Internal Controls (3) & Internal Audit

Question 1

1. Capital Expenditure

Four types of property, plant & equipment (PP&E) transactions may occur:

Answer 1

• Acquisition of capital assets for cash or other non-monetary considerations.
• Disposal of capital assets through sale, exchange, retirement, or abandonment.
• Depreciation of capital assets over their useful economic life.
• Leasing of capital assets.

Question 2

Assertions: PP&E (7 with defiinitions)

Answer 2

Existence/Occurrence

• All PP&E transactions and events have occurred and have been recorded in the books.

Completeness

• All transactions and events that should have been recorded have been recorded and included in the financial statements.

Authorization

• All PP&E transactions and events are properly authorized.

Rights & Obligations

• The entity has rights to the purchases and owns the assets as at the balance sheet date.

Accuracy

• Amounts and other data relating to PP&E transactions and events have been recorded appropriately

Valuation

• Additions and disposals are correctly posted. PP&E is stated at cost or after depreciation.

Cutoff

• Asset receipts, shipments, and disposals are shown in the correct accounting period.

Question 3

Control Examples: Capital Expenditure
One assertion: Risk, controls and tests of controls?

Answer 3

Authorisation

Risk:

• assets purchased not authorized by the board

Controls:

• authorization table exists with agreed levels/categories shown

Tests of controls:

• review evidence that purchases are authorized at the appropriate staff level.

Question 4

2. Long-term Debt

What does the auditor need to assure?

What does this assurance extend to?

What is it more efficient to do for most?

Answer 4

• The auditor must be assured that the amounts shown on the balance sheet for the various types of long-term debt are not materially misstated.
• This assurance extends to the recognition of interest expense.
• For most entities, it is more efficient to follow a strategy of conducting substantive testing.

Question 5

Control Examples: Long-term Debt

One assertion: risk, controls and tests of controls?

Answer 5

Classification

Risk:

• portion of long-term debt due next year isn’t reclassified as a short-term liability

Controls:

• procedure exists to calculate and re-classify this portion of debt.

Tests of controls:

• review the procedure and its consistent use.

Question 6

3. Equity

Main transactions: (3/3,2,1)

Answer 6

Issuance of shares

• e.g. sale of shares for cash;
• the exchange of shares for assets; and issuance of shares for share splits.

Repurchase of shares

• including both the reacquisition of shares and retirement of shares.

Payment of dividends

• including cash and share dividends (rights issues).

Question 7

Control Examples: Equity
One assertion: risk, controls and tests of controls?

Answer 7

Accuracy

Risk:

• Cash dividends declared but not paid are not shown as liabilities.

Control:

• Segregations of duties in handling transactions.

Test of control:

• Determine if share and dividend transactions are properly posted and summarized in the accounting records.

Question 8

Control Examples: Bank & Cash

One assertion: risk, controls and tests of controls?

Answer 8

Cut-off

Risk:

• cash received or paid near the year end is recorded in the wrong period

Controls:

• sequential numbering of receipts/payment documents; reconciliation

Tests of controls:

• review the bank and cash reconciliations at the period end.

Question 9

1. Limitations Of Internal Controls (5/2,2,3,2,2)

Answer 9

Cost versus benefits

• The cost of internal controls should not exceed their benefit.
• However, precise measurement not always possible.

Management override

• Where management instructs a more junior employee to amend, enter or remove data, in the process ignoring the usual controls which are in place.
• The junior employee may know this is wrong, but not speak out for fear of losing their job. This can be very hard to spot in an audit situation, particularly with manual data.

Errors or mistakes

For example:

• Computer programmers may not understand the purpose of controls, and may design them incorrectly
• Control reports may not be understood, and ignored instead of checked.
• Many errors/mistakes can be avoided by adequate training and supervision, but this is not always possible.

Collusion

• The ‘segregation of duties’ controls, in particular, can be overridden if two or more people work together.
• For example, if a clerk entering fictitious invoices is working in collusion with the authorising manager, the invoices can be presented for payment as valid.

Breakdowns

• Breakdowns in controls due to misunderstanding of instructions or errors due to carelessness.
• Controls can also breakdown as a result of errors due to carelessness or tiredness

Question 10

When weaknesses in the controls are found, the auditor must: (3)

The auditor needs to report ____________ _____________ in internal control _______ ______ ____ _____________. Report to (2)
Format Of Report could be?
Best practice indicates (4)?
Ideally…?

Answer 10

• Re-visit the original risk assessment and adjust the level of risk.
• Conduct further audit procedures accordingly.
• Perform more substantive procedures, if appropriate.

The auditor needs to report material weaknesses in internal control when they are discovered. Report to:

• Those charged with governance – often the audit committee
• Management

Non-material weaknesses are also often reported.

• This can be verbal, but best practice indicates a covering letter, a table setting out the matters raised, recommendations for improvement and space for the client’s response.
• Ideally this should be sent as soon as possible to allow the client time to set matters right before the year-end.

Question 11

1. Corporate Governance Code

What is corporate governance?
What is the UK Corporate Governance Code?

Answer 11

Corporate governance is a system by which companies are directed and controlled.

The UK Corporate Governance Code (July 2018) applies to all companies incorporated in the UK and listed on the London stock exchange, and states:

‘The audit committee should monitor and review the effectiveness of the internal audit activities. Where there is no internal audit function….the reasons for the absence should be explained..’

Question 12

2. Functions Of Audit Committee

What should the audit committee provide?
What should they do (8)

Answer 12

The audit committee provide the link between internal audit and the board. The audit committee should:

• Approve the appointment/removal of the head of internal audit.
• Ensure the function has the necessary resources.
• Ensure access to the board chair. (without interference from management)
• Review the internal audit annual work-plan.
• Receive periodic reports from internal auditor.
• Meet with internal auditor without the presence of management.
• Monitor management’s responsiveness to internal audit.
• Review the overall effectiveness of internal audit.

Question 13

3. Internal Audit – Scope
   Types Of Internal Audit Assignments

What is internal audit used for and by who?

What are the three types of audit assignments and what do they involve? (2,3/1+1,1+1,1+1,1+1/3,1)

Answer 13

Overall, internal audit is used by management to help ensure effective corporate governance. This usually involves:

1. Evaluating risks

Evaluation:

• General business risks; and,
• Risks specific to the entity.

Internal auditors may be required to:

• Determine the sources of risk.
• Recommend approaches to manage risk.
• Monitor the operation of such controls.

2. Evaluating compliance

Laws and regulations relevant to the entity must be complied with, and internal audit often review this. Including:

• Products (e.g. chemicals)

  - Compliance Area: Regulations governing the production, handling, and disposal of chemicals.

• Competition (e.g. copyright laws)

  - Compliance Area: Laws that prevent unfair competition practices, including respect for intellectual property rights.

• Environment (e.g. pollution)

  - Compliance Area: Environmental regulations aimed at reducing pollution and protecting natural resources.

• Employees (e.g. equal pay, unfair dismissals)

  - Compliance Area: Labor laws ensuring fair treatment of employees, including pay equity and protection against wrongful termination.

3. Operational auditing

Usual aims are to:

• Identify the causes of problems
• Improve efficiency of operations
• Enhance effectiveness of operations

Operational audits may overlap with financial audits, but this is not their primary function

Question 14

4. Outsourcing Internal Audit

3 advantages?
3 disadvantages?

Answer 14

Advantages

• Independence

    - An external auditor provides an unbiased and objective perspective as they have no conflicts of interest

• Professional skills base

     - External audit firms normally have specialised skills and certifications so they bring their vast depth of knowledge

• Experience from other clients

     - Exposure from various clients allows them to bring best practices and innovative solutions

Disadvanatages

• Not ideal for small businesses

    - Hard to justify the complexity and cost of hiring an external audit firm due to their scope and scale of operations

• Duplication of efforts

      - May be overlapping efforts

• Do they have the relevant industry expertise

     - Lack of industry specific knowledge could affect their ability to fully understand and evaluate unique risks

• Cost

     - Expensive due to firm fees, travelling fees etc

Question 15

5. External Vs Internal Auditors

Aim?
Report to?
Materiality?
Scope?

Answer 15

External Auditors

• Aim to express an opinion on the financial statements
• Report to shareholders
• Use materiality
• Scope depends on whether giving an opinion or assurance

Internal Auditors

• Aim to assist management and directors
• Report to the board/management
• Materiality may be much smaller, depending on specific work
• Scope may be wide or very narrow