6001ACC Audit and Internal Control - Weeks 5-9 Revision PDF

**[6001ACC Audit and Internal Control -- Weeks 5-9 Revision]** **[WEEK 5 -- IT CONTROLS]** [SYSTEM MAINTENANCE CONTROLS:] - Used to prevent unauthorised changes to programs, data, terminals and files, and to correct errors or changes in user requirements to ensure completeness and validity after the changing of a system. - Controls include program change standards, request for program changes, program change forms, change must be managed, test program, tested and reviewed, changes explained, documentation and manuals. [ORGANISATION AND MANAGEMENT CONTROLS:] - Controls to establish organisational framework over computer activities including levels of responsibility, staff practices, division of duties, controls against viruses and supervision. - In relation to segregation of duties, the IT department should be entirely separate, and transactions should not be authorised by members of the IT department. - Must train staff to operate the systems and databases correctly and efficiently. [ACCESS CONTROLS:] - Passwords (PALACE) - Only authorised personnel can access physical IT infrastructure such as servers, data centres and network equipment. - Access is only granted based on the role (segregation of duties). - VPNs to ensure remote users access the network securely. - Authorisation of users through logon IDs. - Log of unauthorised attempts. [COMPUTER OPERATING CONTROLS:] - Controls include scheduling of processing and using the correct programs and data files. - Ensures procedures are applied correctly and consistently during processing. - Operating procedures include hardware checks and division of duties. [SYSTEM DEVELOPMENT CONTROLS:] - Must use software from reputable companies. - Controls must process data. - The required training must be provided. - Conversion controls include ensure information is correctly taken onto the new system through balancing old files with new files and must have backup of new system and post-implementation review. [BUSINESS CONTINUITY CONTROLS:] - List of files and data to be recovered. - Having alternative processing, planning, documenting and testing facilities. - Must have various and regular backups. - Must have virus protection installed and working. [APPLICATION CONTROLS:] Validity = Identification and authentication of customers before the order is accepted through obtaining personal details i.e. ID numbers and credit card numbers. Completeness = Encrypts sensitive data, implements checking to ensure data completeness, e-mail confirmations, authorised payments on online banking apps, perform sequence checks on orders, perform missing data checks. Input Controls: - Ensure inputted data falls within a specified range of acceptable values stated. - Data must be in the correct format. - Certain fields when inputting data must not be left blank otherwise it's missed data. - Must be reasonable where the data entered is logical and consistent with other related data. - Ensure the data inputted does not exceed or fall short of the required field length. - All required input data is provided before processing to ensure verification. - Hash totals to detect any missing or corrupted data. - Record counts before and after processing to detect any missing or extra records. Processing Controls: - Before processing data, the system checks whether the data is valid by checking if it meets the required criteria e.g. format, length. - The system generates exception reports of transactions that fail to meet certain criteria e.g. duplicate transactions, exceed specified limits. - Limit test control where it checks that inputted values do not exceed or fall below certain thresholds. - Edit test control to ensure the data entered into the system is valid, consistent and meets specific requirements. - Activity reports provide a detailed summary of transactions processed by the system. Output Controls: - Sequential numbering of reports to help identify incomplete or missing reports. - Logging of all actions related to the output including who generated or transmitted the output and when. - Reconciliations to ensure the outputs produced by the system match with the input data. Master File Controls: Validity, Completeness and Accuracy of Standing Data - Important documents such as customer and supplier details are kept here. - Controls include PALACE to keep these documents safe and secure. Password Authorisation = Changes to master files require appropriate approval before they are made. L = The system should maintain a log of all changes made to the master files. AC = Restricts access controls of master files to only authorised individuals. E = Ensure a review is conducted. [CAATs (COMPUTER ASSISTED AUDITING TECHNIQUES) CONTROLS:] - Techniques to improve the efficiency and accuracy of audits. - Used to extract and analyse large amounts of data from various systems, re-perform, automate the selection of samples for substantive testing, automate the validation and verification of transaction data and test whether systems are working as designed. - Allows auditors to directly assess the integrity of IT systems by testing system controls. - Controls include all transactions and process through IT systems are valid, accurate and complete. [E-COMMERCE CONTROLS:] - Sensitive data such as credit card information and customer personal details must be encrypted to prevent unauthorised access. - Loss of information and modification to user data can occur during transaction processing, therefore data encryption techniques and edit checks should be implemented. - Connecting to the internet could facilitate unauthorised access, hackers may impersonate legitimate users and create unauthorised transactions and attract viruses. - Authentication tests for users and anti-virus software should be implemented. - Systems should maintain detailed logs of all transactions including purchases, refunds and cancellations. - Customer information and inventory records should be regularly backed up. - Orders may be taken from customers and filed where the customers are unable to pay, therefore detailed checks should be performed to ensure that transactions are done on valid credit cards. - Websites must be well functioning otherwise it will negatively impact sales and could affect the company's image. It's important to employ knowledgeable and experienced IT staff to manage the systems and its failures. - Regular system maintenance is also key. - Internet-based systems have inadequate audit trails, so detailed procedures and transaction logs should be kept and reviewed to identify unusual transactions. - Purchases made over the internet may not be timeously delivered, so the system must be tailored for delivery failures and to allow customers to complain or raise concerns. - Must comply with data and customer protection laws as well as tax and VAT implications. [IMPLEMENTATION OF SOFTWARE:] - The integrity of the new data transfer process of downloading data from the legacy systems to the new system = Review the system documentation, project management documentation, technical reports and system manuals. - The integrity of the new data in the new data base = Perform tests to confirm no significant changes were made. - The integrity of the new software = Assess the effectiveness of the new software and database implementation to ensure it's working properly. - Ensure the financial transactions recorded have not changed during the current year. - General controls environment will change = Document the changes and consider any weaknesses regarding the approach to the audit. - If the general controls are not adequate to ensure the application controls will operate consistently, a more substantive based audit approach will need to be adopted = Revise the audit approach from test of controls based to substantive based. - If reliance can be placed on the general control environment, then the application controls relating to the new systems will need to be tested = Test application controls relating to the new general ledger to see if they're reliant. - Need to take into account the data conversion from the old system to the new system = Look at the procedures used to manage the data conversion and test on a sample basis the validity, accuracy and completeness. - The new system may be complex to understand and to audit. The general control review and testing should include: - The system development of applications and databases. - The system maintenance of applications and databases. - Data access controls. - Segregation of duties within the overall systems environment. - Evaluate the systems life cycle and the overall process. **[WEEK 7 -- REVENUE AND RECEIPTS CYCLE]** [REVENUE PROCESS RISKS:] - Early revenue recognition. - Holding books open past the accounting period. - Including false sales. - Problems with other related party transactions. - Overstating receivables and other income. [KEY CONTROLS:] - Adequate segregation of duties. - Proper authorisation of sales. - Adequate documents and records of receiving, authorising, processing, dispatching, invoicing and recording. - Ensure all documents are sequentially prenumbered. - Monthly statements and reconciliations. [INHERENT RISKS:] - Nature of business and other industry related factors. - Potential revenue recognition issues. - The complexity of transactions. - The volume and quantity of transactions. [CONTROL RISKS:] - False sales are made and recorded. - Sales and deliveries are not invoiced and recorded properly. - Sales made to risky clients. - Incorrect prices and quantities. - Incorrect calculations on invoices. - Cut-off problems at month and year-end. - Incorrect classification of transactions. - Excessive bad debt. [SUBSTANTIVE ANALYTICAL PROCEDURES:] - Calculate the day's sales ratio relating to the debtors on a monthly basis and compare to previous years. - Calculate the proportion of accounts receivable to total current assets and compare to previous years. - Calculate the provision for bad debts. - Calculate the bad debts expense as a % of credit sales and compare to prior years. - Calculate the credit notes as a % of sales and compare to previous years. - Calculate the trade receivables collection period ratio to see how efficient money is coming into the company. - Calculate the turnover percentage change and compare with prior years. - Review the aged trial balance of accounts receivable to verify the accuracy and validity of the company's receivables. [SUBSTANTIVE TESTS OF DETAIL: SAMPLE BASED] Transactions: - Occurrence: Transactions from the sales journal should verify the sales invoice, customer order and delivery document. - Completeness: Delivery documents should be traced to related sales invoice and customer's account. The auditor's primary concern is whether all accounts receivable have been included in the accounts receivable. - Cut-Off: Compare dates of the sales invoice with the date of delivery note and the date the sale was recorded. Take a sample of delivery notes before and after year-end to ensure they have been accounted for in the correct period. - Classification: Determine that each sale invoice is properly classified in the revenue accounts. - Accuracy: Compare prices of the sales invoices with the authorised price list and take a sample of invoices and agree the sales figure. Account Balances: - Agree the opening balances of the debtor's ledger from the previous year. - Recalculate the client's provision for bad debts. - Request the customers to confirm specific outstanding invoices. - Inspect for sales orders, invoices and delivery notes for unconfirmed and unpaid amounts. - Existence and Rights/Obligations: This is an important assertion as the auditor wants assurance the account is not overstated. The auditor must determine that all accounts receivable is owned by the entity. Confirmation is the major audit procedure to test the existence. - Valuation: The auditor must verify the adequacy of the allowance for uncollectible accounts. Must prepare an aged trial balance and discuss the results with the credit manager, and then a comparison with last year's results should be examined. **[WEEK 8 -- PURCHASES CYCLE]** **Inspect (Documents), Observe (Actions), Inquire (Missing Documents), Re-Perform (Numbers and Calculations), Test, Matching (Documents)** 1. Purchase Requisitions 2. Purchase Orders 3. Receiving of Goods (GRNs) 4. Recording of Purchases 5. Payment Preparation 6. Recording of Payment [TEST OF CONTROLS:] - Inspect all documents are sequentially prenumbered. - Inspect all documents i.e. purchase requisitions, delivery notes are signed. - Inspect the signatures of documents. - Inspect the purchase requisitions are authorised by the correct person. - Re-perform the matching of the purchase requisition and purchase order. - Inspect if the approved suppliers list exists. - Re-perform all calculations and numbers to see if they are correct. - Match the GRN with the purchases order and delivery note from the supplier. - Inquire about any missing documents. - Re-perform the invoicing. - Re-perform the creditor's reconciliation. - Inquire that all purchase requisitions are distributed to the supplier. - Inspect the purchases journal. - Inspect the invoices for every purchase order. - Match the purchase order to the invoice. - Re-perform the bank reconciliation. - Inspect if prices are on the authorised price list. - Inspect the description of goods purchased to ensure they relate to the business. - Match the quantity on the purchase requisition and purchase order. - Inspect the date of the purchase requisition and purchase order. - Observe the checking of goods received. - Inquire if the goods never arrived. [INHERENT RISKS:] - Management bias and incentive to misstate expenses. - Complexity of expenditures incurred. - Management override controls. - Incorrect cut-off applied. - Understate accounts payable. - Importation of goods and errors in recording. [CONTROL RISKS:] - Failing to record a purchase in the proper period. - Misclassifying purchase of assets and expenses. - Failing to record a payment. - Recording a payment more than once. - Failing to record a prepaid expense as an asset. [SUBSTANTIVE PROCEDURES:] Purchases: Assertion for Understatement - Occurrence: Purchases are not fictitious and actually occurred. - Cut-Off: Purchases have been recorded in the proper accounting periods. - Classification: Purchases have been recorded in the correct accounting accounts. - Completeness: All purchases have been recorded. - Accuracy: Purchases have been recorded at the correct amounts and details. Payments: Assertion for Completeness - Occurrence: Payments of the creditor are not fictitious and actually occurred. - Cut-Off: Payments have been recorded in the proper accounting periods. - Classification: Purchases have been recorded in the correct accounting accounts. - Completeness: All payments have been recorded. - Accuracy: All payments to creditors have been recorded at the correct amounts. **[WEEK 9 -- INVENTORY CYCLE]** 1. Planning: Order 2. Receipt: GRN 3. Issue 4. Inventory Adjustment Forms 5. Inventory Records [INHERENT RISKS:] - Volume and complexity of manufacturing. - Changes in staff and systems. - Net Realisable Value (NRV) - Inventory at multiple locations. - Goods in Transit (GIT) - Wrong pricing where the inventory is obsolete or damaged. - Omission of GIT. - Inclusion of the same inventory more than once. - Omission of invoices from the purchase order relating to the stock included in the inventory. [CONTROL RISKS:] - Employ staff with the appropriate skills and training. - Management monitoring control activities. - Staff understanding costing methods. - Reasonable accounting policies for allocation of overhead expenses. - Complex accounting systems e.g. integrated database systems. - Budgets and performance reviews. - Obtain feedback from customers regularly. - Conduct regular inventory counts. - Efficient production planning and scheduling. [CONTROLS:] - No movement of stock without authorisation and a document. - Transfer documents must be signed. - Limited entry and exit. - Controlled entry and exit. - Damaged, lost or theft stock. - Restricted entry and access. - Reconciliations - Adequate segregation of duties. - SCRUM: Segregation of Duty, Custody of Assets, Reconciliation, Unused Stationary, Management Supervision [CONTROL ACTIVITIES:] Occurrence of Inventory Transactions = The auditor's main concern is that all recorded inventory exists. The auditor should also be concerned that goods may be stolen. Completeness of Inventory Transactions = The primary control activity for completeness relates to recording all inventory that has been received. Controls are closely related to the purchasing process. Accuracy of Inventory Transactions = Inventory transactions that are not properly recorded result in misstatements that directly affect the amounts reported in the financial statements. Inventory purchases must be recorded at the correct price and actual quantity received. Inventory shipped must be properly recorded in cost of goods sold and the related revenue recognized. Classification of Inventory Transactions = The client must have control activities to ensure that inventory is properly classified as raw materials, work in progress, or finished goods. By knowing which manufacturing department holds the inventory, the auditor is able to classify it by type. [ISA 501:] - THE AUDITOR MUST ATTEND THE INVENTORY COUNT AND OBSERVE. Before Inventory Count: - Contact the client to obtain a copy of the inventory count instructions to understand how the count will be conducted. - Review the working papers from the previous auditor to understand the inventory count process and identify any issues. - Contact the client to obtain details of date, time and location of the inventory count. - Obtain a list of locations where inventory is stored. - Inquire whether any inventory is held by third parties and make arrangements to visit the third-party site. Test of Controls: During Inventory Count - Inquire about the segregation of duties by having the count performed by non-warehouse staff. - Teams of two people to perform the count. - No movement of inventory (entering of exiting) while the count takes place. - No production is scheduled. - Inspect the count sheets have been completed. - Inspect the count sheets have been completed in pen rather than pencil. - Inspect the count sheets to ensure they show the description of goods. - Re-perform the sequence check on the count sheets to ensure none are missing. - A system for allocating inventory to counting teams to ensure all inventory is counted but not duplicated. - A system for identifying inventory which should not be valued e.g. damaged, obsolete stock so they can be valued properly. - A system to ensure inventory belonging to third parties is not include in the count. - A system to ensure that any inventory stored elsewhere is counted and not included. [TEST OF CONTROLS:] **Review, Observe, Re-Perform, Inspect, Calculate, Obtain, Inquire** - Obtain cut-off information including the number of the last shipping and receiving documents. - Inspect GRNs and GDNs around the year-end to confirm the correct cut-off period. - Inspect all documents are sequentially prenumbered. - Inspect documents such as supplier's invoice and payroll records. - Inquire about goods held on consignment. - Observe the condition of the inventory for items that may be obsolete, slow moving or held in excess quantities. - Review purchase invoices and post year-end sales invoices to confirm is NRV is above cost. - Calculate the inventory holding period to identify slow-moving inventory. - Inspect purchase invoices for the signature and name of the client to confirm the rights and obligations. - Review the disclosures in the financial statements to ensure the compliance with the financial reporting framework regarding raw materials, WIP and finished goods. - Obtain a sample of items from the inventory count records to confirm existence. - Calculate NRV is greater than cost. - Inquire about the breakdown of the standard cost calculation. - Inquire about the basis of the standard costs. [SUBSTANTIVE PROCEDURES:] Existence: - Physically inspect the items in the warehouse and observe the inventory count. - Attend the inventory count at the third-party warehouses. - Obtain copies of the inventory count sheets. Completeness: - Trace the physical items from the warehouse to the inventory count sheets to ensure they were recorded accurately. - Record details of the last deliveries prior to the year-end. - Obtain copies of the inventory count sheets to check against the final inventory listing. - Trace the items counted during the inventory count to the final inventory list to ensure it's the same. - Trace the goods received prior to the year-end to the year-end inventory balances. - Trace the goods despatched to ensure the items aren't included in inventory. Rights and Obligations: - Enquire that all inventory is owned by the entity. - Goods held on behalf of third parties are segregated and separately recorded. - Inspect the purchase invoices for the inventory items for the name of the client. Valuation: - Observe the inventory count and inspect the inventory for evidence of damage or obsolescence that may affect the NRV and ensure valuation has been adjusted. - Inspect the purchases invoices for the inventory items to agree the cost of the items. - Inspect year-end sales invoices for the inventory items to determine if inventory is held at the lower of NRV and cost. - Re-calculate WIP and finished goods valuations. - Calculate the inventory holding period and compare this to the previous year to identify slow-moving inventory. - Ensure all fees from importing overseas goods are incurred. Classification: - Review the inventory categories to ensure they have been classified correctly.

6001ACC Audit and Internal Control - Weeks 5-9 Revision PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue