should be independent of -Attend the year-end count-Enquire of the
count +There should be a segregation of roles the warehouse;-Members of alternative counting teams which department they
between those who have day to day departments should undertake the counting normally work in
responsibility for inventory and those who are rather than the warehouse staff -Inspect the updated inventory count
checking it instructions to verify that they have been
-If the same team are responsible for communicated to members of staff outside
maintaining and checking inventory, then errors the warehouse department
and fraud could be hidden
The inventory sheets contain quantities printed - The count sheets should be sequentially -Inspect a sample of the counting sheets
+There is a risk that the counting teams may numbered and contain product codes and being used by the counting teams to verify
simply agree with the pre-printed quantities descriptions but no quantities. that only the inventory product codes and
rather than counting the balances correctly, description are pre-printed on them
resulting in significant errors in inventory.
15 teams counters, no clear division of -Each team should be informed that both -Observe the counting teams to assess if
responsibilities members are required to count their assigned they are counting together or if one counts
-Both members of staff could count together inventory separately and the other then double checks the
rather than checking each other's count; -Errors -Therefore, one member counts and the quantities counted
in their count may not be identified second member also undertakes a count and -Review the records of the sample checks
then records the inventory on the count sheets undertaken by the supervisor of the inventory
correctly co2unt.
-Financial controller supervising the count
should undertake some sample checks of
inventory counted by each team.
Owned by third parties, with adjustments later, -All inventories belonging to third parties -Enquire of the count supervisor where the
not method for counters to identify which items should be moved to one location thirdparty inventory is to be stored
are third-party inventory -This area should be clearly marked and -Inspection of the counting sheets that these
excluded from counting process. bays are not included on any preprinted
+There is a risk that these goods may not be forms
correctly removed from the inventory count
sheets, resulting in inventory being overstated.
High value be accessible by all team members -The high value inventory should be kept in the -Attempt to access the area where the high
as they will be given the access code locked area of the warehouse value inventory is stored; this should not be
+This significantly increases the risk of theft as -Senior members of the team should be possible without the access code
any member of the counting team could allocated to count these goods, and they -At the year-end visit attempt to access with
subsequently access these goods should be given the access code to enter the the code which was supplied during the
area inventory count
-Upon completion of the count the access
code should be changed
Each bay of the warehouse is counted once only -Once all inventories have been counted once, -Observe the counting team undertake
+If inventory is only checked once, then counting each area should be recounted by a different second counts of all areas;
errors may arise resulting in underor overstated team -Confirm that different teams undertake this
inventory process
-Any differences on the first count should be
promptly notified to the count supervisor and a
third count undertaken if necessary
-If a full second count would be too time
consuming for the company, then sample
checks on the inventory counted should be
undertaken by a different counting team
Once areas are counted, the teams are not -All bays should be flagged as completed, -Physically confirm that the completed bays
marking the bays as completed once the inventory has been counted of the warehouse have been flagged to
+Therefore there is the risk that some areas of -Count supervisor should check at the end of indicate that the goods have been counted
the warehouse could be double counted or the count that all of the bays with Quartz's -At the end of the count, review any bays
missed out inventory have been flagged as completed containing Quartz's goods which have not
been flagged
The inventory sheets are sequentially numbered After the counting has finished, each team Review the sequence of the inventory sheets
and at the end of the count they are given to the should return all of their sequentially for any gaps in the sequence and obtain an
count supervisor who confirms with each team numbered sheets and the supervisor should explanation from the count supervisor
that they have returned all sheets check the sequence of all sheets at the end of
However, no sequence check of the sheets is the count.
performed
+If sheets are missing, then the inventory
records could be understated
Monthly perpetual inventory counts are -The programme of perpetual inventory counts
supposed to be undertaken at each of the nine should be reviewed for omissions
warehouses, but some of these are outstanding -Any lines which have been missed out should
In order to rely on inventory records for decision be included in the remaining counts
making and the year-end financial statements, -At the year end, if any lines are identified as
all lines of inventory must be counted at least having not been counted, the company should
once a year, with high value or high turnover organise an additional count to ensure that all
items counted more regularly items are confirmed to inventory records.
-If the counts are outstanding, some goods may
not be counted, and the inventory records may
be incorrect
Inventory The internal audit department (IA) undertakes -IA should review its programme of visits to
physical verification of assets each year assess if additional resources could be
It is supposed to verify all assets over a three- devoted to ensure that all 11 sites are visited
year cycle, however in the current year IA will in line with the policy of three years
only complete the relevant procedures at one -This would ensure that physical verification of
factory and one warehouse.The company has all assets couldbe completed more regularly
five factories and warehouses and a head office -During visits any assets which cannot be
+Therefore, on this basis it will take over five located should be investigated fully to identify
yearsto physically verify all 11 sites where they could be
-If the non-current assets register is not -If they cannot be located then they should be
physically verified on a regular basis, there is an written off.
increased risk of assets being misappropriated
or obsolete assets still being included in the
register, as there is no check that the assets still
exist in good working order.
It is not possible for a store to order goods from -An inter-branch transfer system should be -During the interim audit, arrange to visit a
other local stores for customers who request established between stores, with interbranch number of the stores, discuss with the store
them inventory forms being completed for store manager the process for ordering of
Instead, customers are told to contact the other transfers inventory items, in particular whether it is
stores or use the company website -This should help stores whose inventory possible to order from other branches
+Customers are less likely to contact individual levels are low but are awaiting their deliveries -At each store, inspect a sample of
stores themselves and this could result in the from the suppliers completed interbranch inventory forms for
company losing valuable sales confirmation the control is operating.
In addition, some goods which are slow moving
in one store may be out of stock at another; if
goods could be transferred between stores, then
overall sales may be maximised
Completeness and accuracy -An inventory count team independent of the -There should be segregation of duties
warehouse team is used, current team between those who have day to day
including a member of warehouse staff is responsibility for inventory and those who are
inadequate and two internal auditors should be checking it to help prevent fraud and error
used if possible
-Using sheets with quantities already filled in -Pre-printed inventory sheets are used
means counters could potentially agree the stating code/descriptions, but without
current quantities to avoid counting and save quantities
time -The lack of quantities forces a count to be
undertaken in each case
-Damaged/obsolete goods are moved to a

designated area for inspection, but left on the -Rather than removing damaged/obsolete
sheets items from the sheet (and losing the audit
trail), they should be written down or provided
against to ensure that they are included at
the lower of cost and NRV
-A member of the finance team should make
the assessment as to what needs writing
down
-Movements of inventory are not allowed into
or out of the area being counted during
inventory counts
-Allowing movements in and out of inventory
during counts could result in double counting,
or inventory not being counted at all
-Therefore such movements should be
stopped during the count
-A sample of independent checks of the

counts is carried out by a separate team -Counting a sample of inventory lines should
Items to be checked are determined after the again help to ensure completeness and
first count has been completed accuracy of the counts, and act as an
incentive for the first team to carry out counts
more accurately initially
-As a separate exercise after the counts of
items on the sheets, teams check that a
sample of items which are physically present
are correctly included on the sheets
-A count performed from the records to the
warehouse will only test for existence or
overstatement of inventory line quantities
-Testing for completeness requires a different
approach where inventory in the warehouse
is compared to the records to identify goods
physically present but not recorded
-Inventory count sheets are compared to the
inventory records after the count
-Where adjustments are needed, the reason
for them is investigated and they are
processed on a timely basis by appropriate
personnel
-Only authorised individuals should be able to
amend the records in which year-end
inventory will be based
-On a periodic basis, senior finance team
members should review the types and levels
of adjustments for indications of fraud
High value inventory is stored in a secure -Access codes for all of the sites should be
location across all nine warehouses and access changed
is via a four digit code, which is common to all -Each site should have a unique code, known
sites to a small number of senior warehouse
-As the code is the same across all sites, this employees
significantly increases the risk of fraud -These codes should be changed on a regular
-A considerable number of people will be aware basis
of the codes and could access inventory at any
of the nine site
For goods despatched by local couriers, Baggio should remind all local couriers that Select a sample of despatches bycouriers
customer signatures are notalways obtained customer signatures must be obtained as and ask Baggio for proof ofdelivery by
-This can lead tocustomers falsely claiming that proof of delivery andpayment will not be made viewing customersignatures.
they have not received their goods for anydespatches with missing signatures.
-Baggio would not be able to prove that they had
in fact despatched the goods andmay result in
goods being despatchedtwice.
The warehouse manager at each of the The inventory counts should be supervised by
company's five sites is responsible for an independent person, such as a member of
supervising the monthly perpetual inventory Pomeranian Co's IA department.
counts and ensuring that the counting teams are
following their instructions.
-The warehouse managers may wish to hide
inefficiencies and inventory discrepancies so
that their departments are not criticised
-This could result in inventory count records
being inaccurate as well as an increase in
inventory frauds.
The company costs its inventory using standard -A review of all standard costs currently in use
costs, which are not being kept up to date.If the should be undertaken by a senior manager in
standard costs were last reviewed two years ago the productiondepartment
there is the risk that the costs are misstated as -Actual costs for materials, labour and
changes in raw materials and wages costs may overheads should be ascertained and
not have been adjusted for compared to the proposed standard costs to
-This could result in inventory and profits being ensure they are a close approximation.The
misstated.In addition, for year-end reporting, IA revised standard costs should be reviewed by
S 2 Inventories only allows standard costs to be the production director who should evidence
used for valuation purposes, if they are a close this review
approximation to actual costs, which is unlikely if -At least annually, a review of the standard
the standard costs remain unchanged for a long costs should be undertaken by the production
period of time director to ensure they are up to date.
-Therefore, the inventory cost may not be in line
with IA S 2
There have been a number ofsituations where -Once goods are despatched, theyshould be -Review the report of outstanding salesorders
the sales orders havenot been fulfilled in a timely matched to sales orders andflagged as fulfilled -If significant, discuss with aresponsible
manner. -The system shouldautomatically flag any official to understand whythere is still a
-This can lead to a loss of customergoodwill and outstandingsales orders past a significant time periodbetween sales order
if it persists will damagethe reputation of Baggio predeterminedperiod, such as five days. and despatchdate.
as a reliablesupplier -This report should be reviewed by -Select a sample of sales orders andcompare
aresponsible official. the date of order to the goodsdespatch date
to ascertain whetherthis is within the
acceptablepredetermined period.
The internal audit (IA) department undertakes -The board should set a policy to ensure -Review the board minutes for evidence of
physical verification of assets each year comparisons must be carried out more new policy set by the board regarding
As in the prior years, IA will only complete the frequently (for example, every two years) frequency of IA visits
comparison at one factory and one warehouse in IA should review its programme of visits to -Review IA programme to assess whether
the year to 30 September 20X5 assess if additional resources could be visits are in line with new policy.
Daley Co has ten factories, ten warehouses and devoted to ensure that all 21 sites are visited
a head office in a shorter period
-Therefore, on this basis, it will take over ten -This would ensure that physical verification of
years to physically verify all 21 sites. all assets could be completed more regularly.
Currently the website is not integratedinto the -The website should be updated toinclude an -Test data could be used to attempt
inventory system. interface into the inventorysystem; toprocess orders via the website foritems
Accepting customer orders when they do -This should check inventorylevels and only which are not currently held ininventory.
nothave the goods in inventory process orders ifadequate inventory is held. -The orders should be flagged as beingout of
-> This can cause them to lose sales and -If inventory is out of stock, this shouldappear stock and indicate anapproximate waiting
customer goodwill on the website with anapproximate waiting time.
time.
Cash -Cash received from customers is taken to the -During the store visits, enquire of staff how
bank daily via collection by a security the cash is transferred to the bank
company. -A sample of invoices from the collection
-This ensures that cash is safeguarded and company should be reviewed and confirmed
that the risk of theft when transferring to the that they are charging Centipede Co on a
bank is minimised. daily basis.In addition during these visits
observe the cash collection process carried
out by the security company.
The finance director authorises the bank transfer -The finance director should review the whole -Review the payments list for evidence of
payment list for suppliers; however, she only payments list prior to authorising review by the finance director
views the total amount of payments to be made -As part of this, she should agree the amounts -Enquire of accounts staff what supporting
-Without looking at the detail of the payments to be paid to supporting documentation, as documentation the finance director requests
list, as well as supporting documentation, there well as reviewing the supplier names to when undertaking this review
is a risk that suppliers could be being paid an identify any duplicates or any unfamiliar
incorrect amount, or that sums are being paid to names
fictitious suppliers -She should evidence her review by signing
the bank transfer list.
-The bank reconciliations are only reviewed by The bank reconciliations should be reviewed
the financial controller if the sum of reconciling by the financial controller on a monthly basis,
items is significant; therefore some even if the reconciling items are not significant,
reconciliations are not being reviewed and he should evidence his review by way of
-The financial controller relies solely on the signature on the bank reconciliation.
accounts clerk's notification that the bank
reconciliations require review
-The bank reconciliations could contain
significant errors, but a low overall amount of
reconciling items, as there could be
compensating errors which cancel each other
out
-Bank reconciliations are a key control which
reduces the risk of fraud
-If they are not reviewed, then this reduces its
effectiveness and also results in a lack of
assurance that bank reconciliations are being
carried out at all or on a timely basis.
-The finance director authorises the bank -Review the payments list for evidence of
transfer payment list for suppliers after review by the finance director.
agreeing the amounts to be paid to supporting -Enquire of accounts staff what supporting
documentation and reviewing for any duplicate documentation the finance director requests
payments. when undertaking this review.
-This reduces the risk that suppliers could be
being paid an incorrect amount, or that sums
are being paid to fictitious suppliers
-Supplier statement reconciliations are -Review the file of reconciliations to ensure
undertaken on a monthly basis and these are that they are being performed on a regular
reviewed by the financial controller. basis and that they have been reviewed by a
-This ensures that any errors in the recording responsible official.
of purchases and payables are identified and -Re-perform a sample of the reconciliations
corrected in a timely manner and therefore to ensure that they have been carried out
that payables are complete and accurate appropriately and discrepancies investigated.
-On a daily basis the clerk agrees that the -Discuss with the clerk responsible for
cash banked and the credit card receipts from reconciling the cash and credit card receipts,
the credit card company have been credited to the process he undertakes
the bank statements in full. -Review the daily reconciliations he has
-This should ensure the completeness of cash completed to confirm the process has been
receipts, as they are transferred in from two undertaken as described.
sources, being the security company and the
credit card operator
-The daily reading of sales and reconciliations to The reconciliations should be undertaken on
the tills is performed in aggregate rather than for an individual till by till basis rather than in
each till aggregate.
-This means if exceptions arise, it will be difficult
to identify which till caused the difference and
therefore which employees may require further
till training or have undertaken fraudulent
transactions.
-If a store needs change, a junior sales clerk is -Caterpillar Co's head office should stipulate a
sent to the bank by a till operator to change it float amount per till and how the note
into smaller denominations denominations should be comprised
-There is a risk of the cash being misplaced or -When assigning the cash float in the morning,
stolen on the way to the bank, or collusion the store manager should ensure that this
between the junior clerk and till operator as no policy is adhered to.If during the day, further
record appears to be kept of the money removed smaller denomination notes are required, the
from the till in these instances and no store manager should authorise a member of
confirmation of how much cash is returned is staff to obtain cash from the bank and should
carried out. fully record movements in and out of the till.
-One clerk is responsible for several elements of -These key roles should be split between a
the cash receipts system few individuals, with ideally the bank
-He oversees the daily interface from stores, reconciliations being undertaken by another
agrees that cash has cleared into the bank member of the finance team.
statements and undertakes the bank
reconciliations.
-There is a lack of segregation of duties and
errors will not be identified on a timely basis.
-The bank reconciliations are only reviewed by -The bank reconciliations should be reviewed
the financial controller if there are any by the financial controller on a monthly basis,
unreconciled amounts even if there are no exceptions, and he should
-The bank reconciliation could reconcile but still evidence his review by way of signature on the
contain significant errors as there could be bank reconciliation.
out
-In addition, for a cash- based business, the
bank reconciliation is a key control which
reduces the risk of fraud
-If it is not reviewed, then this reduces its
effectiveness.
-The cash is kept at the store overnight in a The cash should continue to be collected daily
small safe by the security company, but rather than in the
-Although in a safe, this is not secure as it is morning it should be collected as the store
likely that the cash sales for one day would be a closes in the evening so that cash does not
significant sum have to be stored overnight.
-This cash is at risk of being stolen overnight.
-The cashing up of tills along with the recording -The cashing up process should be
of any cash discrepancies is undertaken by just undertaken by two individuals together, ideally
one individual, the assistant store manager the assistant and the store manager
-There is a fraud risk as the store manager could -One should count the cash and the other
remove some of the cash and then simply record record it
that there was an exception on this till. -Any exceptions to the till reading should be
double checked to confirm that they are not
simply addition errors.
-All store employees are able to use each till -Only employees for whom criminal
and none have an individual log on code when record/credit checks have been undertaken
using the tills should be able to use the tills to take
-Allowing all employees access to the till customer payments.
points increases the risk of fraud and error -Each employee should have a designated till
arising and a log on code, which is required for each
-Also in the event of cash discrepancies payment transaction.
arising in the tills, it would be difficult to
ascertain which employees may be
responsible as there is no way of tracking who
used which till.
-Bank reconciliations are undertaken on a -Review the file of bank reconciliations to
monthly basis.This should ensure that any ascertain if there is one for each month and
discrepancies between the cash book and the that they are either fully reconciled, or the
bank statements are identified promptly. financial controller has evidenced their review
of any unreconciled amounts.
-The daily sales readings from the tills along -During the interim audit at head office,
with the cash and credit card data are compare the daily sales readings from
transferred to head office through a daily individual stores, including some visited by
interface into the sales and cash receipts the audit team, to the sales and cash receipt
records. records within the general ledger
-This should ensure that sales and cash -Review the date on which the sales and
records are updated on a prompt basis and cash receipt records were updated to ensure
are complete and accurate. this occurred promptly
-Any discrepancies should be discussed with
the clerk responsible for overseeing this
process.
-The company maintains four bank accounts but -All bank accounts should be reconciled each Review a sample of bank reconciliation
only the main current account is reconciled on a month and any reconciling items on the bank statements for all bank accounts to ensure
monthly basis, with the other three bank reconciliation statements should be they are being completed and reviewed on
accounts being reconciled quarterly. investigated and corrected, where necessary monthly basis
-If all bank accounts are not reconciled on a -The reconciliations should be reviewed by a
monthly basis, errors or fraud may not be responsible official who should evidence their
spotted on a timely basis. review.
-The reconciling items on the bank reconciliation The reconciling items should be reviewed by
are only investigated by the financial controller if the financial controller on a weekly basis, even
the sum of reconciling items is significant. if they are not significant, and they should
-The bank reconciliations could contain evidence their review by way of signature on
significant errors, but a low overall amount of the bank reconciliation
reconciling items, as there could be
out
-If reconciling items are not reviewed, then this
reduces theeffectiveness of the bank
reconciliations and also results in a lack of
assurance that bank reconciliations are being
carried out properly
-At the end of each day, the tills are closed -For a sample of stores visited, the auditor
down with daily readings of sales taken, these should review the file of daily reconciliations
are reconciled to the total of the cash in the to ascertain if end of day till reconciliations
tills and the credit card payment slips and any have taken place on a daily basis.
discrepancies are noted. -For reconciliations with discrepancies,
-Daily cashing up procedures should ensure discuss with the store manager what actions
that the cash is controlled and reduces the risk were taken and how these differences were
of fraud as employees are aware that the resolved.
assistant manager will be looking for cash
discrepancies.
-Goods dispatched notes (GDNs) are sent to the -The copies of the GDNs should be sent to the
finance department on a weekly basis.If the finance department on a more frequent basis,
finance department does not promptly receive such as daily.
GDNs, this could result in goods being -The finance department should undertake a
dispatched but being invoiced late sequence check of the GDNs to ensure none
-This could result in revenue cut-off issues and are missing for processing.
understated receivables.
-The company's credit controller is currently on During the period of the maternity leave an
maternity leave for six months and no one has alternative member of the finance department
taken over her duties. should be trained in the credit control role (or a
-Therefore, during this period no one has been temporary credit controller recruited) and
responsible for monitoring and chasing ageing assigned responsibility for reviewing the aged
receivables receivables listing and following up on any
-This could result in an increased risk of overdue customers
Receivable
irrecoverable receivables and lead to customers
not paying their outstanding balances on time, or
at all, leading to reduced cash flows.
-The monthly receivables ledger control account The RLCA reconciliations should be reviewed
(RLCA) reconciliation is only reviewed by the by the financial controller on a monthly basis,
financial controller if there are any unreconciled even if there are no exceptions, and the review
differences. should be evidenced by way of signature on
-The RLCA reconciliation could reconcile but still the reconciliation.
contain significant errors as there could be
out or it may have been incorrectly prepared or
manipulated and this would not be identified.
-If the reconciliation is not reviewed, then this
significantly reduces its effectiveness.
All for -The sales person is given responsibility to A credit controller should be appointed and it
doubtful chase customersdirectly for payment once an should be theirrole, rather than the
account invoice is outstanding for90 days salesperson, to chase any outstandingsales
-This is considerably in excess of the invoices which are more than 30 days old
company’scredit terms of 30 days which will lead
to poor cash flow.
-Further, as the sales people have sales targets,
they are morelikely to focus on generating sales
orders rather than chasingpayments
-This could result in an increase in bad debts
andreduced profit and cash flows.
Wage -During the year, the human resources (HR) -The HR director should as a matter of
department has been busy; therefore the payroll urgency review the workloads of the
department has set up new joiners to the department to assess whether other tasks can
company be reprioritised as payroll should cease to set
-This is a lack of segregation of duties, as up new joiners
employees are able to set up new joiners in the -This role must immediately revert back to HR
payroll system and process their pay, this leads to undertake.
to an increased risk of fictitious/duplicate -Additionally, a review should be undertaken of
employees being set up all new joiners set up by payroll with
agreement to employee files to confirm that all
new employees are bona fide
-The wage rate has been increased by the HR -All increases of pay should be proposed by
director and notified to the payroll supervisor by the HR department and then formally agreed
email by the board of directors
-As payroll can be a significant expense for a -Upon agreement of the pay rise, a written
business, any decision to increase this should notification of the board decision should be
be made by the board as a whole and not just by sent to the payroll supervisor who enters the
the HR director revised pay rate into the system
-In addition, the notification of the payroll -This change should trigger an exception
increase was via email and the payroll report for the payroll director, and the new rate
supervisor was able to make changes to the should not go live until the director has signed
payroll standing data without further off the changes.
authorisation
-This increases the risk of fraud or errors arising
within payroll
-No control exists to ensure that all (and only) -Mrs McCawshould agree the Clock cards -Review personnel records to identify
valid clock cards are processed in the correct received from Mr Wilkinsonto an employee list, employee holidays and other days of
period record the total number to be processed, and absence
-If a clock called is lost: obtain explanations for any irregularities (e.g -For a sample of such employees, review Mrs
•it may not be possible to verify the hours missing card due to an employee on holiday). McCaw's employee list to identify if they have
worked; -Miss Jonesshould agree/reconcile this to a been recorded as absent and a reasonable
•employee goodwill may be lost; computer-generated total at the end of the explanation provided
•it will be administratively time consuming to payrollrun. -Select a sample of employee lists and agree
make individual payments. -Both employees should sign the documents totals to the payroll and evidence of the
to confirm that the reviews have taken place reconciliation having taken place
-There is no check that the data from the hours -An appropriate official should reconcile the -Inspect and agree that the reconciliations
worked print out produced by Mrs McCawis control totals from the hours worked print out have taken place every week
completely and accurately entered into the to the payroll -Review each payroll for evidence (e.g
payroll system by Miss Jones(the payroll clerk). -In addition, random net pay calculations signature) of the review.
-Employees may be paid for hours not worked or should be re performed together with
at the wrong hourly rate analytical review to identify any potential errors
-Where this consistently results in an -The payroll should also be reviewed (for
underpayment, employee goodwill may be lost reasonableness of amounts) and signed by
one of the cheque signatures (Mr Daggor Mr
Lomu)
-Overtime hours worked or not authorised -An appropriate official (e.g -All payrolls should be reviewed to identify
-Therefore, employees may claim and be paid Mr Wilkinson) should authorise, in writing, employees who were paid overtime (CAATs
for overtime hours thatare not budgeted or do overtime before it is worked may be used)
not result in productive output. -The official should also review the -Professional judgement should then be used
reasonableness and authorised a summary of to select a sample for tracing to official
hours producedby Mrs McCaw. approval
-Summaries of hours worked should be
reviewed to ensure that they have been
authorised and appear to be reasonable
-No controls exist to obtain the necessary -Standard checklists of documents required -Obtain and review the checklist for
documentation from starters and to prepare from starters and for levers should be used. reasonableness and completeness
documentation for leavers -For a sample of starters/leavers, review the
-If the correct tax forms are not obtained, in completed document checklists and agree to
correct deductions may be made from the the relevant documents to ensure the correct
starter’s wages procedures are being applied
-The company would be liable for any
underpayment of tax
-No independent personnel records are kept -Personnel records and notifications and -Agree/Enquirethat personnel records are
outside the payroll function changes should initially be kept by Mr Dagg held by Mr Wilkinson(and no longer Miss
-Payroll errors may go undetected if personnel -He should periodically check the computer Jones)
records are not kept up to date and checked (e.g standing data against these records Inspect records and where they are held to
if a leaver is not removed from the payroll). Ideally, the company should consider ensure they are held outside of the payroll
employing a human resources manager department
-This would introduce an additional layer of -Proof of identity checks should be undertaken
segregation ofduties, which would reduce the by the HumanResources (HR) department and
risk of fraud occurring recorded on individuals’personnel files for all
-Inaddition, the spot checks to employee new employees set up on the payrollsystem.
identificationcards/records would confirm the
validity of payments.
-This should reduce the risk of fictitious -A count should be undertaken of the number
employees being setup, as in order to be set up of employeesin each department of Heraklion
on the system a fictitious set ofidentification Co; this should bereconciled to the number of
would be required which would be an employees on the payroll system.
onerousprocess -The HR department should initiate the
-This would identify if there are extra employees process for setting upnew joiners by asking
on the payrollsystem, which could then be new employees to complete a joiner’sform
investigated further. which will be approved by the relevant
manager andHR
-This control introduces segregation of duties as -This request should then be forwarded to the
in order to setup employees both the HR and payrolldepartment, who should set up the
payroll departments areinvolved employee.
-Without collusion with an HR employee, the -All new joiners should be only be set up by
payroll supervisor would be unable to set up payroll on receiptof a joiner’s form and any
fictitious employees. additions to the system should beauthorised
-As all new joiners would be authorised by the by the payroll director
payroll director,it is unlikely that payroll -An edit report should begenerated and
employees would risk establishingfictitious reviewed by HR.Where possible, employees
joiners who are related should not beallowed to
-A further review by the HR departmentwould undertake processes which are interrelated
also detect any employees without an whereby they can breach segregation of duty
authorisedjoiner form. controls for keytransaction cycles
-This should reduce the risk of related staff -A regular review of job descriptions ofrelated
colluding andbeing able to commit a fraud. employees should be carried out by HR.
-The payroll system should be amended to run
an exceptionreport which identifies any
employees with the same bankaccount name
or number and this should be reviewed by HR.
-Identifying the same bank account name or
number willprevent multiple fraudulent
payments being made to thesame employees.
-All bank transfer requests should be
authorised by a seniorresponsible official, who
is independent of the processing ofpayments;
they should undertake spot checks of
payments tosupporting documentation,
including employee identificationcards/records
-This ensures that payroll records are complete, -All staff members are issued with a -For a sample of key cards and data
that employees are paid for hours worked and sequentially numbered key card recorded in the clocking-in system, carry out
that all hours are recorded. Sequence checks and checks on the data a sequence check to identify if there are any
recorded are carried out by the human gaps in the sequence.
resources (HR) supervisor. -Review details of checks carried out by the
-The clocking-in process is monitored by a HR supervisor to identify any gaps in the
-This will prevent staff members fraudulently camera on entry to the distribution centre and sequence and check they have evidenced
clocking-in for other employees and hence video footage is reviewed by HR every week. their review by way of signature.
employees will only be paid for actual hours -For a sample of weeks, review the log of the
worked recordings to identify who reviewed that
week's footage to ensure it has been
reviewed by a member of the HR
department.
-Review the fog for any gaps in the review
process and discuss these findings with HR
-This check is also reviewed by the payroll -The payroll clerk confirms the transfer of -For a sample of months, review the
supervisor who evidences their review.This hours and calculations has been done calculations of gross to net pay for evidence
reduces the risk that errors occur in the accurately by recalculating, for a sample of that the calculations have been performed
automated transfer and calculations during the employees, their gross to net pay -Confirm the signature of the payroll
payroll processing -Any errors would be identified on a timely supervisor as evidence that they have
basis to prevent salaries being over or under reviewed the report
paid. -For anyanomalies, enquire of the reasons
and what action was taken to resolve the
issue.
- This reduces the risk of fraud by preventing -The payroll system is password-protected and -For a sample of months, reperforrn the gross
unauthorised changes being made to the the payroll manager changes the password on to net pay calculations and compare to the
standing data and unauthorised access to a monthly basis using a random password payroll system and the calculations prepared
sensitive payroll information. generator by the payroll clerk
-Discuss any discrepancies with the payroll
supervisor.
-Attempt to login to the payroll system using
a password which should be out of date
-Confirm that the system has rejected
access.
-This will ensure the payroll expense and -Each month, the finance director carries out a -For a sample of months, review the control
employment taxliability is accurate and is not payroll controlaccount reconciliation and account reconciliations and make enquiries
misstated in the year-end financial statements. investigates any differences. of the finance director of any errors on the
control account, how they arose and what
action was taken to ensure they do not arise
in the future.
-Reperform a sample of control account
reconciliations and compare results with
those prepared by the finance director
-Discuss any discrepancies with the finance
director.
-The amount due to the tax authority is -Review a sample of calculations of the
calculated by the payroll supervisor who then monthly employment tax liability for evidence
passes it to the financial controller for review. of review by the financial controller
-This ensures that the amount paid to the tax confirming the calculation is correct and that
authority is correct payment can be made.
-It also creates segregation of duties between
the payroll supervisor calculating the liability
and the financial controller reviewing the
calculation which reduces the risk of error.
-Department managers are required to approve -Employees should receive written
all employees' holiday forms, however, this does confirmation when their holiday has been
not always occur. approved and should be informed that they will
-This could result in employees taking not be able to take holiday without this
unauthorised leavewhich could lead to notification.
operational difficulties if there are shortages of -Any payments for unused holiday should be
staff at critical periods authorised by department managers prior to
-In addition, payments for untaken holiday may payment.
be made in error as holiday records may be
incorrect.
financial controller prepares the bank transfers -Once the bank transfer has been prepared by
for the payroll and also authorises these to be the financial controller, it should be passed to
paid. the finance director tobe reviewed and
-This lack of segregation of duties increases the authorised for payment
risk of fraud/error as the financial controller could -The review and authorisation should be
pay themselves or certain employees more than evidenced by the finance director
they are due without this being detected.
-payroll clerk amends the payroll and an edit -The payroll supervisor or a member of the
report of changes is produced but this report is finance team should review all edit reports and
not reviewed. agree changes made to the details on the
-As the edit report is not checked, errors made joiner/leavers forms
by the payroll clerk when updating the system -Any discrepancies should be investigated
will not be identified promptly promptly and the payroll system updated for
-This may result in new employees not being any errors or omissions.
paid at all, errors being made in payments to -The payroll supervisor should evidence their
new employeesor leavers being paid after they review on the edit report with their signature
have left the company
-This would lead to loss of employee goodwill
and errors in accounting records for wages and
salaries.
-It could also result in an increased risk of fraud
as fictitious employees could be added by the
payroll clerk.
-Delivery drivers must take breaks throughout -The company should monitor the activity of
the day which are not monitored. the delivery drivers through electronic means,
-Drivers could take longer breaks than those for example, by using tracking devices
authorised resulting in payments being made to attached to their vehicles to ensure that the
employees for time not worked prescribed breaks are taken by the
-Conversely, if drivers do not take the required employees.
breaks, they may be in breach of law and -Data should be downloaded and reviewed by
regulations which require drivers to take regular a responsible official on a regular basis
breaks, hence the company is at risk of fines.
-The operations manager decides on the bonus -Approved bonus parameters should be
to be paid to delivery drivers each quarter and established by the board
there are no approved parameters for the bonus -All bonuses should be determined by a senior
levels. official, such as the sales director, in line with
-Without approved parameters, the operations these parameters, who should communicate
manager may award excessive bonuses or pay the bonus in writing to the payroll department
additional sums to friends and family members
resulting in additional payroll costs
-Where cash wages are paid, the driver is only -All drivers collecting cash pay packets should
required to provide their name to collect their provide a form of identification to the finance
pay packet. staff member before the pay packet is handed
-Payment of wages without proof of identity or to them
signature increases the risk that wages could be -The driver should also be required to sign for
paid to incorrect employees either in error or due their pay packet.
to fraud resulting in a loss of cash.
-Only overtime in excess of five hours per week -All overtime, including that below five hours,
needs authorisation by the operations manager. should be authorised by a responsible official
-This means that employees could claim to have before being processed in the payroll
worked up to five hours overtime without -This authorisation should be evidenced by
authorisation resulting in payments being made way of signature.
to employees for hours not worked and
additional payroll costs.
-HR department is responsible for processing -All staff appointments, including temporary
joiners and leavers, but due to staff illness, the staff, should only be processed by the HR
operations manager has processed temporary department to ensure that correct procedures
new drivers and notified payroll. are followed.
-The operations manager may not carry out all -If it is not possible for the HR department to
the requiredprocedures for processing carry out all of the detailed processing due to
temporary new drivers as the manager may not staff shortages, a member of the HR team
be using appropriate documentation. should review the leaver/joiner form and
-This could result in temporary employees not authorise it before it is sent to the payroll
being set up in the payroll records correctly, department.
resulting in the late payment of wages, incorrect -The payroll department should be notified not
statutory deductions being calculated and to accept any new joiner information unless
incomplete payroll records. approved by a member of HR
-The payroll clerk reperforrns payroll calculations -The edit report should be reviewed on a -For a sample of weekly edit reports, confirm
and amends the payroll data if there are any weekly basis by a senior officialfrom the that these have been signed as reviewed by
errors payroll department before the payroll is a senior official from the payroll department
-Tile edit report of the amendments is not finalised and any payments made -For a sample of amendments, agree to
reviewed.The payroll clerk could make errors -Any unusual amendments should be record of investigation and confirm
when making the amendments or could investigated appropriate action taken.
fraudulently revise payroll data to inflate the pay -This review should be evidenced (likely by
of friends or family wayof signature) and the results of any
-This could result in incorrect paymentsbeing investigations should be recorded.
made to employees and incorrect deductions
being made resulting in loss of employee
goodwill and misstated payroll expenses.The
payroll clerk reperforrns payroll calculations and
amends the payroll data if there are any errors
-Tile edit report of the amendments is not
reviewed.The payroll clerk could make errors
when making the amendments or could
fraudulently revise payroll data to inflate the pay
of friends or family
-This could result in incorrect paymentsbeing
made to employees and incorrect deductions
being made resulting in loss of employee
goodwill and misstated payroll expenses.
-At the end of each week, the key card system -The transfer of hours worked from the key Review a sample of weeks transferred from
transfers the hours worked to the payroll system card system to the payroll should be checked the key card system to the payroll system for
-As the system is automated, no checks are by a senior official in the payroll department evidence that they have been checked by a
performed. and this check should be evidenced by way of senior official prior to the payroll being
-As there are no checks performed on the signature. finalised.
transfer of hours worked from the key card
system to the payroll system, errors and
overpayments could bemade resulting in a loss
of employee goodwill.
-At the end of each week, the key card system
transfers the hours worked to the payroll system
-As the system is automated, no checks are
performed.
-As there are no checks performed on the
of employee goodwill.At the end of each week,
the key card system transfers the hours worked
to the payroll system
-As the system is automated, no checks are
performed.
-As there are no checks performed on the
of employee goodwill.
-The Internet banking log in details are saved in -The Internet banking log in details should not
a central location which is accessible to all be documented and should be known to only
payables ledger staff. select staff with appropriate authority
-There is a risk that staff are fraudulently setting
-Any changes to payees should be
up payees or making withdrawals from the bank, documented on a change report which is
resulting in an increased risk of loss due to extracted from the Internet banking system
misappropriation of funds and reviewed by the finance director on a
regular basis to confirm changes are
expected.
-The HR manager decides on bonuses based on -The bonus payments should be determined in
employee performance and has confirmed the line with specified and documented criteria
bonuses to the payroll department. and approved by the board
-There are no approved parameters for the -The HR director or other responsible official
bonus level so it is purely based on the should provide payroll with a list detailing
discretion of one individual who could pay approved bonuses per employee
bonuses inappropriately, leading to extra costs -Payroll should be informed only to action
or loss of employee goodwill. payment of abonus or any other change on
-The bonuses were input into the system and a receipt of written authorisation approved by
number of employees subsequently notified the the board.
payroll department of errors in their pay. -The bonuses should be reviewed to agree
-It appears that bonuses were input without any they are in line with documentation provided
additional review by HR
-This increases the risk of errors arising within -The bonuses should be input by one clerk
payroll.In addition, it appears that the bonus and checked by a second payroll clerk for any
issues have only been investigated for the errors.
employees who have complained that their -Any changes to the payroll should trigger an
bonus is inaccurate exception report which a senior member of the
-It is more likely that complaints will arise from payroll department should authorise,
an employee who is underpaid and therefore
there is a risk that other employees have been
overpaid which increases the payroll cost
-The wages and deductions calculations are -For a sample of employees, a senior member
automatically performed by the payroll system of the payroll team should recalculate the
but no checks are carried out to confirm the gross to net pay workings and compare their
calculations are accurate. results to the output from the payroll system
-There is a risk that any system errors which -Any discrepancies should be investigated.
occur during the payroll processing would not be -These calculations should be signed as
identified approved before payments are made.
-This could result in wages being over or under
calculated, leading to an additional payroll cost
or loss of employee goodwill
-In addition, statutory deductions may be over-
or underpaid, giving rise to compliance issues.
-Staff are paid overtime on a monthly basis but -The production supervisor should review and
the overtime worked reports are only reviewed authorise overtime worked reports before they
every quarter after the overtime has been paid. are passed to the payroll department for
-Reviewing overtime worked reports quarterly processing
after employees have been paid is too infrequent -This will ensure the correct levels of overtime
-This could result in employees being paid for are paid to the correct employees.
hours not worked, hence increasing costs or not -The payroll department should be instructed
being paid enough overtime which could result in not to process any overtime worked reports
loss of employee goodwill. which have not been reviewed and authorised.
-When additional staff are required at short -A joiner form should be completed for all new
notice, joiners forms are not completed employees, whether temporary or permanent
Instead, they are added to payroll following The authorised joiner form should then be sent
email notification from the production supervisor. to payroll on the day the employee
-The production supervisor may not include all commences employment
the relevant details on the email to payroll -Payroll should then sign the form as being
-This could result in the temporary employees actioned.
not receiving the correct pay ornot being paid on -Payroll should not set up new employees
time, resulting in a loss of employee goodwill without an authorised joiner form
-The addition of employees to the payroll without
authorisation from HR also increases the risk of
fictitious individuals being added.
-The payroll supervisor selects a sample of Review the monthly payslips sampled by the
payslips and recalculates the gross to net pay payroll supervisor for their signature for
calculations, compares the results to the evidence the review of calculations has been
output from the payroll system and undertaken.For a sample of monthly payrolls
investigates any discrepancies. reperform the gross to net pay calculation
-This reduces the risk that theautomated and compare to the payroll system, discuss
system generates errors during the payroll any discrepancies with the payroll supervisor.
processing
-Any errors would be identified on a timely
basis to prevent wages being over or under
paid.
-On a monthly basis an exception report of Select a sample of monthly exception reports
changes to payroll standing data is produced and review for evidence of review and follow
and reviewed by the payroll manager. up of any unexpected changes by the payroll
-This ensures that any unauthorised manager.
amendments to standing data are identified
and investigated on a timely basis so that the
data used when the payroll is run is valid and
accurate.
-All new employees are assigned a unique Attempt to add a new joiner to the payroll
employee number by HR system without a unique employee number,
-The payroll system is unable to process new the system should reject this addition.
joiners without the inclusion of the unique
employee number.
-As payroll staff are unable to set up new
joiners without the employee number from the
joiner form it reduces the risk of fictitious
employees being set up by payroll.
-Swift Co has a separate human resources -Review the job descriptions of payroll and
(HR) department, which is responsible for HR to confirm the split of responsibilities with
setting up all new employees. regards to setting up new joiners.
-Having a segregation of roles between HR -Discuss with members of the payroll
and payroll departments reduces the risk of department the process for setting up new
fictitious employees being set up and also joiners and agree new joiners to
being paid. documentation initiated by HR
-The Clocking in/out process is not observed -An appropriate official should observe the -The log should be reviewed to see that
-This could result in paying employees for work clocking in/out procedure regularly to ensure it reasonable observation is carried out each
not done (e,g, absent employees may be is not being misused (i.e one employee using week and action has been taken on any
cloaked in/out by a fellow employee). more than one card) issues noted
-If a security camera is installed to record the -Observation of the process should also be
procedure, the recordings should be reviewed made during the course of the audit.
on a regular basis
-In either case, asecurity log should be
maintained to record who has reviewed the
process, date, time, any issues, and actions
taken.
Purchase -Purchase requisitions are authorised -Capital expenditure authorisation levelsto be Review a sample of authorised
byproduction supervisors. established capitalexpenditure forms and identify if
-Production supervisors are notsufficiently -Production supervisors should only be able thecorrect signatory has authorised them.
independent or senior toauthorise capital toauthorise low value items, any highvalue
expenditure. items should be authorised bythe board.
-Changes to supplier details in thepurchase -Only purchase ledger supervisorsshould have -Request a purchase ledger clerk toattempt
ledger master file can beundertaken by the authority to makechanges to master file to access the master file andto make an
purchase ledger clerks. data amendment; the systemshould not allow this.
-This could lead to key supplier databeing -This should be controlled via passwords. -Review a report of master datachanges and
accidently amended or fictitioussuppliers being -Regular review of any changes tomaster file review the authority ofthose making
set up, which canincrease the risk of fraud. data by a responsible official and this review amendments.
should beevidenced.
-Supplier statement reconciliations are no longer Supplier statement reconciliations should be -Review the file of reconciliations to ensure
performed performed on a monthly basis for all suppliers that they are being performed on a regular
-This may result in errors in the recording of and these should be reviewed by a basis and that they have been reviewed by a
purchases and payables not being identified in a responsible official responsible official
timely manner -Re-perform a sample of the reconciliations
to ensure that they have been carried out
appropriately
-The finance director authorises the monthly -The finance director should review the whole -A sample of payment listings should be
supplier payments listing, but only views the total payments list prior to authorising. reviewed to verify that the finance director
amount of payments to be made. -As part of this, the finance director should has agreed the amounts payable to
-Without looking at the detail of the payments agree the amounts to be paid to supporting supporting documentation prior to the bank
list, as well as supporting documentation, there documentation, as well as reviewing the transfer being made.
is a risk that suppliers could be being paid an supplier names to identify any duplicates or -A sample of petty cash transactions from the
incorrect amount, or that sums are being paid to any unfamiliar names record book should be reviewed to ensure all
fictitious suppliers -This should be evidenced by signing the cash issued has been accounted for and
-There is no requirement for receipts for sundry supplier payments listing receipts provided for expenses.
purchases paid for out of petty cash to be -A petty cash book should be maintained so -A sample of reconciliations should also be
returned to the finance department. that the amount borrowed, date and employee reviewed to ensure these are approved.
-This could result in sundry purchases being name is recorded together with details of the
made which are for non-business related items sundry purchase made.
or the cash could be being misappropriated. -In addition to returning excess cash back to
the finance department, employees should
also be required to promptly return a receipt
for sundry purchases
-The petty cash book should then be updated
to record the excess cash and the receipt.
-A member of the finance department should
reconcile the petty cash on a weekly basis and
if any receipts are missing, they should be
investigated further with the employees who
made the petty cash purchases during that
week
-The reconciliations should be reviewed by a
responsible official who should evidence their
review.
-warehouse department agrees the receipt of -During the interim audit observe the
goods from suppliers to a copy of the warehouse department when receiving goods
purchase order and confirms the quantity and to understand the level of checks being
quality of the goods received and signs the undertaken.
goods received notes (GRNs) to evidence the -Review a sample of GRNs held in the
checks. warehouse department for signature, as
-This ensures that Swift Co is not recording evidence of checks being undertaken on
liabilities and subsequently paying for the receipt of goods
receipt of inferior quality goods or for goods it
did not order.
-Purchase orders below $1,000 are not -All purchase orders should be authorised by a -Select a sample of purchase orders and
authorised and are processed solely by the responsible official review for evidence of authorisation, agree
purchase order clerk who is also responsible for -Authorised signatories should be established this to the appropriate signature on the
processing invoices with varying levels of purchase order approved signatories list
-This could result in nonbusiness related authorisation
purchases and there is an increased fraud risk
as the clerk could place orders for personal
goods up to the value of $1,000, which is
significant
-Goods received notes (GRNs) are sent to the -Goods received notes (GRNs) are sent to the -Enquire of the accounts clerk as to the
accounts department every two weeks accounts department every two weeks frequency of when GRNs are received to
-This could result in delays in suppliers being -This could result in delays in suppliers being assess if they are being sent promptly
paid as the purchase invoices could not be paid as the purchase invoices could not be -Undertake a sequence check of GRNs held
agreed to a GRN and also recorded liabilities agreed to a GRN and also recorded liabilities by the accounts department, discuss any
being understated being understated missing items with the accounts clerk
-Additionally, any prompt payment discounts -Additionally, any prompt payment discounts
offered by suppliers may be missed due to offered by suppliers may be missed due to
delayed payments delayed payments
-The purchase ordering clerk, Oliver Dancer, has -The roles of purchase ordering and -Observe which member of staff undertakes
responsibility for ordering goods below $1,000 processing of the related supplier invoices the processing of purchase invoices and
and for processing all purchase invoices for should be allocated to separate members of confirm this is not the purchase ordering
payment staff. clerk, Oliver Dancer
-There is a lack of segregation of duties and this -Inspect a copy of the company's
increases the risk of fraud and nonbusiness organisation chart to identify if these tasks
related purchases being made have now been allocated to different roles.
GRNs are only sent to the accounts department -The GRN should be created in three parts -Review the file of copy GRNs held by the
-Failing to send a copy to the ordering and a copy of the GRN should be sent to the purchase ordering clerk, Oliver Dancer, and
department could result in a significant level of purchase order clerk, Oliver Dancer, who review for evidence that these are matched
unfulfilled orders leading to a loss of sales and should agree this to the order and change the to orders and flagged as complete
stock-outs order status to complete -Review the file of unfulfilled purchase orders
-On a regular basis he should then review for for any overdue items and discuss their
all unfulfilled orders and chase these with the status with Oliver Dancer.
relevant supplier
-Purchase invoices are logged into the Select a sample of control total sheets and
purchase day book in batches, utilising control review for evidence of control totals being
totals. utilised and the clerk's signature
-Utilising control totals ensures both
completeness and accuracy over the input of
purchase invoices
-If the invoices are not all input completely and
accurately payables may be misstated.
-Purchase invoices are not agreed to the -All purchase invoices should be matched to
relevant goods received notes (GRNs) prior to both the purchase order and the related GRN
authorisation and input. -The details should be agreed prior to the
-This could result in invoices being paid for invoice being authorised and logged in the
goods which were not received, resulting in payables ledger
increased costs.
-Invoices are authorised by the finance director, -The policy of making payment after 75 days
but payment is only made 75 days after receipt should be reviewed
of the invoice -Consideration should be given to earlier
-There is the risk that Equestrian Co is missing payment if the settlement discounts are
out on early settlement discounts sufficient
-Also, failing to pay in accordance with the -If not, invoices should be paid in accordance
supplier's payment terms can lead to a loss of with the supplier's payment terms
supplier goodwill as well as the risk that
suppliers may refuse to supply goods to the
company
-Purchase orders up to $5,000 are authorised -Select a sample of purchase orders and
by the purchasing manager above S5 000 by review for evidence ofauthorisation in
the purchasing director. accordance with authorization limits
-This ensures that goods are only purchased -Agree this to the appropriate signature on
which are required by Swift Co and relate to the approved signatories list.
genuine business expenses.
-Supplier statement reconciliations areno longer Supplier statement reconciliationsshould be Review the file of reconciliations toensure
performed.This may result in errors in performed on a monthlybasis for all suppliers that they are being performedon a regular
therecording of purchases and payablesnot and these shouldbe reviewed by a responsible basis and that they havebeen reviewed by a
being identified in a timelymanner official. responsibleofficial.
-During the year, the company's accounting -Significant changes to an accounting policy -Review board minutes for evidence that
policy was changed by the financial controller so should be discussed and approved at board changes to accounting policies have been
that items of a capital nature are only capitalised level discussed and approved.
if they exceed $20,000. -A record of any decisions should be included -Discuss with the finance director the
-While it can be normal practice for a threshold in the board minutes. capitalisation limit and for a sample of capital
to be set for capitalisation, this represents a -The capitalisation limit should be reduced to a items over $1,000, agree that they have been
significant change to an accounting policy which more appropriate limit such as $1,000 so that correctly capitalised in the statement of
does not appear to have been discussed assets and profitability are more accurately financial position.
orapproved at board level reported.Significant changes to an accounting
-This threshold is too high, as over time this will policy should be discussed and approved at
result in a significant amount of costs which board level
should be capitalised being writtenoff to the -A record of any decisions should be included
statement of profit or loss and understated in the board minutes.
property, plant and equipment. -The capitalisation limit should be reduced to a
more appropriate limit such as $1,000 so that
assets and profitability are more accurately
reported.
Capital expenditure items below $0.5m are -The authorisation level for department heads
authorised by the relevant head of department. should be significantly reduced to a more
$0.5m is a significant sum and although appropriate level, such as $25,000
department heads undertake the authorisation -Any sums in excess of this should be
process, there is still considerable scope for approved by the board
non-business use or surplus assetsbeing -If this proves too onerous, a capital
purchased leading to reduced profits and cash expenditure committee of senior employees
flow for Pomeranian Co. should be established for authorisation of
capital items
-This committee should report to the board.
Revenue Sales discounts are set by Baggio’ssales team -All members of the sales team shouldbe Discuss with members of the salesteam the
In order to boost theirsales, members of the given authority to grant salesdiscounts up to a process for setting salesdiscounts.Review
sales team mayset the discounts too high, set limit the sales discount report forevidence of
leading to aloss of revenue. -Any salesdiscounts above these limits should review by the salesdirector.
beauthorised by sales area managers orthe
sales director.
-Regular review of sales discount levelsshould
be undertaken by the salesdirector, and this
review should beevidenced.
-New customers undergo a credit check, after -Credit limits should continue to be approved
which a credit limit is proposed by the sales staff by the sales director; however, on a regular
and approved by the sales director, these credit basis the sales director should review these
limits are not reviewed after this limits based on order history and payment
-Over a period of time it may be that the record.
customers' credit limits have been set too high,
leading to irrecoverable debts, or too low,
leading to a loss of sales
-Credit limits set by the sales director are only -Credit limits should continue to be set by the
changed when a customer requests an increase. sales director, however these limits should be
-If credit limits are not reviewed regularly they reviewed and amended as appropriate on a
could be out of date, resulting in limits being too regular basis by a responsible official for
high and therefore sales being made to poor example the finance director or sales director
credit risks or, alternatively, too low and
therefore Pomeranian Co losing potential
revenue.
-New customers’ creditworthiness is assessed -New customers should complete a credit
by a salesperson who sets the credit limit, which application which should be checked through a
is authorised by the sales director. credit agency with a credit limit set
-The sales staff have sales targets, and hence -Once authorised by the sales director, the
may suggest that new customers are limit should be entered into the system by a
creditworthy simply to meet their targets credit controller.
-This could result in sales being made to poor
creditrisks
-Customer orders are recorded on a two-part -The order form should be amended to be at
pre-printed form, one copy is left with the least four-part.
customer and one with the sales person. -The third part of the order should be sent to
-The sales department of Heraklion Co does not the warehouse department and the fourth part
hold these orders centrally and hence would not sent to the finance department.
be able to monitor if orders are being fulfilled on -The copy the sales person has should be
a timely basis stored centrally in the sales department
-This could result in a loss of revenue and -Upon despatch, the goods despatch note
customer goodwill. should be matched to the order; a regular
review of unmatched orders should be
undertaken by the sales department to identify
any unfulfilled orders.
-Sequentially numbered goods despatched -Upon despatch of goods, a four-part GDN
notes (GDNs) arecompleted and filed by the should becompleted, with copies to the
warehouse department customer, warehousedepartment, sales
-If thefinance department does not receive a department to confirm despatch of goodsand a
copy of these GDNs,they will not know when to copy for the finance department
raise the related sales invoices. -Upon receipt of theGDN, once matched to the
-This could result in goods being despatched but fourth part of the sales orderform, a clerk
not beinginvoiced, leading to a loss of revenue. should raise the sales invoices in a
timelymanner, confirming all details to the
GDN and order.
-Baggio has considerable levels ofsurplus plant -Regular review of the plant andequipment on -Observe the review process by seniorfactory
and equipment the factory floor bysenior factory personnel to personnel, identifying thetreatment of any old
-Surplusunused plant is at risk of theft.In identify anyold or surplus equipment. equipment.
addition, if the surplus plant is notdisposed of, -As part of the capital expenditureprocess, -Review processed capital expenditureforms
then the company couldlose sundry income. there should be a requirementto confirm the to ascertain if the treatment ofreplaced
treatment of theequipment being replaced. equipment is as stated.
-Sales staff are able to make changes to the -Sales staff should not be able to access the
customer master data file, in order to record master data file to make amendments
discounts allowed and these changes are not -Any such amendments to master file data
reviewed. should be restricted so that only supervisors
-There is a risk that these amendments could be and abovecan make changes.
made incorrectly resulting in a loss of sales -An exception report of changes made should
revenue or overcharging of customers be generated and reviewed by a responsible
-In addition, the sales staff are not seniorenough official.
to be given access to changing master file data
as this could increase the risk of fraud
-Customer credit limits are set by salesledger -Credit limits should be set by a seniormember -For a sample of new customersaccepted in
clerks. of the sales ledger departmentand not by the year, review theauthorisation of the credit
-Sales ledger clerks are not sufficientlysenior sales ledger clerks. limit, andensure that this was performed by
and so may set limits too high,leading to -These limits should be regularlyreviewed by a aresponsible official.
irrecoverable debts, or toolow, leading to a loss responsible official. -Enquire of sales ledger clerks as towho can
of revenue set credit limits.
Sale -Where employees' friends or family members -Caterpillar Co should instigate a policy
discount purchase clothes in store, the employee is able whereby employees are unable to serve
to serve them at the till point. friends or family members at the till points
-There is a significant fraud risk as employees -They should be required to request that a
could fail to put the goods through the till, but manager or supervisor put these goods
retain the cash paid by the friend/family through the till
members -In addition, CCTV cameras could be placed in
-Additionally, they could give the goods away for the shops, near to the till points to record the
free or undercharge for goods sold, thereby daily till transactions
granting unauthorised discounts. -This would act as a deterrent to employees as
well as provide evidence in the case of
fraudulent transactions occurring.
-Also Caterpillar Co should carry out regular
inventory counts to identify if goods in the
stores are below the levels in the inventory
records, as this could identify goods being
given away for free.
-Sales staff have discretion to grant sales -All discounts to be granted to customers
discounts to customers of up to 10% should be authorised in advance by a
-This could result in a loss of revenue as they responsible official, such as the sales director
may award unrealistic discounts simply to meet -If not practical, then the supervisor of the
sales targets. sales staffshould undertake this role.
-The discounts granted by sales staff are not
being reviewed and could result in unauthorised
discounts allowed.
System -Security/confidentiality personnel records are -Personnel records should be kept by Mr -Agree that Miss Jonesis no longer
kept by the payroll clerk in a filing cabinet that Dagg, not with files in the payroll office maintaining personal records
also contains all the records -As noted above, ideally, human resources -For the sample of starters/levers, agree
-Staff looking for other records may gain manager should be employed to set up and thedetails to the records held by Mr Dagg.
unauthorised access to confidential details run the HR function
relating to other employees (e.g details of
maintenance payments
-Review/maintenance of standing data there is -The number of each category of employee -Review the budget prepared by Mr
no overall supervision of the payroll function should be budgeted by Mr Wilkinsonand Mr Wilkinsonand Mr Lomu
-Financial loss may result from: Lomu -Obtain evidence of the monthly costs being
•undetected (and therefore uncorrected) -The actual monthly costs should be reviewed compared with budget and variances
overpayments by Mr Dagg, compared with budget and followed up
•Absence of monitoring hours worked, idle time, variances followed up.
overtime, number of employees, etc.
-Collection of data Mrs McCawis not notified -A copy of the authorised list of starters and Review the authorised list of starters and
promptly of starters and leavers and may leavers should be given to Mrs McCawweekly leavers as part of the starters/leaverstest
therefore prepare inaccurate Clock cards before she prepares clock cards. above
-A new starter may work without a clock called,
making it impossible to check their hours
-A leavers clock card may be used by another
employee, causing a lever to be paid
-Review/maintenance of standing data standing -Mr Wilkinson's list of starters and leavers -Identify all starters and leavers either from
data is adjusted for starters and leavers without should be signed, as authorised, by Mr Dagg personnel records or comparison of a payroll
authorisation Mr Lomushould review all standing data at the beginning of the year with a payroll
-Financial loss could result if: amendments logged by the computer and towards the end of the year
•gnu employees are taken on while idle agree to the original authorised input -Select a sample of starters/leavers and
time/spare capacity is available documents agree details to Mr Wilkinson's list and the
•Leavers are not removed and subsequently computer log that the correct treatment has
paid. been applied
-Agree documentation has been
appropriately authorised
-Backup procedures are inadequate, as the -The removable hard drive should be stored -Review the backup procedures to ensure
removable hard drive is not kept secure and securely, in a fireproof safe, outside the that they are adequate, and that (if used) the
could be lost/damaged. account’s office removable hard drive has been stored in a
-if the data were lost/damaged, its retrieval -Ideally, backup should be made to a cloud secure location
would be costly and time consuming in the security provider -Select a sample of computer logs and
absence of the hard driv review to ensure that regular backup is made
to the cloud server (if used
-The new sales system was fully tested prior to -The audit team should review the
its implementation and the new and old procedures and documentation relating to the
systems are being run in parallel until the year testing which has been undertaken and
end with internal audit (IA) performing checks agree that the tests undertaken are
on the output and following up on any appropriate and that any errors were fully
discrepancies. investigated and resolved.
-This reduces the risk that data is lost or data -The audit team should review IA's testing
is not processed correctly if there are issues schedule to understand what checks are
associated with the operation of the new being undertaken and when they are
system expected to be complete
-This reduces the risk of processing errors and -For IA checks which have been completed,
misstatements in the accounting records. the audit team should obtain and review
documentation which details the test
performed and any follow up actions to
confirm the tests are appropriate andto
understand how errors or inconsistencies
have been communicated and resolved.
-For a new transaction being entered into the
system, the audit team should observe the
transaction being recordedin the old and new
system and agree that the information is
processed and output is generated
consistently between the two systems.
-New customers undergo a full credit check -The audit team should select a sample of
and a credit limit is set using an automated new customer accounts opened in the period
system and confirm, by reference to information on
-The credit limit is approved by the sales the system, that a credit check has been
director who evidences her review. performed.
-Requiring a credit check reduces the risk of -They should also agree there is evidence of
lost revenue and uncollectable trade approval, such as a signature or electronic
receivables as only credit worthy customers sign-off, by the sales director before the
are able to place orders. credit limit is set.
-The automated process should ensure that no -For a sample of new customers, the audit
bias is included in accepting credit worthy team should obtain a copy of the first order
customers or setting the credit limit which placed by the customer and agree that the
helps ensure the credit limit set is appropriate date of the first order was after the credit
and that receivables are recoverable. check was completed.
-The sales director review helps to ensure that
any anomalies or inconsistencies in the
automated credit limit are identified and
addressed prior to orders being placed
-The receivables ledger clerk performs a -The audit team should obtain a copy of the
monthly review of the aged receivables listing aged receivables report downloaded and
and identifies those agedmore than 30 days confirm there is evidence of review, such as
which are followed up with the relevant a signature or electronic sign-off, by the
customers by the credit control department. receivables ledger clerk.
-The regular review of the aged receivables -The audit team should enquire as to which
rising and subsequent action by credit control receivables balances are passed to credit
should ensure that debts are collected on a control and should confirm this is appropriate
timely basis which reduces the risk of based on Whittaker Co's credit controlpolicies
irrecoverable debts -The audit team should review a sample of
-It should also ensure that balances are follow-up documentation from credit control
appropriately identified as irrecoverable and to confirm action taken.
accounted for accordingly. -The audit team should review the file of
-The accounts clerk performs a monthly receivables ledger control account
receivables ledger control account reconciliations and confirm that these are
reconciliation and resolves errors on a timely being performed on a monthly basis.
basis -For a sample of reconciliations with
-The reconciliation is reviewed and approved reconciling items trace to supporting
by the financial controller. documentation to confirm that errors have
-Regular reconciliation of the receivables been corrected.
ledger and the receivables ledger control -The team should also review the
account helps to ensure that the receivables reconciliations for a signature or electronic
balance presented in the financial statements sign-off as evidence of approval and review
is accurate by the financial controller.
-Timely identification and correction of errors
ensures that recording issues are resolved
and the accounting records are accurate.
-Review by the financial controller helps to
ensure the accuracy of the reconciliation,
-Security/ConfidentialityOnly one password is -The hierarchal password facility should be Review the computer logs to identify that
used to access the computer for all functions used, and passwords changed on a regular regular password changes are made and that
-Unauthorised access could result in: basis following at standard password the password structure is hierarchal
•Corruption of standing data los generating procedures
-Computer logs should be used to track that
regular changes to passwords using standard
password generating procedures or made by
all users and that the passwords are hierarchal
Payroll -Raspberry Co has a separate human -Review the job descriptions of payroll and
system resources (HR) department which is HR to confirm the split of responsibilities with
responsible for setting up all new employees regards to setting up new joiners
-Having a segregation of roles between human -Discuss with members of the payroll
resources and payroll departments reduces department the process for setting up new
the risk of fictitious employees being set up joiners and for confirmation that the process
and also being paid is initiated by HR
-Pre-printed forms are completed by HR for all -Select a sample of new employees added to
new employees, and includes assignment of a the payroll during the year, review the joiner
unique employee number, and once verified, a forms for evidence of completion of all parts
copy is sent to the payroll department and that the information was verified as
-Payroll is unable to set up new joiners without accurate and was received by payroll prior to
information from these forms being added to the system
-The use of pre-printed forms ensures that all -Select a sample of edit reports for changes
relevant information, such as tax IDs, is to payroll during the year; agree a sample of
obtained about employees prior to set up new employees added to payroll to the
-This minimises the risk of incorrect wage and joiners forms
tax payments
-In addition, as payroll is unable to set up new
joiners without the forms and employee
number, it reduces the risk of fictitious
employees being set up by payroll
-The quarterly production bonus is input by a -If attending Raspberry Co at the time of
clerk into the payroll system, each entry is bonus processing, observe the clerk inputting
checked by a senior clerk for input errors prior and senior clerk checking the bonus
to processing, and they evidence their review payments into the payroll system
via signature -In addition, obtain listings of quarterly bonus
-This reduces the risk of input errors resulting payments and review for evidence of
in over/underpayment of the bonus to signature by the senior clerk who checks for
employees input errors
-Production employees are issued with clock -Observe the use of clock cards by
cards and are required to swipe their cards at employees when entering the power station
the beginning and end of their shift, this -Confirm the security team is supervising the
process is supervised by security staff 24 process and following up on discrepancies
hours a day through discussions with the security staff
-This ensures that genuine employees are
only paid for the work actually done, and
reduces the risk of employees being paid but
not completing their eight-hour shift
In addition, due to the supervision it is unlikely
that one employee could swipe in others
-The clock card information identifies the -Utilise test data procedures to input dummy
employee number and links into the hours clock card information, verify this has been
worked report produced by the payroll system. updated into the payroll system
-As the hours worked are automatically -Select a sample of quarterly exception
transferred into the payroll system, this reports and review for evidence of review and
reduces the risk of input errors in entering follow up of any unexpected changes by the
hours to be paid in calculating payroll, payroll director
ensuring that employees are paid the correct -Enquire of payroll clerks how cash is
amount delivered to Raspberry Co for weekly pay
-On a quarterly basis, exception reports of packets
changes to payroll standing data are produced -Review a sample of invoices from the
and reviewed by the payroll director. security company to Raspberry Co for
-This ensures that any unauthorised delivery of cash
amendments to standing data are identified
and resolved on a timely basis
-For production employees paid in cash, cash
is received weekly from the bank by a security
company
-It is likely the sum of money required to pay
over 175 employees would be considerable
-It is important that cash is adequately
safeguarded to reduce the risk of
misappropriation
-The pay packets are prepared by two -Observe the preparation of the pay packets
members of staff with one preparing and one ensuring that two members of staff are
checking the pay packets and this is involved and that pay packets are checked
evidenced by each staff member signing the for accuracy
weekly listing -For a sample of weeks throughout the year,
-This ensures there is segregation of duties inspect the weekly payroll listing for evidence
which prevents fraud and errors not being of signature by the two members of staff
identified involved in the preparation of the pay packets
-Production supervisors determine the amount of -The bonus should be determined by a

the discretionary bonus to be paid to employees responsible official, such as the production
-Production supervisors should not determine director and should be formulated based on a
this as they could pay extra bonuses to friends written policy
or family members, resulting in additional payroll -If significant in value, the bonus should be
costs. formally agreed by the board of directors
-The wages calculations are generated by the -The bonus should be communicated in writing
payroll system and there are no checks to the payroll department
performed -A senior member of the payroll team should
-Therefore, if system errors occur during the recalculate the gross to net pay workings for a
payroll processing, this would not be identified sample of employees and compare their
-This could result in wages being over or under results to the output from the payroll system
calculated, leading to an additional payroll cost -These calculations should be signed as
or loss of employee goodwill approved before payments are made
-Student loan deduction forms are completed by -The payroll department should maintain a
relevant employees and payments are made schedule, by employee, of payments made to
directly to the third party until the employee third parties, such as the central government
notifies HR that the loan has been repaid in full as well as the cumulative balance owing
-As the payments continue until the employee -On a regular basis, at least annually, this
notifies HR, and employees are unlikely to be statement should be reconciled to the loan
closely monitoring payments, there is the risk statement received from the government and
that overpayments may be made, which then sent to the employee for agreement
need to be reclaimed, leading to employee -In accordance with the schedule, payments
dissatisfaction which are due to cease shortly should be
-In the case of underpayments, Raspberry Co confirmed in writing with the third party, prior to
has an obligation to remit funds on time and to stopping.
reconcile to annual loan statements
-If the company does not make payments in full
and on time, this could result in non-compliance
by both the company and employee, which could
result in fines or penalties
-Holiday request forms are required to be -Employees should be informed that they will
completed and authorised by relevant line not be able to take holiday without completion
managers, however, this does not always occur of a holiday request form, with authorisation
-This could result in employees taking from the line manager
unauthorised leave, resulting in production -Payroll clerks should not process holiday
difficulties if an insufficient number of employees payments without agreement to the authorised
are present to operate the power plant holiday form
-In addition, employees taking unauthorised -The senior payroll manager should not be
leave could result in an overpayment of wages able to process changes to the payroll system
-The senior payroll manager reviews the bank as well as authorise payments
transfer listing prior to authorising the payments -The authorisation of the bank transfer listing
and also amends the payroll records for any should be undertaken by an individual outside
changes required the payroll department, such as the finance
-There is a lack of segregation of duties as it is director
the payroll team which processes the amounts
and the senior payroll manager who authorises
payments
-The senior manager could fraudulently increase
the amounts to be paid to certain employees,
process this payment as well as amend the
records
-The pay packets are delivered to the production -All pay packets should be distributed by the
supervisors, who distribute them to employees payroll department, directly to employees,
at the end of their shift upon sight of the employee's clock card and
-The supervisor is not sufficiently independent to photographic identification as this confirms
pay wages out proof of identity
-They could adjust pay packets to increase -Payroll should undertake a reconciliation of
those of close friends whilst reducing others pay packets issued to production supervisors,
-In addition, although the production supervisors wages distributed with employee signatures to
know their team members, payment of wages confirm receipt and pay packets returned to
without proof of identity increases the risk that payroll due to staff absences
wages could be paid to incorrect employees -Any differences should be investigated
-Monthly management accounts do not analyse immediately
the variances between actual and budgeted -As employees work eight-hour shifts over 24
wages and salaries; this is because there are no hours, consideration should be given to
overtime costs operating a shift system for the payroll
-However, wages and salaries are a significant department on wages pay out day
expense and management needs to understand -This will ensure that there are sufficient
why variances may have arisen payroll employees to perform the wages pay
-These could occur due to extra employees out for each shift of employees, with the same
being recruited which were not budgeted for, or level of controls in place
an increase in wage pay out rates -The monthly management accounts should
-The board would need to monitor the wages be amended to include an analysis of wages
and salaries costs as if they are too high, then and salaries compared to the budgeted costs
this would impact the profitability of the company -These should be broken down to each
relevant department and could also include an
analysis of headcount numbers compared to
budget
-The gross and net pay automatically calculated -A senior member of the payroll department -Obtain the recalculations performed by the
by the payroll package are not checked at all should reperform a sample of the gross and senior payroll reviewer for evidence that the
-The lack of checking increases the risk that net pay calculations automatic calculations have been reviewed
errors are being accumulated without being -Any discrepancies should be investigated -Review a sample of the gross and net pay
detected The automatic gross and net pay calculations calculations generated by the payroll system
-This could lead to wages being over- or must be reviewed and approved before for evidence that they have been approved
understated payments are made and signed off
-Additional wages may be paid as a result
Statutory deductions may be over- or underpaid,
giving rise to compliance issues
-There is also likely to be a loss of employee
goodwill
-The clerks update the standing data to reflect -Payroll clerks should not be allowed to make -Observe a payroll clerk attempting to make
the increase of wages each year standing data changes changes to payroll standing data, to
-The apparent lack of authorisation to changes -Changes to the standing data to reflect the determine whether the system rejects the
in standing data increases the risk of errors, annual wage increase should be made by a changes
leading to the over- or understatement of wages, senior member of the payroll department -Review the log of changes made to the
and the incorrect payment of wages -These changes should be checked by standing data for evidence that they were
-This also increases the risk of fraud, as the another responsible official to identify any made by a senior member of the payroll
clerks have the ability to make unauthorised errors or inconsistencies department
changes to standing data -Review the log of changes made to the
standing data for evidence that they have
been reviewed by another responsible official
-Only payment for overtime in excess of 30% of -All overtime hours worked, whether in lieu of Review a sample of the weekly overtime
the standard hours are authorised by pay or holidays, must be authorised by the sheets for evidence of signature by the head
department heads relevant department head of the department concerned.
-This increases the risk of employees claiming -The authorisation should be evidenced by
for overtime not worked, leading to additional signatures
payroll costs
-payroll clerks do not always check the overtime -Payroll clerks must agree holidays taken in Review a sample of holidays taken in lieu of
worked report before employees take time off in lieu to the overtime report, and record that this overtime to verify whether the payroll clerk
lieu of overtime worked has been done has agreed the time taken in lieu to the
-This increases the risk of employees taking -Where inconsistencies are identified, the overtime report
unauthorised leave, leading, again, to wages payroll clerks should notify the relevant
being paid for days which have not been worked department head
-The overtime worked report is emailed by the -Departments should be required to respond to -For a sample of overtime worked reports,
payroll department to department heads, who the payroll department regarding each inspect the responses received from each
report only by exception if errors are identified overtime worked report, regardless of whether department head
-The authorisation of overtime sheets by an - it is correct -For a sample of overtime payments,
alternative responsible official while the -The department heads should be reminded of compare the dates on which authorisation
department heads are on leave does not always the procedures with regards to holiday cover has been received with the dates on which
occur. -No payment should be made until the report overtime payment is made, to confirm that
-The fact that the department heads only report has been authorised by the relevant official payment is only made after authorisation has
by exception can cause the payroll department -The payroll department should monitor the been obtained
to mistakenly assume that the overtime report is authorisation of the overtime worked report -Make enquiries of payroll clerks regarding
correct when it is not – leading to the payment of and follow up with each relevant head where the process of obtaining authorisation for
incorrect overtime. no response has been received overtime sheets while the department heads
-The lack of holiday cover for the authorisation of are on leave
overtime can lead to overtime pay being
delayed, resulting in the loss of employee
goodwill.
-The finance director reviews the total list of -The finance director should agree a sample of Inspect payment lists for evidence that the
bank transfers and compares this to the total the employees on the payroll records to the finance director has agreed a sample of
payable per the payroll records payment list, and vice versa, to ensure that payees to the payroll records, and vice versa
-This process does not prevent employees to be payments are complete, and made only to
omitted from the payroll bona fide employees
-There is equally a risk of fictitious employees, or -These checks should be evidenced by the
employees who have left the company, finance director's signature
appearing on payroll
-As a result, fraudulent payments could be made
Payroll -Employees swipe their cards at the beginning -The clocking in and out process should be
system and end of the eight-hour shift; this process is supervised by a responsible official to prevent
not supervised one individual clocking in multiple employees
-This could result in a number of employees -A supervisor should undertake a random
being swiped in as present when they are not check of employees by reviewing who has
-This will result in a substantially increased logged in with a swipe card and confirming
payroll cost for Bronze visually that the employee is present
-Employees are entitled to a 30-minute paid -Employees should be allocated set break
break and do not need to clock out to access the times and there should be a supervisor
dining area present to ensure that employees only take
-Employees could be taking excessive breaks the breaks they are entitled to
resulting in a decrease in productivity and
increased payroll costs
-Although there is a human resources All appointment of staff, whether temporary or
department, appointments of temporary staff are permanent, should only be made by the
made by factory production supervisors human resources department
-The supervisor could appoint unsuitable
employees and may not carry out all the
required procedures for new joiners
-This could result in these temporary employees
not receiving the correct pay and relevant
statutory deductions
-Overtime reports which detail the amount of -All overtime should be authorised by a
overtime worked are sent out quarterly by the responsible official prior to the payment being
payroll department to production supervisors for processed by the payroll department
review -This authorisation should be evidenced in
-These reports are reviewed after the payments writing
have been made which could result in
unauthorised overtime or amounts being paid
incorrectly and Bronze's payroll cost increasing
-Production supervisors determine the amount of The bonus should be determined by a more
the discretionary bonus to be paid to employees senior individual, such as the production
-Production supervisors are not senior enough to director, and this should be communicated in
determine this as they could pay extra bonuses writing to the payroll department.
to friends or family members
-The bonus is input by a clerk into the payroll Once the clerk has input the bonus amounts,
system all entries should be double checked against
-There is no indication that this input process is the written confirmation from the production
reviewed director by another member of the team to
-This could result in input errors or the clerk identify any amounts entered incorrectly
could fraudulently change the amounts leading
to incorrect bonus payments.
-The payroll manager reviews the bank transfer -The payroll manager should not be able to
listing prior to authorising the payments and also process changes to the payroll system as well
amends the payroll records for any changes as authorise payments
required -The authorisation of the bank transfer listing
-There is a lack of segregation of duties as it is should be undertaken by an individual outside
the payroll team which processes the amounts the payroll department, such as the finance
and the payroll manager who authorises director
payments
-The manager could fraudulently increase the
amounts to be paid to certain employees and
process this payment as well as amend the
records.
-A payroll clerk distributes cash pay packets to The payroll clerks should be informed that all
employees without requesting proof of identity cash wages can only be paid upon sight of the
-Even if most employees are known to the clerk, employee's clock card and photographic
there is a risk that without identity checks wages identification as this confirms proof of identity
could be paid to incorrect employees.
Payroll -There are no monitoring/supervision procedures -Clocking in and out should be monitored by a
system relating to the clocking in and clocking out of supervisor of an appropriate level, or by CCTV
employees cameras installed to deter employees from
-This means that staff may ask colleagues to clocking in for one another
clock them in when they are not actually present -Furthermore, employees should be
resulting in a payroll cost in excess of that automatically clocked out at the end of their
expected for the actual hours worked. shift, and should be required to clock back in if
they are completing pre-agreed overtime.
-Payroll calculations are not reviewed and 100% -A payroll supervisor should periodically
reliance is placed on the accuracy of the payroll recalculate the net pay based on the gross pay
system and expected deductions, then compare the
-This means that any errors made, for example result with the computer generated figures for
as a result of standing or underlying data being a sample of employees
incorrect or errors occurring during payroll -The review should be evidenced by a
processing, then they would not be discovered signature and wages should not be paid until
-This may lead to overpayments or this signed review is completed
underpayments (and incorrect payroll costs) and
may result and lead to losses or disgruntled
employees
-The HR department has used verbal -HR should be required to gain written board
authorisation to inform the payroll department of authorisation for any proposed wage increase
pay increases before passing this to payroll
-This indicates a lack of authorisation at board -Similarly, payroll should be informed only to
level and could lead to invalid increases in action a wage increase or other change on
employee wages (eg for HR personnel's friends receipt of written authorisation approved by
or relatives) the board
-The factory supervisor is trusted with -Payroll officials should be available for certain
substantial cash sums in advance of the hours during the night shift to distribute wages
distribution of wages to the night shift -The night shift workers should also be
-This cash is susceptible to theft and loss while required to produce identification before they
not with employees or securely stored are given their pay packets
-Alternatively Chuck may decide to pay the
night shift via bank transfer
-The factory supervisor keeps absent Any amounts not paid out on Fridays should
employees' wages over the weekend before be kept by payroll in a safe or other secure
handing back to payroll and this further means until Monday when the employee can
increases the risk of loss or theft of cash wages collect from payroll
-Staff holidays in the HR department have meant -HR staff duties and responsibilities should be
that payroll information relating to new joiners reallocated when staff are ill or on holiday,
was not communicated on a timely basis, which including the responsibility of immediate
in turn meant that joiners were not paid on time communication of new joiners (and leavers) to
leading to disgruntled employees and inaccurate payroll
payroll records -In addition, new joiner forms showing start
date should be completed and authorised, and
then passed to payroll so that they are aware
of the need to update the payroll records
Purchase -When raising purchase orders, the clerks -It is important that goods are despatched
system choose whichever supplier can despatch the promptly, but this is just one of many criteria
goods the fastest that should be used in deciding which supplier
-This could result in Fox Industries Co ordering to use
goods at a much higher price or a lower quality -An approved supplier list should be compiled;
than they would like, as the only factor this should take into account the price of
considered was speed of delivery goods, their quality and also the speed of
delivery
-Once the list has been produced, all orders
should only be placed with suppliers on the
approved list
-Purchase orders are not sequentially numbered -All purchase orders should be sequentially
-Failing to sequentially number the orders numbered and on a regular basis a sequence
means that Fox Industries Co’s ordering team check of unfulfilled orders should be
are unable to monitor if all orders are being performed
fulfilled in a timely manner; this could result in
stock outs
-If the orders are numbered, then a sequence
check can be performed for any unfulfilled
orders
-Purchase orders below $5,000 are not -All purchase orders should be authorised by a
authorised and are processed solely by an order responsible official
clerk -Authorised signatories should be established
-This can result in goods being purchased which with varying levels of purchase order
are not required by Fox Industries Co authorisation
-In addition, there is an increased fraud risk as
an order clerk could place orders for personal
goods up to the value of $5,000, which is
significant.
-Purchase invoices are input daily by the The purchase ledger clerk should input the
purchase ledger clerk and due to his experience, invoices in batches and apply application
he does not utilise any application controls controls, such as control totals, to ensure
-Without application controls there is a risk that completeness and accuracy over the input of
invoices could be input into the system with purchase invoices.
inaccuracies or they may be missed out entirely
-This could result in suppliers being paid
incorrectly or not all, leading to a loss of supplier
goodwill
-The purchase day book automatically updates -The process should be updated so that on a
with the purchase ledger but this ledger is regular basis the purchase ledger
manually posted to the general ledger automatically updates the general ledger
-Manually posting the amounts to the general -A responsible official should then confirm
ledger increases the risk of errors occurring through purchase ledger control account
-This could result in the payables balance in the reconciliations that the update has occurred
financial statements being under or overstated correctly
-Fox Industries Co’s saving (deposit) bank -All bank accounts should be reconciled on a
accounts are only reconciled every two months regular basis, and at least monthly, to identify
If these accounts are only reconciled any unusual or missing items
periodically, there is the risk that errors will not -The reconciliations should be reviewed by a
be spotted promptly responsible official and they should evidence
-Also, this increases the risk of employees their review
committing fraud
-If they are aware that these accounts are not
regularly reviewed, then they could use these
cash sums fraudulently
-Fox Industries Co has a policy of delaying -Fox Industries Co should undertake cash flow
payments to their suppliers for as long as forecasting/budgeting to maximise bank
possible balances
-While this maximises Fox Industries Co’s bank -The policy of delaying payment should be
balance, there is the risk that the company is reviewed, and suppliers should be paid in a
missing out on early settlement discounts systematic way, such that supplier goodwill is
-Also, this can lead to a loss of supplier goodwill not lost
as well as the risk that suppliers may refuse to
supply goods to Fox Industries Co.
-The finance director authorises the bank -The finance director should review the whole
transfer payment list for suppliers; however, he payments list prior to authorising
only views the total amount of payments to be -As part of this, he should agree the amounts
made to be paid to supporting documentation, as
-Without looking at the detail of the payments well as reviewing the supplier names to
list, as well as supporting documentation, there identify any duplicates or any unfamiliar
is a risk that suppliers could be being paid an names
incorrect amount, or that sums are being paid to -He should evidence his review by signing the
fictitious suppliers bank transfer list.
Purchase -The purchasing manager determines store -The purchasing manager should consult (in a -Select a sample of the minutes of meetings
system inventory levels without consulting those who meeting or by conference call) the store held by the purchasing manager and store
are best placed to judge the local market; the managers and a joint decision should be made managers for evidence that the store
store or sales managers on the initial inventory levels to be ordered for managers have been consulted on inventory
-Certain clothes and accessories may be initially clothes/accessories order levels
over-ordered and may need to be sold at -Discuss with/email a sample of store
reduced prices managers to request confirmation that they
-This may also result in overvalued inventory (if have been consulted on inventory order
held at cost) in the management accounts and levels
ultimately the financial statements
-Also some inventory may not be ordered in
enough volume to meet demand and the
reputation of Greystone may suffer
-Store managers are responsible for reordering -Realistic reorder levels should be established -Use test data to process sufficient sales so
through the purchases manager and it can take in the inventory system that the inventory levels of a sample of items
four weeks for goods to be received -When inventory is down to the predetermined fall below the reorder level
-The reliance is on store managers to be level, the purchasing manager should be -Determine whether an automatic reorder
proactive and order four weeks before a prompted to raise a purchase order (for request is emailed to the purchasing
potential stock-out example the system may generate an manager
-Without prompting they may order too late and automatic reorder request which is emailed to
inventory may run out for a period of up to four the purchasing manager)
weeks, resulting in lost revenue
-Stores cannot transfer goods between each -An internal ordering system should be set up Process a sample of orders between different
other to meet demand which allows for the transfer of goods between stores in order to determine whether the
-Customers are directed to try other stores/the stores internal ordering system operates as
website when an item of clothing is sold out -In particular, stores with very low inventory documented
-Revenue may be lost because the system is levels should be able to obtain excess
inconvenient for the customer, who may not inventories from those with high levels to meet
follow up at other stores, but may have demand while goods are reordered
purchased if the goods were transferred to their
local store
-Additionally the perceived lack of customer
service may damage the store's reputation
-Goods received are not checked against -A copy of authorised orders should be kept at Inspect a sample of goods received notes
purchase orders the relevant store and checked against goods (GRN) to confirm that they have been
-Goods which were not ordered in the first place received notes (GRNs) checked back to the original order, and that
could be received -If all details are correct, the order should be the GRN has been initialled to show that the
-Once received, it may be difficult to return these marked completed and sent to head office check has been performed.
goods and they may need to be paid for -The purchasing clerk should review the
-In any case there is a potential unnecessary purchase orders at regular intervals for
administrative cost incomplete items and investigate why these
-Additionally, some goods ordered may not be are not completed
received leading to insufficient inventory levels
and potential lost revenue.
-The purchase orders reviewed and authorised -A country by country review of orders should Inspect the documentation relating to the
by the purchasing director are aggregated by be carried out by the purchasing director review of orders to determine whether they
region -Where appropriate, discussions should take have been reviewed in sufficient detail
-The lack of detail does not allow the purchasing place between the purchasing director and
director to make an informed assessment of the local purchasing managers before
buying policies and they may be unsuitable for authorisation of orders
specific markets within regions
-Quality of goods is not checked by sales Goods should be checked on arrival for -Observe a sample of goods being received
assistants, only quantity quantity and quality prior to acceptance. in order to determine whether goods are
-Poor quality clothes may be accepted and may checked for both quality and quantity
not be saleable (also inventory may be -Inspect GRN for evidence of a signature to
temporarily overvalued) show that the check has been performed
-Purchase invoices and GRNs are manually -A purchasing system should be adopted -Process a sample of orders using test data
matched, which is time consuming which allows for logging of GRNs against -Trace the orders through the purchasing
-The manual processing of high a high volume of original invoices, and then electronic/automatic system to verify that all appropriate checks
documents is prone to human error matching of invoices against GRNs and authorisations are requested by the
Invalid invoices may be processed as a result -A regular review by the purchasing clerk system.
should then be focused on unmatched items
-A purchase invoice is not put on the system -A list of invoices not posted should be Review the list of invoices not posted to
until it is ready for authorisation by the prepared on a monthly basis and passed to ensure they are being prepared on a monthly
purchasing director the purchasing director for authorisation and basis, and that they are authorised by the
-The purchase ledger will not have all invoices an accrual made to ensure completeness of purchasing director
posted, understating liabilities payables
-Also payables may be paid late
-Each restaurant maintains a petty cash float of -A petty cash log should be maintained so the
$400, and at any point in time the receipts and purchase of sundry items is recorded in the log
funds present should equal the float along with the sum borrowed, date and
-It has been noted by the internal audit (IA) employee.
department that on occasions there are -On purchase of the items, the relevant
differences due to the fact that no log is employee should return the relevant receipt or
maintained of petty cash requests. voucher and any funds not spent
-This could be as a result of sundry items being -The log should be updated to confirm return
purchased without the relevant receipt or of funds and receipts.
voucher being returned -On a weekly basis, the restaurant manager
-There is also a possibility that the cash is being should reconcile the petty cash and if any
misappropriated by staff members, or being receipts are missing, these should be followed
spent on non-business related items. up with the relevant employee
-If it is cash which is missing, then this should
be investigated further with the employees
who made petty cash purchases during that
period.
-To speed up the cash payment by customers, -Each employee should be provided with a
Cash for each venue the tills have the same log on unique log on code and this is required to be
system code and these codes are changed fortnightly. entered when using the tills
-In the event of cash discrepancies arising in the -In order to facilitate the investigation of till
tills, it would be difficult to ascertain which differences, employees should be allocated to
employees may be responsible as there is no a specific till point for their shift.
way of tracking who used which till -Any discrepancies which arise should initially
-This could lead to cash being easily be double checked to ensure they are not
misappropriated. arithmetical errors
-If still present, the relevant employees who
had access to the till can be identified and
further investigations can be undertaken
-The reconciliations of the tills to the daily sales The reconciliations should be undertaken on
readings are performed in total for all five tills at an individual till by till basis rather than in
each venue rather than for each till aggregate and any discrepancies noted should
-This means that when exceptions arise, it will be investigated immediately
be difficult to identify which till caused the
difference and therefore which employees may
require further till training or may have
undertaken fraudulent transactions
-cashing up of tills along with the recording of -The cashing up process should be
any cash discrepancies is undertaken by just undertaken by two individuals together, ideally
one individual, the restaurant manager an assistant manager and the restaurant
-There is a fraud risk as the manager could manager
remove some of the cash and then simply record -One should count the cash and the other
that there was an exception on the daily sales record it
list. -Any exceptions to the till reading should be
-In addition, as there is no segregation of duties, double checked to confirm that they are not
the restaurant manager could, fraudulently or by simply arithmetical errors
error, record the total sales as per each till -If still present, the relevant employees who
incorrectly leading to incorrect identification of had access to the till can be identified and
discrepancies. further investigations can be undertaken
-Daily sales sheets are scanned and emailed to -Daily sales sheets for each venue should be
head office on a weekly basis sequentially numbered and remitted to head
-There is a possibility that some sales sheets office on a daily basis
could be misplaced by the restaurant manager -At head office, a sequence check should be
resulting in incomplete sales and cash receipts undertaken on a regular basis to identify any
data being recorded into the accounting syste missing sheets and any gaps should be
investigated further.
-Once received, the cashier should post the
sales and cash data for all six venues on a
daily basis
-Once processed, they should then be signed
as posted by the cashier and filed away
securely
-Cash is stored in a safe at each venue and the -The current key lock safe should be replaced
restaurant manager stores the safe key in a with a safe with a digital code
drawer of their desk when not in use -Only authorised personnel should have the
-Although cash is banked on a daily basis, there code which should be updated on a regular
could still be a significant sum of cash onsite basis.
each day
-There is a risk of significant cash losses due to
theft if access to the safe key is not carefully
controlled.
-The cashier is responsible for several elements These key roles should be split between
of the cash receipts system different members of the finance team, with
-She receives the daily sales sheets from ideally the bank reconciliations being
restaurants, agrees that cash has cleared into undertaken by another member of the team
the bank statements, updates the cash book and
undertakes the bank reconciliations.
-There is a lack of segregation of duties and
errors will not be identified on a timely basis.
-The cashier is not checking that payments -The cashier should reconcile the credit card
made by credit card have resulted in cash being vouchers per restaurant to the monthly
received by Camomile Co statement received from the card company
-The credit card statements are not reviewed or -The daily amounts per the statement should
reconciled, they are just filed away be agreed to the bank statement to ensure
-There is a risk that receipts of cash by credit that all funds have been received
card may have been omitted and this would not -This reconciliation should be reviewed by a
be identified on a timely basis as the bank is responsible official, such as the financial
only reconciled every two months and may result controller, who should evidence by signature
in difficulties in resolving any discrepancies with that the review has been undertaken
the credit card company
-The bank reconciliations are only carried out -The bank reconciliations should be performed
every two months on a monthly basis rather than every two
-For a cash-based business, the bank months
reconciliation is a key control which reduces the -The financial controller should continue to
risk of fraud review each reconciliation and evidence her
-If it is not reconciled regularly enough, then this review by way of signature on the bank
reduces its effectiveness as fraud and errors reconciliation
may not be identified on a timely basis
-The finance director only views the total amount -The finance director should review the whole
of payments to be made rather than the amounts payments list prior to authorising
to be paid to each supplier -As part of this, he should agree the amounts
-Without looking at the detail of the payments to be paid to supporting documentation, as
list, as well as supporting documentation, there well as reviewing the supplier names to
is a risk that suppliers could be being paid an identify any duplicates or any unfamiliar
incorrect amount, or that sums are being paid to names
fictitious suppliers -He should evidence his review by signing the
bank transfer list.
Sales person - warehouse despatch: customer -The third part of the sales order as mentioned
ID and the sales order details previously should be forwarded directly to the
+There is a risk that incorrect or insufficient warehouse department.
details may be recorded by the sales person and -The pick list should be generated from the
this could result in incorrect, orders being original order form and the warehouse team
Inventory
despatched, orders being despatched late or should check correct quantities andproduct
system
orders failing to be despatched at all, resulting in descriptions are being despatched, as well as
a loss of customer goodwill and revenue checking the quality of goods being
+Should: copy of the sales order itself, and a despatched to ensure they are not damaged.
pick list
Customer orders are given a number based on -Sales orders should be sequentially
the sales (ID) number, not sequential numbered
+Without sequential numbers, it is difficult -On a regular basis, a sequence check of
forHeraklion Co to identify missing orders and to orders should be undertaken toidentify any
monitor if all orders are being despatched in a missing orders.
timely manner, leading to a loss of customer
goodwill.
-The warehouse manager will supervise the An independent supervisor should be
inventory count and is not independent as he assigned, such as a manager from the internal
has overall responsibility for the inventory audit department.
-He therefore has an incentive to conceal or fail
to report any issues that could reflect badly upon
him
-Aisles or areas counted will not be flagged -Once areas have been counted they should
This could result in items being double counted be flagged
or not counted at all. -At the end of the count the supervisor should
check all areas have been flagged and
therefore counted.
-There is no one independent reviewing controls Instead of the internal auditors being involved
over the count or test counting to assess the in the count itself, they should perform
accuracy of the counts secondary test counts and review controls
over the count
-Damaged goods are being left in their location -Damaged goods should be clearly marked as
rather than being stored separately such during the count and at the end of the
-This makes it more difficult for finance to assess count they should be moved to a central
the level of damage to the goods and establish location
the level of write down needed -A manager from the finance team should then
-Also, if not moved, damaged goods could be inspect these damaged goods to assess the
sold by mistake level of allowance or write down needed
-Due to the continuous production process, there -Although it is not practicable to disrupt the
will be movement of goods in and out of the continuous production process, raw materials
warehouse during the count, increasing the risk (RM) required for 31 December should be
of double counting or failing to count inventory estimated and separated from the remainder
-This could mean inventory in the financial of inventory
statements is under- or overstated -These materials should be included as part of
work in progress (WIP)
-Goods manufactured on 31 December should
be stored separately, and at the end of the
count should be counted once and included as
finished goods
-Goods received from suppliers should also be
stored separately, counted once at the end
and included in RM
-Goods dispatched to customers should be
kept to a minimum during the count.
-The warehouse manager is going to estimate A specialist should be used to assess the work
WIP levels in progress
-The warehouse manager is unlikely to have the
necessary experience to estimate the WIP levels
which is something the factory manager would
be more familiar with
-Alternatively a specialist may be needed to
make the estimate
-This could ultimately result in an inaccurate WIP
balance in the financial statements
-The warehouse manager is going to -As in previous years, a specialist should

approximate RM quantities assess the quantities of raw materials, or at
-Although he is familiar with the RM, and on the least check the warehouse manager's
basis that a specialist has been required in the estimate to give comfort that the manager's
past, the warehouse manager may not have the estimates will be reasonable going forward
necessary skill and experience to carry out these
measurements
-This could result in an inaccurate RM balance in
the financial statements
-There is no indication that inventory sheets are -Inventory sheets should be signed by both
signed or initialled by the counting team, nor a team members once an aisle is completed
record kept of which team counted which area -The supervisor should check the sheets are
-This means it will be difficult to follow up on any signed when handed in
anomalies noted, as the identity of the counters
may not be known
-Inventory not listed on the sheets is to be -Every team should be given a blank sheet on
entered onto separate sheets which they can enter any inventory counted
-These sheets are not sequentially numbered which is not on their sheets
and the supervisor will be unable to ensure the -The blank sheets should be sequentially
completeness of all inventory sheets numbered, with any unused sheets returned at
the end of the count
-The supervisor should then check the
sequence of all sheets
-The responsibilities of each of the two staff -For each area one team member should be
members within a counting team is unclear asked to count and the second member asked
-It does not appear that one has been told to to check that the inventory has been counted
count and the other to check correctly
Therefore errors in counting may not be picked -The roles of each can then be reversed for
up. the next area
Internal -The IA department only undertake cash control Caterpillar Co's IA department should have a
audit visits to the 20 largest stores as they feel this is rolling programme of visits to all 45 stores
where most issues arise This programme can have a bias to large and
-However, Caterpillar Co has 45 stores in total high risk stores, but it should ensure that all
which means over half of the stores are not stores are visited on a cyclical basis.
being checked
-This increases the likelihood of control errors,
as these stores may not comply with company
procedures and with it being a cash business
heightens the chance of frauds occurring.
-Equestrian Co has experienced significant staff -Senior management should consider
shortages within their internal audit (IA) recruiting additional employees to join the IA
department department
-In addition, several members of the current IA -In the interim, employees from other
team are new to the company departments, such as finance, could be
-Maintaining an IA department is an important seconded to IA to assist them with the internal
control as it enables senior management to test audits, provided these reviews do not cover
whether controls are operating effectively within controls operating in the department where the
the company employees normally work.
-If the team has staff shortages or lack of
experience, this reduces the effectiveness of this
monitoring control
-Caterpillar Co has an internal audit (IA) -Discuss with IA the program of their visits to
department which has undertaken a number of stores and the areas addressed on these
internal control reviews, which specifically visits
focussed on cash controls at stores during the -This will assess the strength of this
year. monitoring control
-This is a strong monitoring control as stores -In particular, enquire of IA whether over a
will aim to ensure that company procedures rolling period all stores will be visited.
are maintained as they would not wish IA to -Review the IA department files for the
report any exceptions at their store. results of the store visits, to confirm that the
20 stores programmed to be visited did all
actually take place and for exceptions noted
and actions taken.
To ensure that goods are not supplied to poor With the client's permission, attempt to enter
credit risks a sales order which will take a customer over
the agreed credit limit and ensure the order is
rejected as expected
To ensure that sales discounts are only Attempt to process an order with a sales
provided to valid customers discount for a customer not normally entitled
to discounts to assess the application
controls
To ensure that all orders are recorded Observe the sales order clerk processing
Order
completely and accurately orders and look for proof that the order
system
acceptance is automatically generated (eg
email in sent folder)
To ensure that all goods dispatched are Inspect a sample of GDNs and agree that a
correctly invoiced valid sales invoice has been correctly raised
To ensure completeness of income for goods Review the latest report from the computer
dispatched. sequence check of sales invoices for
omissions and establish the action taken in
respect of any omissions found
-Inventory availability does not appear to be Prior to the salesperson finalising the order,
checked by the sales person at the time the the inventory system should be checked in
order is placed order for an accurate assessment of the
-In addition, Heraklion Co markets itself on being availability of goods to be notified to customers
able to despatch allorders within three working
Company
days.
reputation
-There is a risk that where goods are not
available, the customer would not be made
aware of this prior to placing their order, leading
to unfulfilled orders and customer dissatisfaction,
which would impact the company’s reputation
Corporate -During the year, the Chair resigned and Fred -Fred Johnson should resign as the Chair and
governance Johnson, who is currently the chief executive, only carry out the role of chief executive
took over the role. -An independent non-executive should be
-If Fred Johnson is both the Chair and chief appointed to fill the Chair's role.
executive, he will have unfettered power of
decision making and will effectively be
responsible for running the company and the
board.
-The Chair recently wrote to all shareholders to The Chair of Daley Co should take steps to
inform them that any questions or comments encourage regular effective engagement with
they may have could only be raised at the major shareholders in addition to the AGM
company's annual general meeting (AGM). This could be in the form of regular meetings
-Restricting shareholders to only raising and would aim to seek shareholders' views on
concerns at the AGM will not ensure regular the company's governance and performance
effective engagement with the owners of the against strategy.
company
-This could result in the board making decisions
which are not in line with the wishes of major
shareholders
-Non-executive directors' remuneration is based Daley Co should pay the non-executive
on pre-tax profit targets agreed by the board at directors an annual fee for their services to the
the start of the year. company and this fee should be unrelated to
-Non-executive directors' remuneration should the company's financial performance, but
not be based on pre-determined profit targets as rather based on time committed and
their pay should not be based on how the responsibilities of the role.
company performs as this would reduce their
independence.
-Amber is responsible for signing off the financial -Two further non-executive directors should be
statements, and yet is part of the audit appointed to the audit committee – Amber
committee cannot be on the audit committee and retain
-Part of the audit committee’s role is to monitor responsibility for the financial statements
the integrity of the financial statements – Amber -If Amber stands down from the committee,
would not be able to do this when she herself is then at least one of these non-executives
responsible for their preparation, would need to have financial reporting
knowledge and experience
-The audit committee (Amber) does not appear The audit committee must be established with
to have any official written terms of reference clear written terms of reference from the Board
-The audit committee has only one member -The audit committee must have three
members, or two in the case of small
companies
-Since Recorder is complying with the UK
Corporate Governance Code voluntarily, it is
likely that an audit committee of two members
would be sufficient.
-Amber Coleman, the finance director and an -An independent audit committee should be
executive director, is the main point of contact established, made up of non-executive
with the auditor directors
-An executive director should not be the main -Amber Coleman could only continue as a
point of contact – this is properly the role of the member of the audit committee if she stepped
audit committee down from her role as an executive director
-The company currently does not have an audit -The company should consider appointing an
committee as the board views the internal audit committee as quickly as possible
control environment as very effective. -The audit committee should be comprised of
-The lack of an audit committee means there is at least three non-executive directors and one
no oversight in the company to enable the of these non-executive directors should have
directors to discharge their responsibilities for recent and relevant financial expertise
accountability appropriately and there will not be -The committee as a whole should have
a means of the company maintaining its appropriate competence in the industry.
independent relationship with the external
auditors.
Fraud Explanation how risk mitigate -Related members of staff should not be -Two members of staff should process cash
allowed to work in the same department where receipts
they can seek to override segregation of duty -This would mean another collusion would be
controls necessary (on top of the one that has already
- The risk of related staff colluding and being occurred) to steal cash receipts
able to commit a fraud without easily being -This therefore reduces the risk of
discovered will be reduced reoccurrence
- Customer statements should be sent out -Staff within the finance department should
each month to all customers rotate duties on a regular basis
-The receivables ledger supervisor should -Rotation will act as a deterrent to fraud
check that all customers have been sent -This is because staff will be less likely to
statements commit fraudulent activities due to an
-Customers receiving statements may notice increased risk of the next person to be
anomalies in the allocation of payments (either rotated to their position uncovering any
timing or amount) and may alert the company wrongdoing
of these anomalies -The receivables ledger should be reconciled
-This may draw attention to the sort of fraud to the receivables ledger control account on
that occurred at Tinkerbell (known as 'teeming at least a monthly basis
and lading') -The reconciliation should be reviewed by a
-Bank reconciliations should be reviewed responsible official and anomalies
regularly by someone of an appropriate level investigated
of management who is not involved in its -This will increase the chance of discovering
preparation errors in the receivable balances and help to
-Unreconciled amounts should be investigated create a strong control environment likely to
and resolved at the time of review deter fraud.
-Any compensating material balances netted -Management should consider establishing
off to a small difference on the bank an internal audit department to assess and
reconciliation will be discovered quickly, monitor the effectiveness of controls, identify
increasing the probability of uncovering fraud any deficiencies, and carry out specific fraud
on a timely basis. investigations
-The presence of an internal audit
department would help to deter employees
committing fraud and identification of fraud
would be more likely due to ongoing
monitoring of internal controls
-Access to the master file data for suppliers is -The monthly exception report of changes to
available to all those in the purchasing master file data should be reviewed by a
department and the monthly exception report of responsible official, who should evidence this
changes to master file data is not reviewed. review
-All members of the purchasing department -Any unauthorised or unexpected changes
could amend data and, potentially, add new should be investigated and appropriate action
suppliers to the payables ledger system, and as taken.
the exception report is not reviewed it is unlikely -The ability to make amendments to master
that this would be identified file data should be restricted to those required
-This leads to anincreased risk of fraud as clerks and authorised to make changes to this data.
could add fictitious suppliers and then place
fraudulent orders without detection.
Ethical -The finance director is keen to report Hurling -The engagement partner should discuss the
threat/Safe Co's financial results earlier than normal and has timing of the audit with the finance director to
guard asked if the audit can be completed in a shorter understand if the audit can commence earlier,
time frame so as to ensure adequate time for the team to
-This may create an intimidation threat on the gather evidence
team as they may feel under pressure to cut -If this is not possible, the partner should
corners and not raise issues in order to satisfy politely inform the finance director that the
the deadlines and this could compromise the team will undertake the audit in accordance
objectivity of the audit team and quality of audit with all relevant ISAs and quality control
performed procedures
-Therefore the audit is unlikely to be
completed earlier
-If any residual concerns remain or the
intimidation threat continues, then Caving &
Co may need to consider resigning from the
engagement.
-A non-executive director (NED) of Hurling Co -Caving & Co is able to assist Hurling Co in
has just resigned and the directors have asked that they can undertake roles such as
whether the partners of Caving & Co can assist reviewing a shortlist of candidates and
them in recruiting to fill this vacancy reviewing qualifications and suitability
-This represents a self-interest threat as the -However, the firm must ensure that they are
audit firm cannot undertake the recruitment of not seen to undertake management decisions
members of the board of Hurling Co, especially and so must not seek out candidates for the
a NED who will have a key role in overseeing position or make the final decision on who is
the audit process and audit firm. appointed
-Caving & Co provides taxation services, the -Caving & Co should assess whether audit,
audit engagement and possibly services related recruitment and taxation fees would represent
to the recruitment of the NED more than 15% of gross practice income for
-There is a potential self-interest or intimidation two consecutive years
threat as the total fees could represent a -If the recurring fees are likely to exceed 15%
significant proportion of Caving & Co's income of annual practice income this year, additional
and the firm could become overly reliant on consideration should be given as to whether
Hurling Co, resulting in the firm being less the recruitment and taxation services should
challenging or objective due to fear of losing be undertaken by the firm
such a significant client. -In addition, if the fees do exceed 15%, then
this should be disclosed to those charged with
governance at Hurling Co
-If the firm retains all work, it should arrange
for a pre-issuance (before the audit opinion is
issued) or post-issuance (after the opinion has
been issued) review to be undertaken by an
external accountant or by a regulatory body
-The finance director has suggested that the Caving & Co will not be able to accept
audit fee is based on the profit before tax of contingent fees and should communicate to
Hurling Co which constitutes a contingent fee those charged with governance at Hurling Co
Contingent fees give rise to a self-interest threat that the external audit fee needs to be based
and are prohibited under ACCA's Code of Ethics on the time spent and levels of skill and
and Conduct experience of the required audit team
-If the audit fee is based on profit, the team may members
be inclined to ignore audit adjustments which
could lead to a reduction in profit`
-At today's date, 20% of last year's audit fee is -Having & Co should discuss with those
still outstanding and was due for payment three charged with governance the reasons why the
months ago final 20% of last year's fee has not been paid
-A self-interest threat can arise if the fees remain -They should agree a revised payment
outstanding, as Caving & Co may feel pressure schedule which will result in the fees being
to agree to certain accounting adjustments in settled before much more work is performed
order to have the previous year and this year's for the current year audit.
audit fee paid
-In addition, outstanding fees could be perceived
as a loan to a client which is strictly prohibited
-The engagement quality control reviewer -As Hurling Co is a listed company, then the
(ECQR) assigned to Hurling Co was until last previous audit engagement partner should not
year the audit engagement partner be involved in the audit for at least a period of
-This represents a familiarity threat as the five years
partner will have been associated with Hurling -An alternative ECQR should be appointed
Co for a long period of time and so may not instead.
retain professional scepticism and objectivity.

Test of Control

Uploaded by

Copyright:

Available Formats

Test of Control

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Test of Control

Uploaded by

Copyright:

Available Formats

Item Deficiency Control recommendation/Key control Test of control

-Damaged/obsolete goods are moved to a

-A sample of independent checks of the

-Production supervisors determine the amount of -The bonus should be determined by a

-The warehouse manager is going to -As in previous years, a specialist should

You might also like