Topic 9 Systems Flashcards

Question 1

Q

What is the audit process with regards to systems

Answer

A

1) Ascertain the system
2) Document the system

3) Evaluate the system- TOC
Confirm the operation of the system (testing controls i.e. audit evidence)
.
5. Report on the deficiencies on a ‘Management Letter/Management Weakness letter’

Question 2

Q

What is internal control and it’s importance

Answer

A

Internal controls are the policies and procedures designed and effected by directors and managers to enable the achievement of the entity’s objectives with regard to reliability of financial reporting, effective and efficiency of operations and compliance with application of laws and regulations

The importance of internal control is quite simply to manage problems that could prevent organization from achieving it’s objectives

Question 3

Q

Internal controls are the policies and procedures used by directors and managers to help ensure the effective and efficient conduct of the business;

what are some examples of business objectives

Answer

A

safeguard of assets
regulatory compliance
prevention and detection of fraud and error
the accuracy and completeness of accounting records
the time preparation of reliable financial information

Question 4

Q

why is internal control important

Answer

A

more reliable systems of control mean lower risk of material misstatement

reliable systems contain stronger controls

The auditors must understand the system and the controls within the system. Once these are understood then only can they test whether the controls work

The more effective and reliable the system, the lower the audit risk and the greater the reliance the auditor can seek to place upon the system

Question 5

Q

what does a reliable system =?

Answer

A

reliable system = lower audit risk = less substantive testing

More reliable system of control mean lower risk of material misstatement. Reliable systems contain stronger controls

The auditor must: Understand the system. and the controls within the system and test whether the controls work

The more effective and reliable the system the lower the audit risk and the greater the reliance the auditor can seek to place upon the system

Question 6

Q

ISA 315 identifying and assessing the risks of material misstatement through understanding the entity and its environment” considers the components of an entitys internal control.

what are the components of Internal control (CRIME)

list them

Answer

A

control activities (APIPS+IT Controls)
Risk assessment of entity
Information system relevant to financial reporting
Monitoring of controls
Environment (control )

Question 7

Q

components of Internal control (CRIME)

what is Control activities (APIPS IT)

Answer

A

Authorisation
Performance review
Information processing
Physical controls
Segregation of duties
IT Controls

Question 8

Q

Control activities (APIPS)

what are the two types of IT controls

Answer

A

Application controls

General controls

Question 9

Q

Control activities (APIPS)

what are application controls definition

Answer

A

These are controls build into a specific application within a system

can be auto or manual

Question 10

Q

Control activities (APIPS)

what are some examples of application controls

Answer

A

Document counts (invoice on hand vs on screen)
2) Sequence checks (you can run missing sequence report for missing dispatch notes to help you realise you’ve missed out on revenue if you haven’t electronically delivered it yet)
3) Arithmetic checks e.g. VAT
4) Range checks (min & max pay)
5) Batch reconciliation/Batch control (checking the total on the system matches with what’s on hand- should balance)
Validation checks

Question 11

Q

Control activities (APIPS)

what are general controls definition

Answer

A

These are controls over the computer environment. it effects multiple areas of the IT controls.

These include policies and procedures that relate to many applications and support the effective functionating of application controls.

Question 12

Q

Control activities (APIPS)

what are some examples of general controls

Answer

A

Software update
systems are networked
training provided
software and hardware maintenance
passwords and restricted access
backup
virus software
door locks

Question 13

Q

components of Internal control (CRIME IT)

Back to CRIME, what is R.. explain

Answer

A

entity’s risk assessment process

A more robust risk assessment process will reduce the risk of misstatement

For Financial reporting purposes, the entity’s risk assessment process includes how management identifies ALL business risks relevant to the preparation of financial statements in accordance with the entity’s applicable financial reporting framework.

Can be ANY RISK that the management are concerned with (not just to do with statements)

It estimates their significance, assesses the likelihood of their occurrence, and decides upon actions to respond to and manage them and the results thereof.

Question 14

Q

components of Internal control (CRIME IT)

Back to CRIME, what is I.. explain

Answer

A

“Information system, including the related business processes, relevant to financial reporting and communication”

The auditor should obtain an understanding of the information system, including the related business processes, relevant to financial reporting

these include

accounting system
procedures and records designed and established to initiate records
process of information
and report entity transactions

These cover the important cycles;

Sles
Payroll
Purchases

Question 15

Q

components of Internal control (CRIME IT)

Back to CRIME, what is M.. explain

Answer

A

Monitoring of controls (often done by internal auditor)

Management must monitor controls to ensure they are operating and are effective

It involves assessing the effectiveness of controls on a timely basis and taking necessary remedial actions.

Management accomplishes the monitoring of controls through on going activities, separate evaluations, or a
combination of the two.

On-going monitoring activities are often built into the normal recurring activities of an entity and include regular management and supervisory activities.

Question 16

Q

components of Internal control (CRIME IT)

Back to CRIME, what is E.. explain

Answer

A

Control environment

This includes the attitude and philosophy of management with regard to control e.g. commitment to integrity and ethical values, a formal organisation structure and proper training of staff

The control environment includes the governance and management functions and the:

Attitudes
Awareness
Actions

of those charged with governance and management concerning the entity’s internal control and its importance in the entity.

The control environment sets the tone of an organisation, influencing the control consciousness of its people.

The control environment has many elements such as communication and enforcement of integrity and ethical values, commitment to competence, participation of those charged with governance, management’s philosophy and operating style, organisational structure, assignment of authority and responsibility and human resource policies and practices.

Question 17

Q

what are five systems that you will need to understand the process of

which you will need to know

Control objective
Controls that client has in place
Test of control (Auditor checking the controls in place)

Answer

A

revenue
purchase
wages
bank
inventory

Question 18

Q

what is the general definition of a control objective in relation to the processes/systems

Answer

A

A control objective identifies the risk that the entity needs to manage i.e. the reason for a control procedure or activity being required.

wanting something good to happen

OR

Not wanting something bad to happen

For example, a risk within a purchasing system is that purchases could be made for personal use and paid by the company. Therefore the control objective is to ensure goods cannot be purchased for personal use. Most companies would have a control procedure in place to prevent this risk from occurring such as authorisation of purchase orders by a responsible official

Question 19

Q

what are the objectives of a sales/revenue system

Answer

A

✓ Sales are made to valid (good credit) customers
✓ Sales are recorded accurately
✓ orders are dispatched promptly and to correct person
✓ only valid sales are recorded
✓ all sales and receivables are recorded
✓ revenue is recorded in the period it relates to
✓ Cash collected and allocated on a timely manner

Question 20

Q

list briefly the stages of a sales/revenue cycle

Answer

A

1 Order received
2 Goods Dispatched (Department)
3 Invoice sent (accounts department)
4 Transactions recorded in books
5 Cash received & recorded

look at book to learn in detail the control procedure for each

Question 21

Q

what are the objectives of a wages system

Answer

A

Pay the right people
pay genuine people
the right wage rate
pay for the hours worked
Gross pay is calculated and recorded accurately
Net pay is calculated and recorded accurately
correct amounts owed are calculated, recorded and paid to tax authorities

Question 22

Q

list briefly the stages of a wages cycle

Answer

A

Clock cards submitted and input
gross pay, deductions and net pay calculated
Other amendments input
Final payroll calculated and pay slips produced
Payments to employees and tax authorities

(Separation of duty between those that store HR data and the people that process the wage

Payroll costs and payments recorded

Question 23

Q

what are the objectives of a purchase system

Answer

A

✓ Order are made for a valid purchase
✓ they are of appropriate quality and price
✓ Cost effective
✓ Purchases are recorded accurately
✓ All purchases recorded
✓ Payables are recorded at appropriate value
✓ Expenditure is recorded in the period it relates to
✓ Cash paid and allocated on a timely manner

Question 24

Q

list briefly the stages of a purchases cycle

Answer

A

1 Requisition raised
2 Order placed
3 Accounts Department
4 Invoice received
5 Transactions recorded in the books
6 Cash payments

Question 25

Q

what are the objectives of a cash system

Answer

A

✓ Cash is safeguarded
✓ Minimal cash held on site for legitimate expenditure
✓ Payments for authorised business expenditure only
✓ Cash and cheque books are safeguarded
✓ Receipts are banked on a timely basis
✓ Cash movements are recorded on a timely basis

Question 26

Q

list briefly the stages of a cash cycle

Answer

A

Request for payment
Payment authorisation
Payments made/ receipts
Payments and receipts are recorded

Question 27

Q

what are the objectives of a inventory system

Answer

A

Inventory levels meet the needs of production (raw materials and components) and customer demand (finished goods)
Inventory levels are not excessive, preventing obsolesence and unnecessary storage costs
inventory is safeguarded from theft, loss or damage
Inventory movements are recorded on a timely basis
All inventory is recorded
Inventory is valued at lower of cost and NRV

Question 28

Q

list briefly the stages of a Inventory cycle

Answer

A

1) Goods Received (Supplier) or Good Dispatched/Returned goods
2) goods are stored in a warehouse + Recorded / dispatch recorded
3) Movements posted to nominal ledger and inventory cards

Question 29

Q

From the audit process below, what happens in ascertaining the system

1) Ascertain the system
2) Document the system

3) Evaluate the system- TOC
.
4. Confirm the operation of the system (testing controls i.e. audit evidence)
.
5. Report on the deficiencies on a ‘Management Letter/Management Weakness letter’

Answer

A

Procedures used to obtain evidence regarding the design and implementation of controls include:

 examine previous audit work
Enquiries of relevant personnel.
Observing the procedures / application of controls.
Tracing a transaction through the system to understand what happens (a walkthrough test).
.
Inspecting documents, such as internal procedure manuals.

It should also be noted that enquiry alone is not sufficient to understand the nature and extent of controls.

Auditors can also use existing knowledge of the client and the operation of the systems. However, the auditor cannot simply rely on their knowledge from the prior year audit as changes may have occurred. Systems knowledge must be updated and the systems tested once more.

Question 30

Q

.

Question 31

Q

From the audit process below, what happens in Testing Controls/the system and give examples of methods

plan the audit
.
understand/ascertain the systems and controls
-> System notes (note taking of the system by auditor)
-> Components (CRIME)
-> Activities/systems ( APIPS)
.
Confirm the operation of the system (testing controls i.e. audit evidence)
.
Report on the deficiencies

Answer

A

A test of control involves the auditor obtaining evidence that the client has implemented the controls they say they have, and that they have worked effectively, during the period. Typical methods of controls testing include:

Walk through (confirmation of the auditors understanding of a system and how it works- THIS IS NOT A TOC)

below are all test of controls:

Observation of control activities, e.g. observing the inventory count to ensure it is conducted effectively and in accordance with the count instructions.
.
Inspection of documents recording performance of the control, e.g. inspecting an order for evidence of authorisation.
.
Computer-assisted audit techniques (such as test data to ensure the programmed controls are working effectively. See the ‘Evidence’ chapter).

Question 32

Q

From the audit process below, what happens in communicating control deficiencies and give examples of methods

1) Ascertain the system
2) Document the system

3) Evaluate the system- TOC
.
4. Confirm the operation of the system (testing controls i.e. audit evidence)
.
5. Report on the deficiencies on a ‘Management Letter/Management Weakness letter’

Answer

A

The Auditors will communicate deficiencies in the internal controls to those charged with governance and management. This will be communicated via a management letter or report to management sent at the end of the audit process. This is a two part :

1) Covering letter
- covers the deficiencies identified during audit work
- for sole use of the company
- no disclosure to third parties without agreement
- no responsibility assumed to any other parties

2) Appendix
- Deficiencies
- Consequences
- Recommendations

Space for managements response

In the exam, you have to follow this:

1) Identify the deficiency
2) The consequence of that deficiency
3) Recommendation

Question 33

Q

From the audit process below, what happens in documenting the system and give examples of methods

1) Ascertain the system
2) Document the system

3) Evaluate the system- TOC
.
4. Confirm the operation of the system (testing controls i.e. audit evidence)
.
5. Report on the deficiencies on a ‘Management Letter/Management Weakness letter’

Answer

A

The auditor must document the client’s control systems before evaluating whether the system is adequate and working effectively.

Narrative notes (written desctiption of system)
Flow charts
Organisation chart
Questionnaires
> Internal control questionnaire (ICQ)
> Internal control evaluation questionnaire)

Question 34

Q

what is a narrative notes and advantages

Answer

A

The main advantage of narrative notes is that they are simple to record, after discussion with the company these discussions are easily written up as notes.

Additionally, as the notes are simple to record, this can facilitate understanding by all members of the team, especially more junior members who might find
alternative methods too complex.

Question 35

Q

what are narrative notes dis-advantages

Answer

A

Narrative notes may prove to be too cumbersome, especially if the system is complex.

This method can make it more difficult to identify missing internal controls as the notes record the detail but do not identify control exceptions clearly.

Question 36

Q

what is a flow charts and advantages

Answer

A

A pictorial of how the system works

Can be prepared quickly.
Tend to be easily followed and understood.
Eliminates the need for detailed narrative notes.

Question 37

Q

what are flow chart dis-advantages

Answer

A

It’s difficult to show a graphic illustration for unusual transactions, and narrative notes tend to be better, due to the uniqueness.

Major amendments are difficult without a complete
redraw.

Question 38

Q

what are the two types of questionnairs

Answer

A

ICQ- Internal control questionnaires

ICE- Internal control evaluation questionnaires

Question 39

Q

what are ICE and give examples

Answer

A

Internal control Evaluation questionnaires which lists the objectives, and asks the client how they meet that objective.

These are not structure to be a yes/no but it’s still a q about how they meet their objectives of that control

e.g. how does the co check that there are no duplicate payments through the bank accounts

Question 40

Q

what are ICQ

Answer

A

Internal control questionnaires are used to assess whether controls exist which meet specific objectives or prevent or detect errors and omissions.

Asking a series of questions that require yes/no answers

does a company reconcile its bank ac balance to the bank statement each month?

Question 41

Q

What are advantages of questionnaires

Answer

A

Questionnaires are quick to prepare, which means they are a cost effective method for recording the
system.

They ensure that all controls present within the system are considered and recorded; hence missing controls or deficiencies are clearly highlighted.

Questionnaires are simple to complete and therefore any members of the team can complete them and they are easy to use and understand.

Question 42

Q

What are dis-advantages of questionnaires

Answer

A

It can be easy for the company to overstate the level of the controls present as they are asked a series of questions relating to potential controls.

Without careful tailoring of the questionnaire to make it company specific, there is a risk that controls may
be misunderstood and unusual controls missed.

Question 43

Q

The Auditors will communicate deficiencies in the internal controls to those charged with governance and management.

This will be communicated via a management letter or report to management sent at the end of the audit process. This is a two part :

1) Covering letter
2) Appendix

what is in a covering letter

*** questions usually focus on the content of the appendix for a given scenario rather than a covering letter

Answer

A

1) Covering letter
- covers the deficiencies identified during audit work
- for sole use of the company
- no disclosure to third parties without agreement
- no responsibility assumed to any other parties

Question 44

Q

The Auditors will communicate deficiencies in the internal controls to those charged with governance and management.

This will be communicated via a management letter or report to management sent at the end of the audit process. This is a two part :

1) Covering letter
2) Appendix

what is in a Appendix

*** questions usually focus on the content of the appendix for a given scenario rather than a covering letter

Answer

A

2) Appendix
* often in tabular format

Deficiencies
Consequences
Recommendations

space for managements response

Question 45

Q

.

Question 46

Q

Cash cycle is the following

Request for payment
Payment authorisation
Payments made/ receipts
Payments and receipts are recorded

when you receive cash, what could be your control procedure

Answer

A

▪ Check for counterfeit
▪ Sign it in
▪ Deposit in a secure place
✓ Safe
✓ Strongroom
✓ Locked cashbook

▪ Security locks
▪ Swipe cards
▪ Night safe
▪ Regular banking but not in a pattern

Question 47

Q

Cash cycle is the following

Request for payment
Payment authorisation
Payments made/ receipts
Payments and receipts are recorded

what is the control procedure for receipts of payments

Answer

A

▪ Agreed back to sales invoice
documents

▪ Bank regular
▪ Review and authorised

Question 48

Q

Cash cycle is the following

Request for payment
Payment authorisation
Payments made/ receipts
Payments and receipts are recorded

what is the control procedure for payments

Answer

A

▪ Authorised payments
▪ Agree back to relevant
documentation

Question 49

Q

Cash cycle is the following

Request for payment
Payment authorisation
Payments made/ receipts
Payments and receipts are recorded

what is the control procedure for recording

Answer

A

▪ Review from management for reasonableness
▪ Segregation of duties
▪ Bank reconciliations
▪ Customer statement reconciliation
▪ Supplier statement reconciliation

Question 50

Q

.

Question 51

Q

.

Question 52

Q

Purchase cycle is the following

1 Requisition raised
2 Order placed
3 Accounts Department
4 Invoice received
5 Transactions recorded in the books
6 Cash payments

what is the control procedure for req raised

Answer

A

A note internally to an authorised
manager asking if an order can be raised

▪ All requisitions authorised
▪ Central purchasing department
▪ Review inventory levels first
▪ Sequentially numbers requisition pad

Question 53

Q

Purchase cycle is the following

1 Requisition raised
2 Order placed
3 Accounts Department
4 Invoice received
5 Transactions recorded in the books
6 Cash payments

what is the control procedure for orders placed

Answer

A

▪ Requisition note attached and agreed to order
▪ Request order confirmation in writing
▪ Preferred supplier list
▪ Agree quoted price against supplier list
▪ Copy of the order sent to warehouse

and send the order to supplier

Question 54

Q

Purchase cycle is the following

1 Requisition raised
2 Order placed
3 Accounts Department
4 Invoice received
5 Transactions recorded in the books
6 Cash payments

what happends when the goods are received in the warehouse

Answer

A

in the warehouse

▪ One secure area
▪ Update inventory records

GRN is an internal document produced by the warehouse which we keep

▪ Review quantity, quality and agree GRN back to the order

▪ Copy of the GRN is signed and sent to accounts department

Question 55

Q

Purchase cycle is the following

1 Requisition raised
2 Order placed
3 Accounts Department
4 Invoice received
5 Transactions recorded in the books
6 Cash payments

what happends in the accounts department

Answer

A

Invoice received
▪ Match invoice to requisition order, GRN

▪ If no GRN ask for proof of delivery

Question 56

Q

Purchase cycle is the following

1 Requisition raised
2 Order placed
3 Accounts Department
4 Invoice received
5 Transactions recorded in the books
6 Cash payments

what happends in the transaction recording section

Answer

A

▪ Batch controls on input
▪ Recalculate invoice, sign authorise- agreed the prices on order and requisition

▪ Reconcile to monthly statements

Question 57

Q

Purchase cycle is the following

1 Requisition raised
2 Order placed
3 Accounts Department
4 Invoice received
5 Transactions recorded in the books
6 Cash payments

what happens in the cash payment

Answer

A

▪ Stamp invoice to say paid

▪ Separate file for paid / unpaid

▪ Authorise payments after looking at supporting documents

▪ Authorise invoices for
payments

Question 58

Q

Purchase cycle is the following

1 Requisition raised
2 Order placed
3 Accounts Department
4 Invoice received
5 Transactions recorded in the books
6 Cash payments

what happens in the cash payment if credit note was received

Answer

A

▪ Agree payment back to invoice
▪ Allocate to specific invoice
▪ Bank reconciliations
▪ Supplier statement
reconciliation

Question 59

Q

.

Question 60

Q

.

Question 61

Q

.

Question 62

Q

Revenue cycle is the following

1 Order received
2 Goods Dispatched (Department)
3 Invoice sent (accounts department)
4 Transactions recorded in books
5 Cash received & Recorded

what are the control procedures for order received

Answer

A

▪ Confirm orders in writing
▪ Carry out credit checks
▪ Establish limits
▪ Pre-number orders
▪ Exception reports
▪ Check inventory levels
before acceptance
▪ Discount authorised
▪ Standard price list
▪ Approval of order if it exceeds a certain amount

Question 63

Q

when an order is received (Revenue) who are the order copies sent to

Answer

A

1) Goods dispatched department

2) a copy is also sent to Accounts department

Question 64

Q

Revenue cycle is the following

1 Order received
2 Goods Dispatched (Department)
3 Invoice sent (accounts department)
4 Transactions recorded in books
5 Cash received & Recorded

what are the control procedures for after the order is received and authorised

Answer

A

▪ Copy of pre-number numbered order sent to dept.

▪ Weekly order check

▪ Order signed by inventory picker

▪ GDN raised and matched to order signed

Answer 58

A

▪ Customer signs GDN to agree goods delivered (proof of delivery)

▪ Sequentially numbered GDN,

▪ review for missing GDN

—>▪ Copy of signed GDN sent to accounts department

Answer 59

A

▪ Invoice matched to order and GDN

▪ Unmatched GDN to be reviewed (unfulfilled orders)

▪ Invoices signed as agreed to PO, GDN,
price list

▪ Recalculation (sales tax/ prices/ quantities)

—>▪ Invoice sent to customer

Answer 60

A

▪ Review receivables for credit balances

▪ Agree back to invoices
▪ Reconciliation

▪ Send out customer statements

Answer 61

A

RECEIVED
▪ Agreed back to invoice
▪ Double count
▪ Review aged listing
▪ Debt chasing

RECORDED
▪ Monthly statements sent out
▪ Bank reconciliation
▪ Regular banking
▪ Segregation of duties

Answer 62

A

a credit note is raised instead of invoice

▪ Authorised
▪ Tied to invoice
▪ Ensure valid
▪ Check for sequence

Answer 63

A

CLOCKCARD BY AN AUTHORISED PERSONNELL

▪ Supervise clock in and clock out

▪ Head count

▪ Registers

▪ Authorisation of timesheet

–> Send to accounts department “Payroll Clerk”

Answer 64

A

Standing data input (HR Department)

* Processing the wage (Payroll clerk)

Answer 65

A

▪ Monthly print of changes reviewed and authorised by management

▪ Data about employees printed and reviewed on a regular basis

▪ Password, restricted access to thedata
▪ Complete a joiners / leavers form (risk of continuing to pay)

Answer 66

A

▪ Recalculate wages

▪ Recalculate tax deductions to pay HMRC

▪ Exception reports ( E.g. if large overtime payment / contract)

▪ Review and authorisation from management for unusually high amounts and duplicates

Answer 67

A

.▪ Wage clerk signs print out that double entry has been done

▪ Check the amounts agree
▪ Sign amendment sheets when updated on accounting system

▪ Management review for reasonableness

Answer 68

A

▪ 2 people present
▪ Employees signs receipt of cash
▪ Agree back to wage accounts
▪ Wage control account

Answer 69

A

▪ Authorised signatory
▪ Agree back to wage accounts
▪ Wage control account

Answer 70

A

▪ Set location for inventory
▪ Signed for by manager
▪ Agree quantity and quality to order

Answer 71

A

Organised
Security / Reg
Standing data input

Answer 72

A

Rotation
▪ Bins
▪ Shelves

Answer 73

A

▪ Sprinklers
▪ Fire alarms
▪ CCTV
▪ Restricted access
▪ Temp regulations

Answer 74

A

counting the physical stock and checking against the automatic stock sheets

external auditor will also annually audit/attend the stock count

Answer 75

A

▪ Staff count in pairs

▪ Inventory sheets prenumbered

▪ Signed

▪ Close down warehouse for count

▪ Mark inventory when counted

▪ Write in pen

▪ Random second counts

▪ Staff don’t count area they are responsible for

Answer 76

A

A control objective should describe a risk to be mitigated by an internal control

example:

To ensure capital items purchased are for valid business use

To ensure capital items purchased represent value for money

DO NOT JUST Describe the internal control but not the risK like

To ensure capital items purchased are authorised
to ensure all capital items purchased are given a unique serial number