TOPIC 4 and 5 : AUDIT OF INTERNAL CONTROL SYSTEMS

(ISA 400 Risk assessments and Internal Control) 4.1 Meaning, objectives and importance of Internal Control System to the Auditor. a) Accounting system: ISA 400 requires the auditor to gain an understanding of the entitys accounting system, including: Major classes of transactions in the entitys operations How such transactions are initiated (whether at branches or the head office) Significant accounting records, supporting documents, and accounts in the financial statements The accounting and financial reporting process, from the initiation of significant transactions and other events to their inclusion in the financial statements. b) Internal Control System (ICS): Internal control system refers to all the policies and procedures (financial or otherwise) adopted by the managers of an entity to help ensure, as far as is practical, the orderly and efficient conduct of its business. I.e Management philosophy and operating style, and all policies and procedures adopted by management to assist in achieving the entitys objectives. (An organization which is orderly and efficiently run will be able to satisfy its suppliers, customers, use its productive facilities efficiently and above all, meet the needs of employees far better than businesses which are disorderly and inefficient. An efficient organization will have good flow of timely information. As far as the auditor is concerned such an organization will be much easier for him to deal with since company official will be in a position to provide accurate information and also outsiders/stakeholders will provide accurate evidence - a satisfied customer is much more likely to reply to debtors circularization.) c) Objectives of Internal control To Ensure adherence to management policies i.e to ensure that all transactions are carried out in accordance with managements general or specific authorization. Mngt will have many policies in place e.g. those for personnel, procurement, asset management, depreciation, stock valuation etc.-expressed in budgets, long-range forecasts, corporate plans. Such adopted policies will be relevant to the auditor, as he will have to evaluate whether or not mngt is adhering to the set policies and 1

their (policies) adequacy. To Safeguard the companys assets from abuse and misuse access to assets is limited in accordance with authorisatione.g. say keeping valuable stocks under lock and, ensuring that all goods dispatched are properly invoiced and payments are only effected in respect of goods/services actually received. The auditor is very much concerned with asset safety, since in forming his opinion he has to satisfy himself that actually the assets do exist. To Prevent and detect of frauds and errors This is a key responsibility of management, therefore a well designed and adhered to ICS will assist management to meet this requirement. To secure as far as possible the completeness and accuracy of accounting records. Transactions are promptly and accurately recorded so as to allow the preparation of financial reports. This is of specific interest to the auditor because records form the basis for the financial statements upon which auditor is reporting. A good ICS will result in financial statements, which show a true and fair view. Internal controls promote timely preparation of financial information Scope and components of Internal Control System (ICS) The scope of internal control extends beyond accounting controls to include operational controls and administrative controls as well e.g. quality control, work standards, budgetary control, periodic reporting, and policy appraisals. The attention of the external auditor will be more with the financial controls, where as the internal auditor will be concerned with both financial and administrative controls. The external auditor will only be concerned with those administrative controls that may have a bearing on the reliability of financial records. Components of ICS: The internal control system extends beyond matters relating directly to accounting system functions and comprises the control environment, Information system and control procedures. 2

(a)

Control

environment:

Includes

managements

the

overall

attitude,

awareness and actions regarding the internal control system and its importance to the entity. Under control environment the Auditor should consider: Managements philosophy, Corporate culture and operating style The entitys organizational structure and methods of assigning authority and responsibility The functioning of the board of directors and its committees is it an active board/ rubber-stamping board? Does the board have an active and up-to-thejob Audit committee? Existence and effectiveness of the Internal audit department. Uses of information technology. Competence and integrity of entitys Human resources. What are the personnel policies in place, procedures and segregation of duties? (Management control system) The control environment has an effect on specific control procedures. A strong control environmentfor example, one with tight budget controls and an effective internal audit functioncan significantly complement specific control procedures. But a strong environment does not, by itself, ensure the effectiveness of the internal control system. (b) Information System - These are the methods and records established to (to account) and record the transactions and other events that affect an entity and to maintain accountability for assets, liabilities, revenues and expenses. Under Information System the Auditor should identify and understand: Major classes of transactions; How such transactions are initiated; Significant accounting records, supporting documents and accounts in financial reports; and The accounting and financial reporting process. (C) Control procedures Includes both policies and procedures that management has established to ensure its directives are carried out. Control procedures are added to the accounting system to ensure that system produces accurate and reliable data. Control procedures include: Reporting, reviewing, and approving reconciliation of bank accounts, control accounts 3

Checking the mathematical accuracy of records Controlling computer information systems by, for example, establishing controls over changes to computer programs and access to data files use of passwords Maintaining and reviewing control accounts and trial balances Approving and controlling documents Comparing internal data with external sources of information Comparing cash, security, and inventory counts with accounting records Limiting direct physical access to assets and records e.g requiring cash to be under lock and key /requiring authorization b4 using any asset. Comparing financial results and budgeted amounts. The individual components of an ICS are known as controls or Internal controls. Internal check, Internal Audit and Internal controls Both Internal check and internal audit are important constituents of the overall system of internal control. Internal Check is the a system of instituting checks on the day-to-day transactions which operate continuously as part of the routine system whereby the work of one person is proved independently or is complementary to the work of another, the object being the prevention and early detection of errors or fraud. Accordingly the procedures are so designed that no one person is authorized to carry out all the stages involved in a transaction/ no one should have a exclusive control over one transaction or a group transactions. (Thus a fraud cannot take place unless there is collusion between two or more persons.) Internal check system also involves prompt and independent verification of an individuals work by prescribing cross-checks and cross-reconciliations as part of the operating procedure itself. Internal checks are inbuilt in the system itself and take place concurrently with the execution of the transactions. Internal Audit is an independent appraisal function established within an organization to examine and evaluate the compliance of the organization to set policies and procedures. Internal auditor is appointed and reports to management. Internal audit is a very important component of the internal control system.

Essential Features of Internal Control It is the responsibility of management to decide the extent of the ICS appropriate to the organization. The controls used will depend on nature, size and volume of transactions, the degree of control (span of control) which members of management are able to exercise personally, the geographical distribution of the enterprise etc. 4

The choice of the controls may reflect a comparison of cost of operating individual controls against the benefits expected to be derived from them.

E x p e c t e d L o s s e s r e s u l t i Whe re = > Total Costs of < n g From Weaknesses in IC (s) implementing Internal control (s)

Implies controls should be implemented.

Core types of Internal controls These can be subdivided into 3: 5

Preventative controls controls that prevent risks from occurring. E.g. authorization controls should prevent fraudulent or erroneous transactions taking place. Other preventative controls include segregation of duties, recruiting and training the right staff and having an effective control culture. Detective Controls controls that detect if any errors have been committed. These could be exception types of reports that reveal that controls have been circumvented. For example, large amounts paid without being authorized. Other examples could include reconciliation, supervision and internal checks. Corrective controls - controls that address any problems that have occurred. Where problems are identified, those controls that will ensure that the problems are properly rectified. Examples include follow-up procedures and management action. NB : the most powerful type of control is the preventive one. It is more effective to have a control that stops problems from occurring than to detect them once they have occurred. Specific internal control procedures: Organisation structure _ That there must be an organization structure that clearly defines duties and responsibilities of each individual in the Organisation. This will also outline the lines of authority and flow of information in order to : minimize conflicts in duties boost accountability thru defined powers and authority Facilitate co-ordination and harmonization of effort amongst various departments. There must be an independent Board of Directors composed of people with experience, skills and integrity. There must be an Audit Committee- to review the actions of management, and internal and external auditors. In the structure, there must be an Independent Internal Audit Department to assist management objectives. The auditor should be familiar with all major departments whose activities are recorded in the accounts and have control implications as given below : Department Accounts department Function and activities Ledgers, Invoicing, cashiers, credit control, budgets, taxation, costing, final accounts, cheque 6 in controlling the organization and achieving corporate

preparation etc Human resource Dept Employee files, staff welfare, recruitment, trade union, training, promotion, Time sheets, wage calculations, payroll, staff loans and advances, staff medical bills, NSSF, PAYE Sales department Purchasing department Production Dept Warehousing/Stores dept. Estates dept Others Depts: Research Development Transport Legal Internal Audit & Customer relations, advertising, research, aftersales-services Ordering supplies, suppliers records Plant registers, maintenance schedules Stock records, requisitions, stock taking, stock control Estate maintenance, rental payments

Segregation of duties This is intended to ensure that no one person is able to process and a record a complete transaction from the beginning to the end without being checked. Segregation of duties minimizes the risks of intentional manipulation and boosts the element of internal check. Particular attention should be attached to the separation of the functions of authorization, execution, custody recording and in case of a computerbased accounting system, systems development and daily operations. Authorisation This is the function of initiating transactions (ie the power to commit the organisation to contractual obligations). This should be segregated such that different line managers are accorded various limits of authority which will depend upon such factors as their position, integrity, qualifications, competence and remuneration. Power to authorize transactions normally increases with hierarchy in the organization with the highest authority being with the shareholders or 7

the Board of Directors. Execution This is the function of carrying out the authorized transactions. A different person from the one, who authorized the transaction, should execute the act. E.g. placing a purchase order that has been authorized- a different officer should actually place the order from the one who authorized it in the first instance. Custody This is the function of carrying of physical control of the assets arising from the transactions. To the extent possible officials authorizing expenditures should not be the custodians of the assets arising out of the expenditure. E.g. a different storekeeper. This control ensures that the asset in the records of the organization cannot be misused in any way (say by misappropriation, theft or neglect). Recording This is the function of creating the necessary documentation relating to the transactions, and entering them in the accounting records.The objective is to ensure that all authorized (and only authorised) transactions are taken into the accounting records and by another person from the one who authorized and executed the transaction. Computer Systems Development and daily operations In a computerized environment the following functions must be carried out by separate officers/sections/departments: Development, Data preparation, Computer Data entry, File Library maintenance, Control. EXAMPLE : Absence of Segregation of Duties leading to Fraud Mr Ambayo, the chief accountant, is permitted to order equipment for his department. He orders a personal computer, which he takes home for his own use. There are no physical checks of assets carried out. As well as computing depreciation rates and entering the appropriate journals into the computerized accounting system, Mr Ambayo is also authorized to look after the disposal of fixed assets. He authorizes the Disposal of several pieces of computing equipment at well below the market values. The equipment is subsequently sold to a friend who resells it at a profit. Mr Ambayo shares in this profit. Solution Note : Where the various categories of control Authorization, Execution, Custody and recording are subjected to a common influence, say if one person were able to authorize a transaction (whether necessary or unnecessary), record it in the accounting records and there after be in control of the custody of that asset, there 8

would be a high risk or loss via fraud or misappropriation. Physical Controls These are concerned mainly with the custody of assets and involve procedures and security measures designed to ensure that access to assets is limited to authorized personnel. This includes both direct access and indirect access via documentation. These controls assume importance in the case of valuable, portable, exchangeable or desirable assets. Authorization and approval controls That all transactions should require authorization or approval by an appropriate responsible person. The limits for these authorizations should be specified. (Pple try to go round this control by subdividing expenditures into small amounts within there limits, though the aggregate total on a transaction remains above their limits-as an auditor you have to be alert to this type of fraud!) Arithmetical and Accounting These are the controls within the recording functions which check that the transactions to be recorded and processed have been authorized, that they are all included and that they are correctly recorded and accurately processed. Such controls include: Checking the arithmetical accuracy of records The maintenance and checking of totals Periodic reconciliation of bank accounts and control accounts Maintenance of control accounts Monthly/periodic extraction of a trial balance There must be routine and surprise checks say over petty cash. Proper accountability for documents- use of serially numbered documents e.g purchase orders, sales invoices, reciept books etc Physical marking of documents to show that they have been properly authorized or used e.g being stamped PAID after cheques are issued and use of a Grid stamp. Personnel Controls There should be procedures to ensure that personnel have capabilities commensurate with their responsibilities. Proper functioning of any system depends on the people operating the system- their competencies, integrity etc. Qualifications and training. Rotation of duties and vacation duties in particular routine must be rotated to avoid continuity of errors and frauds. Personnel should also be encouraged to take leave as and when it falls due, and their tasks carried out by different officers during their absence (Objective : Control frauds and errors, promoting internal checks) 9

They should be properly remunerated. Is URA case flopping ?! Internal checks should be carried out whereby, whenever possible, the work of one person is checked by another. Management Supervision and review This is a management control done by top management using such tools as budget, forecasts, and standard costing statements, internal audit feedbacks etc all of which are aimed at checking the daily running of the organization. This type of control is often carried out on an exception basis with all errors being examined or via the comparison of actual and budgeted targets (variance analysis). A management Information System (MIS) should be in place to produce relevant, accurate and timely information to management. This will include effective systems of internal reporting, budgetary control, variance analysis and forecasting (especially cash flow and profit forecasting). Internal audit - Internal audit carries checks on the ICS to ascertain whether the control procedures are being performed properly. Internal Control System and the Small Company It may not be possible for the small company to achieve the same level of segregation of duties and functions as the big company because of the costs involved (Personnel and documentation). On the other hand , the close personal contact of the management with the operations of the small enterprise that usually exists will frequently mean that management will have less need to depend on formal internal controls. Therefore by close supervision, the management of a small company may well be able to satisfy them selves of the satisfactory operation of the internal controls and accuracy of the records. However this close association creates a separate problem for the auditor : close

involvement of management in the operations of the company, may enable them to override controls and purposely exclude transactions from the records. In such situations the auditor will need to consider carefully whether there is adequate evidence to enable him to express unqualified opinion on the accounts. He will certainly carry out detailed substantive tests for a small company with regards to verification of assets and liabilities. 10

Constraints on effective internal control The need for ICS is obvious as per foregoing sections. Good ICSs do not however appear accidentally. There are a number of prerequisites necessary to be in place in order to have a good ICS . These include the following: i. i. i. i. The quality of Management Its ability to plan and control effectively, and The quality of the staff their ability to follow instructions, qualifications and The resources available these act as a major constraint on managements The quality of internal audit- if this is poor, it will not be able to improve a actually not to override the controls they have put in place. experience. ability to effectively segregate or rotate duties, have proper documentation etc. poor situation. Limitations of Internal control (Reading assignment) These limitations arise due to a number of reasons : Controls have to be cost effective. Thus, some controls may not be instituted merely because they are not cost effective. Most controls are directed at transactions of a usual nature, therefore transactions of an unusual nature might escape being subjected to rigorous controls. The potential of human error remains in any system of control. Any system of control has its limitations in preventing frauds through collusion between two or more persons. A member of the management may himself override the controls. Controls may not keep pace with changes in conditions. Management itself may manipulate transactions or estimates.

Importance of the internal control system to the auditor In general, internal control is of fundamental importance to the auditor, because before he can plan the tests he intends to carry out in his audit programme, he 11

must decide the extent to which he intends to rely on the system of internal control. The ISA 400 requires the auditor to ascertain and evaluate the effectiveness of ICS before he can place any reliance on them.- He ascertains the reliability of the system by performing compliance tests on their operations. If with regard to any part of the system the auditor is satisfied that there is a sound system of control in principle and compliance tests on it have proved that it is working satisfactorily in practice, he will be able to reduce (there by saving time and cost of the audit) the amount of substantive testing (going into increased vouching of transactions in order to provide the auditor with adequate audit evidence as to the completeness, accuracy and validity of the information contained in the accounting records . Substantive tests also include verification tests on balances and analytical review procedures) that he needs to undertake. If on the other hand, the system of control is not satisfactory in principle, or if compliance tests have shown it not to be working satisfactorily in practice, the auditor must increase the amount of substantive testing he undertakes. Examples: ***** If the auditor finds that debtors ledger has not been properly prepared and maintained and the internal controls on debtors are weak, he may decide to rely more on direct confirmations from debtors. ***** If the auditor finds that controls on purchase invoices are inadequate, he may decide to check the Goods Received Notes also. On the other hand if he is satisfied that the system of preparing sale invoices is sound, he may examine only a sample of the invoices. Reading assignment: Discuss the meaning and purpose of a good internal control system to an organization of your choice. What are the necessary prerequisites for a good internal control system?

12

4.2 ASCERTAINING, RECORDING, EVALUATING AND REPORTING ON THE INTERNAL CONTROL SYSTEMS (ISA 400) Understanding a clients system of Internal controls ISA 400 requires that the Auditor obtains and documents an understanding of the accounting system and control environment sufficient to determine their audit approach. Whether that be: a systems based or substantive approach {In order to achieve the audit objectives, evidence is required. In practice, there are two main ways this evidence is acquired: Systems approach The evaluation of the system of internal controls forms the basis of the audit. Detailed testing of items in the financial statements is kept to a minimum. Direct verification approach - More detailed testing of items in the financial statements is carried out. The opinion is based upon the ability of the auditor to obtain sufficient appropriate evidence from a number of sources.} Understanding the clients system also helps with assessment of inherent and control risks (see your notes on audit risk). Interrelationship of the components of Audit risk: The table below shows how the acceptable level of detection risk may vary based on the assessment of inherent and control risks. Auditors assessment of Control Risk HIGH 13 MEDIUM LOW

Auditors Assessme nt Of Inherent Risk

HIGH

Lowest

Lower

Medium

MEDIUM LOW

Lower Medium

Medium Higher

Higher Highest

The shaded areas in the table relates to detection risk. There is an inverse relationship between detection risk and the combined level of inherent and control risks. For example, when the IR and CR are high, acceptable levels of DR need to be low to reduce audit risk to an acceptably low level. On the other hand, when IR and CR are low, an auditor can accept a higher DR and still reduce audit risk to acceptably low level. Meaning? Auditors aim is to ensure that there is no more than, say, a 5% risk that their opinion on the financial statements is inappropriate. In other words they are ensuring that they are 95% certain that their opinion on the financial statements is the appropriate opinion / correct. {Auditors can never be 100% sure of any conclusion}!! Why? Sampling, not 100% verification, come in 12 months later etc, smart executives! ENRON. This is audit risk: 95% means auditors accept that 5 in every 100 reports issued may be inappropriate/incorrect. He wants a confidence level of 95%. This determines the sample size and materiality level. How? The Lower the audit risk (2,3,5 %) the larger the sample size (because you wants a high confidence level, and therefore a large sample) and the higher the importance of materiality, there is an inverse relationship between AR and Materiality. High Risk (that the conclusion Assurance Large sample. will be invalid) Need High

Low Risk Low Assurance Small sample size. In practice auditors set audit risks at 4 to 6 % and tailor their audit procedures accordingly. AR can never be eliminated entirely! Total audit risk [ TAR] the risk of giving an inappropriate opinion when financial statements are materially misstated, has 3 components : Inherent risk (IR) Control risk (CR) Detection risk (DR) TAR = IR x CR x DR -DR = TAR / (IR x CR) TAR = 5%, IR = 60%, CR = 50% Then DR = 0.05 / (0.6 x 0.5) = 0.17= 17% (DR has to be this low, in order to bring the TAR , to the acceptable level low level of 5%, since the IR and CR are that high- 60% & 50% ) 14

If CR and IR are high, then DR will be low (meaning that you want a high confidence level that your procedures should detect misstatements). The lower the level of DR the greater the level of testing required. There is an inverse relationship between audit risk and materiality. Auditor sets a lower materiality level threshold for accounts, which have a higher audit risk. Means auditor will need to collect more evidence for these accounts. Ascertaining Internal Control System Auditor utilizes many procedures to understand and examine the ICS. This is the process of understanding and documenting the system as it is found in operation. The methods of ascertaining and recording the system are as follows: Ascertaining a b c d e f Examining previous audit work Clients own documentation of the system Manuals Interviews with clients staff Tracing transactions (walkInternal control questionnaires (ICQs) or Checklist. (d) Flow charts through checks) Examining clients documents Observation of clients procedures. Recording (a) Narrative notes (b) Organization chart

These are described in detail below: Examining previous audit work: Unless it is the first audit, the audit file should contain a record of the system as it operated at the last audit date. If there has been a major change in the system, then the file will require being up-dated. Thus, the systems examination is work largely carried out at the first audit of a new client. Clients own documentation of the system Some clients, especially large clients will have manuals of accounting procedures. These will provide a valuable source of information. Interviews with client At various stages during the examination of the system, the auditor will need to sit 15

down with members of the clients staff and find out how they carry out their functions, especially the key management personel. Tracing transactions (walk-through checks) This involves a process of following a few transactions thru the system, in order to under stand the sequence of transactions. Examining clients documents Examining relevant documents to see what actually happens can some times fill gaps in the system. Observation of clients procedures It will often be useful to watch the client carrying out procedures such as wages payout, stock/cash count. Observing activities and operations of the client.

RECORDING THE SYSTEM Narrative notes/ memoranda. This is a complete description of the system of control instituted by management as found in operation by the auditor. The auditor records the narrative and later evaluates it. This is very ideal for small firms and particular aspects of large businesses where relatively few transactions are involved. Organization Chart The organization chart provides a convenient way of describing the relationships between individuals in an organization. However it does not specify the precise duties of the individuals concerned and it only describes the formal relationships between them. In practice, informal relationships may have important implications for the auditor. Internal Control Questionnaires (ICQs)/check-list This is simply a comprehensive list of questions, covering every aspect of the clients system, the answers to which will enable the auditor to assess the internal controls in operation. These questions require short answers, YES / NO, or Not Applicable. Where YES answers indicate the strength of the ICS and the NO answers or not applicable indicate the weaknesses of the internal control system. The ICQ should be combined with other tools e.g. walk-thru checks, observations etc. 16

N o of IC Q 1 2 3 4

Examples of ICQ for purchase function Questionnaires Answ Remar ers ks

Who raised the LPO ? Was it authorized? Was the LPO recorded? If so by Who ?

None No No N/A

Weak ICS Weak ICS Weak ICS

(Reading assignment : ICQS) Flow charts: A flow chart is a diagrammatical representation of an accounting system, which is also used by the auditors to document the system. Symbols are used to represent the flow of documents and books of accounts, where they are filed and the accounting operations performed on them. They highlight controls (or their absence) and provide a clear diagrammatic representation of the system. (See photo copies attached)

17

EVALUATING INTERNAL CONTROLS AND TESTS OF CONTROLS Having ascertained and recorded the nature of internal controls in place, the auditor will then have to evaluate those controls. The objective of evaluating the internal controls is to enable the auditor take a decision on the extent of further testing to be incorporated in the full audit Programme. The audit Programme is designed to assess the reliability the reliability of the companys records as the basis for the extraction of final accounts. The evaluation done is by way of condensing the control criteria for each functional area of the organization down to a handful (as few as possible) of key questions whose main characteristic is that they go straight to the heart of the matter. Internal Control Evaluation questions (ICE) are designed using the knowledge obtained from the flow chart or the ICQ.(the distinction between the two can be confusing but where as ICQs are specific qns in a control area, ICE are general about an area : Example ICE Can goods be purchased without proper authority ? YES/NO ? YES= Weakness in control, NO = Strong. NO implies The system is strong as controls exist to prevent specified problem. A compliance test will be required to ensure the controls are operating YES implies The system that a weakness has been identified and a substantive test ICQ Are purchase orders and requisitions approved ? (ICQ) Are there limits on buyers authority to order goods ?(ICQ) Is purchasing segregated from receiving, accounts payable and inventory records ? (ICQ) Examples of ICEs (test of detail) will be required to quantify the effect of any errors that may have occurred

18

SECTION

ANSWE KEY QUESTIONS R YES OR NO

SUMMARI SE REASON FOR ANSWER

PURCHAS ES

Can liabilities be recorded

in respect of goods/services, which are either unauthorized or not received? b Can liabilities be for goods/services be incurred but remain unrecorded? c Can goods be returned to suppliers recorded? without being

SALES

&

Can

goods

leave

the being

DEBTORS

premises invoiced? e

without

Can invoices be created

but remain unrecorded in the sales accounting records? f g h Can goods be dispatched Can overdue accounts to a bad credit risk? escape prompt follow up?

19

CASH

Can sums be received but

not banked at the earliest opportunity? j Can cash payments be made without if not properly authorized? k Can cheque payments be if not properly made l

authorized? Can cash or bank balances be misappropriated or improperly used? STOCKS m n the o FIXED ASSETS p Can Can stocks be lost, be being

pilfered or wasted? stocks movement consumed/transferred without recorded? Can incorrect values be attributed to stocks Can fixed assets be

acquired/disposed of without proper authorization? q Can acquisition/disposal fixed assets in unrecorded the the of remain fixed

assets register or financial NOMINAL LEDGER r accounts? Can unauthorized access

to the journal/nominal ledger be obtained? s Can unauthorized Journal entries be processed?

20

TESTING THE INTERNAL CONTROL SYSTEM A systems-based approach to auditing requires an auditor to follow a sequence of events as follows: To ascertain and record each system in operation sales, purchases etc; To evaluate the extent to which it appears that each system can be relied upon to prevent errors, detect or deter fraud and ensure completeness; To Programme and carry out compliance tests which confirm the preliminary evaluation these will be samples of transactions-that internal controls are operating as described and fulfilling their purpose. A preliminary evaluation might include inquiry, recording the system and carrying out walk-through test to ensure that the system had been properly recorded. There remains, however, the strong possibility that the stated internal controls have not been effectively implemented. A series of Compliance tests are therefore programmed and designed to check that the controls operate on real transactions. e.g. a purchases transaction might be checked for necessity, authorization, receipt, inspection, authority to pay and correct allocation in the books of accounts. Tests of control will include: Inspection of documents, supporting transactions, and other events to gain audit evidence that internal controls have operated properly (for example, verifying that a transaction has been authorized) Inquiries about, and observation of, internal controls that leave no audit trail (for example, determining who actually performs each function, not merely who is supposed to perform it) Reperformance of internal controls (for example, reconciliation of bank accounts) to ensure that they were correctly performed by the entity. Once the system has been walked-through, the auditor can make a preliminary assessment of control risk (the risk that misstatements could occur and not be prevented/detected/corrected by the system). Assessing control risk is not necessary when an auditor can see it would be impossible to rely on the clients system. In this case control risk is assessed as high. If Control risk is assessed high then controls testing will not be undertaken. It may also be inefficient to test controls if the population consists of a few large items, which can be tested quickly by substantive tests. When a control testing is completed, auditors make a final assessment of control Risk, and revise the nature, timing and extent of substantive procedures accordingly.

21

Substantive Tests: Depending on the results from 3, the auditor will either decide that: Internal controls are strong and can be relied on. In this case the number of detailed verification tests carried out on financial statements can be reduced Internal controls, in some areas, are weak and may not always be relied upon. In this case the number of detailed verification tests to be carried out later must be increased. Detailed verification tests of transactions and balances are known as substantive tests. Substantive procedures are conducted to obtain direct audit evidence to support an account balance, instead of relying on the ICS. Substantive Tests Substantive tests are of two types: Tests of details of transactions, Tests of balances, and Analysis of significant ratios and trends including the resulting inquiry of and unusual fluctuations of and items from (analytical procedures see below). Circularisation confirmations balances debtors, creditors and banks. Substantive tests of account balances contained in the P/L account and the balance sheet will enable the auditor obtain reasonable assurance about the various assertions which the presence of those balances communicate to a user of the financial statements. The assertions in broad terms are: topic 1) Analytical procedures: Analytical procedures compare an entitys financial information with, for example: Comparable information for prior periods Anticipated results of the entity, such as budgets or forecasts, or expectations of the auditor, such as an estimation of depreciation Similar industry information, such as a comparison of the entitys ratio of sales to accounts receivable with industry averages, or with the same ratio in comparable entities in the same industry. Analytical procedures also consider relationships: Among elements of financial information that would be expected to conform to a 22 C.O.V.E.R M.PD ( already covered under

predictable pattern based on the entitys experience, such as gross margin percentages Between financial information and relevant no financial information, such as payroll costs and number of employees. NB: The two types of tests (Compliance tests (tests of controls) and substantive tests) can be used simultaneously on the same data sample: e.g checking a sample of purchase invoices relating to capital expenditure, the auditor can both check that all transactions were properly authorized (a compliance test) whilst at the same time checking the title of the asset (a substantive test). AUDIT OF SALES SYSTEM: 4.3.0: INTERNAL CONTROL SYSTEM OVER SALES & DEBTORS. Note: Systems vary from company to company depending on the nature of business. Trading (wholesale,retail), manufacturing, Hotel, bank , NGO etc 4.3.1 Objective of Internal control in the sales and debtors system To ensure that all revenues from trading activities are properly credited to income statement. To minimize losses that could result from bad debts or credits in respect of returned goods. 4.3.2 The important features of internal control on sales and debtors are: a) Orders Customers should be approved before a credit facility is extended. Get some references before you part with your goods! Terms of credit (amount, period, penalties for default) should be properly approved. 2/10, n/30 No goods should be dispatched without an approved customer order, and customers credit limit must be checked before goods are dispatched. A complete record must be kept of all orders received from customers and a serial number need to be assigned on each order. To enable subsequent follow up. b) Despatch The sales order should be used to produce a dispatch note/ delivery note for the goods outwards department. No goods may be dispatched without a dispatch note. The orders executed should be filed separately from those outstanding. There should be regular review of all outstanding orders to find out why they have not been executed. 23

All dispatches and returns should be invoiced and recorded accurately. There should be a register of all dispatch notes/delivery notes. c) Invoicing , credit notes and returns Invoices and credit notes should be accurately prepared from approved price lists. Discounts offered require proper approval. Sales invoices should be authorized by a responsible official and should only be prepared on the basis of orders received and dispatch notes. Invoices and delivery notes should be serially numbered. All cancelled invoices should be retained. A responsible official should approve cancellation of invoices and complimentary sales invoices. Invoices and credit notes should recorded in the sales day book and in the return-in-wards day book respectively Applicable taxes e.g VAT must be properly computed and itemized on the invoices. Any goods returned must be checked for possible damage and when accepted a document has to be raised. All goods returned should be used to prepare appropriate credit notes. d) Accounts receivable (Debtors) , sales ledger and bad debts management. A Debtors ledgers control account should be maintained. Sales ledger balances should be regularly reconciled to the debtors control account. Debtors should be sent statements regularly at the end of each month. Debtors balances should be periodically aged and reviewed. Overdue accounts should be identified and followed up including court action. No debtor should be written-off as bad unless properly authorized. (Segregation of duties the one who authorized the debt should not be the one to write-it off!) Proper justification has to be given before any debtor is written off. There must be a system that ensures that subsequent payments from debtors originally written off are properly recorded in the books of accounts. Throughout the sales/debtors system there should be adequate

segregation of duties: the following duties should all be segregated: Granting of credit and invoicing Dispatch from order entry and invoicing 24

Sales ledger and General ledger functions Cashier function from all other functions. 4.3.3 ICQ- The internal control questionnaire for sales and debtors will therefore include questions aimed at probing to know the persons carrying out the above responsibilities, (and whether actually the procedures are followed) such that an assessment can be done on the adequacy of the system! Examples of ICQ in this area: 1. ? 1. 1. 1. 1. 1. Can goods be sent to a bad credit risk ? Can sales be invoiced but not recorded in the accounts? Can debtors accounts be improperly credited? Can sales be overstated? etc Can goods be dispatched or leave the premises without being invoiced

AUDIT OF THE SALES SYSTEM The sales cycle consists of activities relating to: The provision of goods and services to customers (sales element) The collection of revenue in cash (collection element) The accounts therefore influenced by the sales cycle are: Sales/revenue accounts Cash accounts / bank accounts Accounts receivable Doubtful debts expense Provision for doubt debts Sales returns and allowances The audit objectives will mainly be testing to ensure: Occurrence, Completeness, measurement, rights and obligations and disclosure. Audit risk in the sales cycle: - Inherent risk Sales element Pressure to increase sales/profits High volume transactions 25

Collection element High risk of cash misappropriation Difficulty of estimating bad debts Reluctance to write off bad debts Audit risk in the sales cycle: - Preliminary assessment of control risk This will be done through understanding the: Control environment Information system Control procedures After the preliminary assessment of control risk, the audit strategy adopted will either be predominantly substantive approach (if Cr is High) or a combination of both compliance tests and substantive tests. a) Tests of controls Guiding questions: 1. 1. 1. 1. 1. On a sample basis: Carryout sequence test checks on invoices, credit notes, dispatch notes and orders. Ensure that all items are included and that there are no omissions or duplications. Check the authorization for the following: (check that the relevant signatures exist and that the control has been applied) Acceptance of order (the credit worthiness check) Dispatch of goods Raising of invoice or credit note Pricing and discounts Write-off of bad debts Seek evidence of checking of the arithmetical accuracy of: Invoices, credit notes, VAT (This is often done by means of a grid stamp requiring several signatures on the face of the invoice. Ensure that the control has in fact been applied by checking the accuracy of such invoices and credit notes. This also serves as a substantive procedure) 26 What activities are occurring? What documents are involved? What functions are occurring? What potential misstatements would be likely to occur for What controls are necessary to prevent/detect these

each function? potential misstatements?

Check dispatch notes and goods returned notes to ensure that they are referenced to invoices and credit notes and vice versa. Check that control account reconciliation have been performed and reviewed. Reperform the control by checking the reconciliation to source documentation. b) Substantive Procedures (SPs) for sales system SPs must always be undertaken, however, if control risk is low/medium, then the auditor can reduce the quantity of tests or can modify type of tests. SPs will include SPs of Transactions, SPs of account balances and analytical procedures. Invoices and credit notes Check numerical sequence of invoices & credit notes enquiring into missing numbers and inspecting all copies of cancelled invoices & credit notes . Check copy sales invoices and credit notes with the sales daybook and receivables ledger accounts, checking analysis of sales daybooks where appropriate and authorization of credit notes. Compare invoiced prices with authorized, up to date price lists, quotations and correspondence Check calculations and additions of invoices and credit notes. Scrutinise credit notes for large or unusual items. Accounting records: Sales day book and sales returns day book Check additions and cross-casts of the sales daybook and sales returns daybook. Check entries in the sales day book and sales returns day book back to the original invoices, credit notes and dispatch notes, and vice versa. Sales ledger (debtors ledger): Select a sample of accounts and (direction of testing : FSS records, or Record- FSS) Reconcile opening balance with previous closing balance Test check entries back into books of original entry Test check additions and balance carried forward Tests check the postings of individual invoices to the general ledger, sales ledger and control account. Check that reconciliation are done (debtors statements and our records) Control accounts in the general ledger test check year-end control account reconciliation, checking back to source documentation such as sales invoices, cash and returns records. Ensure that all reconciling items are dealt with properly. 27

Review the sales ledger for significant or unusual balances. Confirm that there is appropriate segregation of duties (recording of sales /checking/ statements) Circularize debtors. c) Analytical Procedures for sales system Compare sales of the period under review with sales of previous year per month, quarter and annual sales; inquire into the significant variations/fluctuations. Significant fluctuations from month to month may indicate misclassification between months or omission of sales. Cut off problems consider and confirm that proper cut-off procedures were followed. Examine critically sales just before the year-end or immediately after to ensure that all sales and only sales for the period under review are included in the turnover figure. An increase in sales just before the year end with low sales just after the year end may indicate that the client has tried to effect as many deliveries as possible prior to the year end in order to maximize reported profits. d) Collection element and accounts receivable Often audited at the same time as sales transactions e) Disclosure for sales system Sales revenue must be disclosed by class of business and geographical market (IAS 14 : Segment reporting - refers) Sales and doubtful debts expenses are disclosed and presented in the Statement of financial Performance (the Income Statement) Accounts receivable and provision for doubtful debts disclosed and presented in the Statement of Financial position (the Balance Sheet) f) Conclusions: Write conclusions covering any errors or weaknesses discovered during the above tests and noting any possible management letter points. INTERNAL CONTROL SYSTEM OVER PURCHASES & CREDITORS (The

Expenditure Cycle) Objective of Internal control in the Purchases and creditors system To ensure that all necessary and only necessary goods and services are procured for the organization and procured economically. To ensure that the creditors system should, at all times be managed to the greatest benefit of the organization. 28

The important features of internal control on purchases and creditors are: a) Orders Requisition notes for purchases should be authorized. Suppliers should be approved before purchase orders are placed. And authority levels of approval should be set. Major items e.g. capital expenditure, should be authorized by the Board of directors. Purchase orders should be placed on the basis of quotations received from different suppliers. All orders should be recorded on official documents (LPOs) showing suppliers names, quantities ordered and price. Copies of orders issued should be retained to assist in the following up of deliveries. Re-order levels and quantities should be pre-set and preferably recorded in advance on the requisition note. b) Receipt of goods When goods are received from the supplier, they should be inspected before accepting them and before issuing of the Goods Received Note (GRN). Goods received and returned to supplier should be properly registered in the Returns outward daybook. Stock records (bin cards, stores ledger) must be accurately up-dated for all goods received and returned to suppliers. c) Invoicing and returns All invoices and credit notes received from suppliers should be registered to ensure that they are properly processed. All invoices from suppliers should be checked and authorized against goods received notes. d) Accounts payable ledger and suppliers The company should have an accounts payable control account. The Total of the purchase ledger balance should be reconciled regularly to the purchases ledger control account. Statements from suppliers should be reconciled regularly against purchase ledger balances. There must be adequate segregation of the following duties: 29

Approving suppliers Approving purchase orders Placing purchase orders Receiving, counting and inspecting goods Returning goods Recording receipt of invoices /credit notes Authorizing invoices for payment Posting invoices to books of accounts Reconciling suppliers statements Preparing cheque payments. <ICQs Convert controls into qns> AUDIT OF THE PURCHASES SYSTEM AND EXPENDITURE CYCLE The expenditure cycle consists of activities relating to: The acquisition of assets or services used in operating the entity (acquisition element) The payment in cash for such assets or services (payment element) The accounts therefore influenced by the expenditure cycle are: Expenses accounts Inventory and Cost of Goods sold to be considered separately later on Property and equipment to be considered separately later on Cash and Bank to be considered separately later on Accounts Payable to be considered separately later on Purchases returns and allowances The audit objectives will mainly be testing to ensure: Occurrence, Completeness, measurement, rights and obligations and disclosure. Audit risk in the Expenditure cycle: - Inherent risk Acquisition element High shilling/dollar value of transactions/accounts High volume transactions Tendency to understate expenses/liabilities Incorrect classification of expenditure 30

Payments element High risk of cash misappropriation Audit risk in the Expenditure cycle: - Preliminary assessment of control risk This will be done through understanding the: Control environment Information system Control procedures After the preliminary assessment of control risk, the audit strategy adopted will either be predominantly substantive approach (if Cr is High) or a combination of both compliance tests and substantive tests. a) Tests of control Guiding questions: 1. 1. 1. 1. 1. What activities are occurring? What documents are involved? What functions are occurring? What potential misstatements would be likely to occur for What controls are necessary to prevent/detect these

each function? potential misstatements? Select a sample of invoices representative of all types of transactions and check as follows: Invoices for capital expenditure, services, office supplies, expenses: Purchase orders, checking evidence of sequence check and approval. with appropriate supporting evidence, GRNs see approval by duly authorized officials and verify that authority limits are being observed. check entries to fixed assets register and the general ledger etc Invoices for goods, raw materials With purchases requisitions and purchase orders signed by dully authorized officials; With goods received notes and inspection notes, Check entries in inventory records (bin cards, stores ledgers etc) With quotations, price lists to see price is in order For all invoices test for serial numbering, evidence of matching purchase invoices with GRNs and purchase orders, evidence of account coding, 31

initialing of invoice grid stamp for work done. Test evidence of matching credit notes received from suppliers to goods returned notes Test for evidence of authorization of adjustments to the purchase ledger Invoices received and goods returned to suppliers. Test for evidence of the maintenance and reconciliation of purchases ledger control account. b) Substantive procedures SPs must always be undertaken, however, if control risk is low/medium, then the auditor can reduce the quantity of tests or can modify type of tests. SPs will include SPs of Transactions, SPs of account balances and analytical procedures. i. i. i. i. i. i. Check calculations and additions on invoices and credit notes received from Check entries in purchases daybook & Purchases returns Day book and verify Test check entries for additions and postings from purchases daybook to the Scrutinise the records for large or unusual transactions and vouch these Agree prices charged on invoices and credit notes to suppliers price lists, Purchases ledger. Select a number of accounts and Test check entries back into books of original entry. Test check additions and balances carried forward See that control account has been regularly reconciled to the purchases ledger. Test numerical sequence and inquire into missing numbers: a a a a a Purchases requisitions Purchase orders Goods received notes Return notes Suppliers invoices

suppliers. that they are correctly analysed. purchases ledger and general ledger. items checking postings to the accounts. agreements or other evidence.

Consider cut-off for purchases. c) Analytical procedures for the purchases system Carry out appropriate analytical procedures to review unusual trends in purchases 32

system, levels of purchasing outside agreed limits or non-authorised suppliers. d) Conclusion Write conclusion covering any errors or weaknesses discovered during the above tests and noting any possible management letter points (letter of weaknesses)

INTERNAL CONTROL SYSTEM OVER PAYROLL 4.5.1 Control objective: To ensure that all authorized and only authorized work is paid for, and That all and only authorized employees are on the payroll and paid at the correct rates of pay. To ensure that payroll costs (salaries and wages, NSSF, PAYE, Graduated Personal Tax) are correctly recorded in the financial records and paid in time and the company has fully complied with the requirements of the respective laws. 4.5.2 The important features of internal control over payroll There should be a well-organized and efficient Human resources department in the organization. The procedures relating to recruitment, promotions, disciplining, transfers and discharge of employees should be clearly defined. Complete records of all employees should be maintained in respect of their terms of employment. For the wage earners there should be a proper and accurate recording of hours worked, output per employee etc depending on basis of payment time rate, piece rate etc Overtime should be authorised by some one outside the Human resources department. 33

The preparation of wages and salaries should be under a responsible officer. Names should only be included/excluded on the payroll after prior approval. The payroll should be checked and approved by an authorized person. He should confirm names and rates of pay on the payroll. Should be on the look out for any Ghost workers. Control accounts should be maintained for PAYE & NSSF and it should be ensured that these amounts are paid to the respective parties promptly. As far as possible salaries and wages should be paid into employees bank accounts. Where cash wages are paid employees should sign for the cash paid, and no employee should be allowed to take wages of another employee. All employees should receive pay slips/ pay advise slips All payroll deductions must be properly accounted for within the stipulated statutory dates. Rotation of employees, leave should be taken. AUDIT OF SALARIES AND WAGES SYSTEM a) Tests of control It is vital to check that all aspects of the payroll Names, amounts, deductions, and payments are authorised. i. i. i. i. i. i. Test a sample of time sheets, clock cards or other records, for approval by Test authority for payment and payroll amendments Examine evidence of checking of payroll calculations eg a signature of the Test authority for payroll deductions (statutory deductions, staff advances Attend cash payouts to ensure it is controlled Prepare or obtain and check a schedule of directors emoluments, including responsible official. Pay particular attention to the approval of overtime.

financial controller, internal auditor and loans)

benefits, pensions and bonuses and ensure they are in line with agreed to benefits. b) Substantive procedures Select a sample of individual payroll records and check: Details of hours worked, wage rate, tax and NSSF brackets. Calculation of gross pay 34

Calculations of tax (PAYE) and NSSF and other deductions. The totals of cheques drawn to net pay due to employess and Tax authorities etc. Check remuneration is in accordance with contracts of employment. Review to assess the procedures to ensure that starters and leavers are properly controlled. Test check benefits in kind and ensure that proper taxation as been applied on them. Review records in relation to part time and casual workers. Check that appropriate records have been kept and deductions have been correctly dealt with. Review the cash book for any unusual payments eg round sum allowances, private bills etc If a payroll control account is maintained, check this to the general ledger. Test postings of payrolls to general ledger accounts. c) Analytical procedures Perform an analytical review and confirm that all significant variances have been explained. d) Conclusions: Write conclusions covering any errors or weaknesses discovered during the above tests and noting any possible management letter points. INTERNAL CONTROL SYSTEM OVER CASH and BANK TRANSACTIONS Objective To ensure that all receipts from whatever source are properly collected, identified, recorded and banked. To minimize physical or fraudulent losses. To ensure that all authorized and only authorized payments are effected To maintain security such that no unauthorized charges can be entered to the bank account To ensure that receipts and payments are correctly analyzed to the appropriate personal and nominal ledger accounts. The important features of internal control over cash and Bank: a) Receipts All cash and cheques received should be recorded immediately and accurately using serially numbered receipt books. All cash and cheques received should be banked promptly and cash must be banked intact. No expenditure should be made out of daily 35

collection of cash. There should be different persons responsible for selling goods, making deliveries and receiving cash/payments. Cash received by traveling salesmen should be accounted for properly and adequate security should be provided for such employees. This should include arranging for appropriate insurance covers. Adequate security should also exist over all cash/near cash holdings and over all transmissions of cash. (to the bank, from the bank, to payment sites for wages etc ) Access to cash holding areas should be limited to very few individuals. A designated and responsible official should open incoming mail. All cheques, drafts and money orders received through post should be recorded correctly. All cheques should be crossed immediately. Cheques should be written in full names of the company and not abbreviated acronyms. Eg Not MUBS, KCC, NMS etc but Makerere University Business School, Kampala city council, National Medical stores. Daily reconciliation statements should be prepared regarding cash and cheques received, banked and balance in hand. Any discrepancy should be investigated immediately.

b) Payments by cheques Payments to creditors should be made through crossed cheques. As far as possible all salaries should be paid through the bank. Cheques should only be prepared after the approval of supporting documents e.g approvals of creditors invoices, payroll, travel claims, purchase of equipment etc. Such supporting documents should be cancelled/stamped paid immediately after cheques are signed, to prevent reuse. Chequebooks should be kept in the custody of some authorized person in a locked safe. Used cheque books should also be kept in a secure place. Cheques should be written following the pre-printed serial numbers. Do not skip empty cheque leaves. Unused cheques should never be signed in blank or pre-signed. 36

Authorised limits for cheque signatories should be defined and adhered to. Cheques drawn for cash should be controlled safely. Bank reconciliation should be regularly prepared and independently reviewed. Differences should be investigated, identified and corrected on a monthly basis for all accounts maintained in the company name current, deposit, loan. Bank reconciliation can assist in identifying frauds like teeming and lading. There should be adequate separation/segregation of duties in order to minimize the possibility of loss through fraud. Segregation should cover the following areas: Receipt and opening of incoming mail Listing of remittances/issuing of receipts Authorizing cash discounts Checking cash receipts to cash sales records Banking of receipts. Preparation of reconciliation Review of reconciliations. Main cashiering function from petty cashiering function C) Petty cash Petty cash should be operated on an imprest system and amount of float should be reasonable. Petty cashier should be different from the main cashier. There should be a limit on the payments from petty cash Serially numbered Petty cash vouchers should be prepared and duly signed by the person who receives money. Cash taken must be properly accounted for. Petty cash vouchers should be checked and approved by a senior official. Petty cash float should only be replenished after full accountability of all petty cash expenses. There must be planned and surprise count of petty cash floats, by management should be or the internal auditor. Imbalances thoroughly investigated.

Particular attention should be paid to any IOUs included amongst the petty cash vouchers since they may actually be unauthorized loans to employees or the person holding the float. 37

All expenses recorded in the petty cash book should be analysed and posted to the respective expenditure accounts in the general ledger. 4.6.2 AUDIT OF CASH AND BANK SYSTEM Audit risk factors : Incentive to misappropriate High volume of transactions Manipulation of balances at year end ( thru: e.g write cheques, but do not send them out, kiting ) a)Tests of controls - Cash and Bank System: 1. to. 1. 1. 1. 1. 1. Check cash receipts against bankings and confirm cash is Test evidence of a sequence check on any pre-numbered Test for evidence of arithmetical check on cash received Check cash receipts from cash book to receipt books, Inspect current cheque books for the following : Sequential use of cheques leaves Controlled custody of unused leveas/books Any signatures on blank cheques cheques banked daily and intact. receipts for cash records bank, posting to the sales ledger, posting to the general ledger. Attend mail opening and ensure procedures are adhered

1. Check to ensure that paid documents are stamped PAID. 1. Check and collect evidence to confirm that cheques are signed by authorized signatories(paid cheques can be requested from banks where you are suspicious) 1. Test for evidence of arithmetical check on cash payments records, including cashbook. 1. On a sample basis check postings from the cashbook to the respective ledgers. 1. On a sample basis obtain Bank reconciliations and carry out the following tests: Examine evidence of regular bank reconciliations / 38

reperform some of the bank reconciliations. Examine evidence of independent check of bank reconciliations (eg signature) Examine evidence of follow-up of outstanding items on bank reconciliations. Pay particular attention to old outstanding reconciling items that should be written back such as old, unpresented checks. 1. 1. Observe a cash count or obtain results of the cash count For Petty cash carry out the following tests: Test petty cash vouchers for approval and confirm that petty cash is managed in the imprest system. Test for evidence of arithmetical check on petty cash records Examine evidence of independent check of petty cash balance, including surprise checks. Examine postings of the petty cash book balances to the general ledger. Confirm petty cash count at close of the year was witnessed and signed off by an independent person e.g Internal auditor endorsed by the internal auditor.

b) Substantive procedures Obtain bank confirmation letter (s) and: Check the balances to the bank statements Check the overdraft limits have not been exceeded Ensure any items of note such as securities and contingent liabilities are properly recorded and disclosed in the financial statements. Circularize Banks to confirm their balances and any assets of the entity held as security. Cut-off testing : Outstanding deposits/Cheques are reasonable Movement between accounts. c) Analytical procedures 39

Perform an analytical review and confirm that all significant variances have been explained. Prepare cash flow statements. d) Conclusions: Write conclusions covering any errors or weaknesses discovered during the above tests and noting any possible management letter points. INTERNAL CONTROL SYSTEM OVER CAPITAL EXPENDITURE (Fixed Assets) Objective: To ensure that necessary fixed assets are acquired, as economically as possible To ensure correct classification of expenditure between revenue /recurrent expenditure and capital expenditure, recording, safe custody, safe operation and proper maintenance of those assets To ensure that unnecessary assets are disposed off at the best possible price. The important features of internal control over fixed assets: Acquisition of fixed assets i. i. i. i. The Board of directors should properly authorize all fixed assets acquisitions. Capitalization policy must be set. All fixed asset acquisition should be promptly and accurately recorded in the Depreciation methods and rates should be properly authorized, consistently

nominal ledger and fixed assets register. applied and appropriate.

Use , security and maintenance of fixed assets i. Fixed assets should be installed and used strictly according to manufacturers instructions. There should be regular safety checks to ensure compliance. Lifts, tonnage for lorries etc i. i. i. Fixed assets should be safeguarded by restricting access to them to only All fixed assets should be given unique identification numbers, and such There should be a regular physical inventory of fixed assets based upon the authorized persons, insurance etc numbers should be inscribed on the assets. fixed assets register. 40

i. i. i.

All documents of title should be securely stored. There should be a regular of asset maintenance and inspection. The authority to dispose of assets should be vested in an official who is

Disposal of fixed assets independent of the acquisitions, recording and custody function. This is usually with Board of directors approval. i. way. i. All disposals should be promptly and accurately recorded in the financial records and fixed assets register. 4.7.1 AUDIT OF CAPITAL EXPENDITURE / FIXED ASSETS (Also To be discussed under audit of balance sheet items , where procedures for each specific fixed asset will be discussed) a) Tests of controls - Fixed assets Prepare or obtain lists of additions /disposals and: Check for authorization Check casts and calculations; Check the totals agree to the lead schedule. Obtain and confirm all assets are listed in the fixed assets ledger. Vouch a sample of additions to supporting documentation and ensure items have been properly capitalized. Review nominal ledger accounts for repairs and renewals, sundries, and similar categories to identify items that should have been capitalized. For a sample of disposals: Vouch sale proceeds to supporting documentation; Compute/agree the calculation of any profit/loss on disposal and ensure that it is treated well in the P/L account. Compute/agree the depreciation charge for the year and check That the basis and rate is reasonable and calculated in accordance with the accounting policy and prior year. To ensure that no asset has been depreciated by more than its original cost. b) Substantive procedures Consider all the assets against all the assertions C.O.V.E.R-M.P 41 Assets should be sold via arms-length transactions in a clear and transparent

Physically examine a sample of fixed assets (both additions and brought forward items) and ensure correctly classified. Examine documents of title for the assets. Review the cashbook throughout the year for receipts/payments, which could be of capital nature. Consider the need to revalue any of the assets still in use. Identify any assets held under finance lease or hire purchase agreements and ensure that they are properly highlighted in the accounts. Consider impairment of fixed assets consider indicators of impairment e.g. obsolescence, physical damage, regulatory changes, market changes c) Analytical procedures Perform an analytical review and confirm that all significant variances have been explained. d) Conclusions: Write conclusions covering any errors or weaknesses discovered during the above tests and noting any possible management letter points.

10 REPORTING WEAKNESSES TO MANAGEMENT At the conclusion of the tests of control the auditor will send to management a letter of weaknesses/management letter/internal control letter detailing areas in which internal control weaknesses have been identified during the course of the audit. The letter should include recommendations on how the weaknesses can be addressed. (Reading assignment: letter) Format of the letter: (it will be on the auditors letter head) 42 Meaning, contents and use of the management

SK& CO CERTIFIED PUBLIC ACCOUNTANTS TO : The Directors, XYZ ltd P.O.Box 9404 KAMPALA Dear sirs, Re : Audit for the year ended 31st December, 2003 In accordance with our normal practice, we are writing to you with regard to matters arising out of our audit for the year ended 31 st December, 2003 which we consider should be brought to you attention. Our responsibilities as auditors are governed by the Companies Act and pricincipally require us to report on the accounts laid before the general meeting. This report has been prepared for the sole use of the Directors of XYZ ltd. none of its contents may be disclosed to third parties without our written consent. SK & Co assumes no liability to any other persons. The matters detailed in this report reflect matters coming to our attention during the course of our audit. They are not intended to be comprehensive statement of all weaknesses that may exist or all improvements that could be made: Purchases i. Present system No goods received notes are raised in the stores when goods are received. Goods are only matched to the suppliers delivery note which is then forwarded to the accounts department with invoice for settlement. They are not matched with the copy of the purchase order. (give specific cases of delivery of such goods dates, amounts etc) i. i. Implication Recommendation Liabilities could be set up for goods that have not been authorized. A copy of the purchase order should be kept by the stores department and checked to the goods to ensure the correct amounts and description match with goods received. A goods received note should then be prepared in triplicate, copy is given to the supplier, copy retained in the stores and a copy sent to the accounts department for matching to the suppliers invoice. i. Managements reponse 43

(Do the same for any other weaknesses you were noting as you carried out the tests) We would be pleased to discuss these points with you at your convenience. Yours Faithfully SK & CO., CERTIFIED PUBLIC ACCOUNTANTS SUBSTANTIVE TESTS EXAMPLES Substantive tests are designed to test the assertions, which are implied by figures in the financial statements.
AS SE RT IO NS Completen ess Occurren ce Valuati on Existen ce Measurem ent Presentatio n/ Disclosure SUBSTANTIVE TEST

44

Sa le s & D eb to rs (R ev en ue an d C as h R ec ei pt s cy cl e)

-all and

sales

-Sales represen t Goods actually delivere d -Cash receipts represen t cash received during the period -A/c Receiva ble represen t amounts owing and collectibl e from custome rs.

Debtor s balanc e iled with the sales ledger Adequ ate provisi on has been made for bad debts. is reconc

(Same as under occurr ence)

(Same as under Valuation)

Debtors and are correctly described/ classified in the financial statement s sales of

Confi rmation balances Cutoff tests

Receipts and amounts Owing by customers Have been recorded

45

2 . P (E xp en di tu re Cy cl e)

All purchases and payments and amounts owing creditors have been recorded to

Purchas e transacti ons represen t goods and services received during the period -Cash payment s represen t payment s the period -A/c Payable represen ts amounts owing and legally payable to creditors . Items recorded as fixed made during

Fixed assets are stated at cost or valuati on less accum ulated deprec iation Accou nts payabl e Repres ent amoun ts owed.

(Same as under occurr ence)

(Same as under Valuation)

Creditors and Fixed assets are correctly described/ classified in the financial statement s of

Confi rmation creditor balances Cutoff tests of purchas es cash Sear ching for unrecord ed creditors Fixed Assets Vouc hing addition s s Valua tion Review d depreciation . of accumulate and disposal and

46

Pa yr oll

All payroll expenses and owing have been recorded.

Salaries and wages expense represen ts payment s for services rendere d during the year. Wages payable represen ts balances owing which are legal obligatio ns

Salarie s are correct ly compu ted. and wages

(Same as under occurr ence)

(Same as under Valuation)

Salaries and Wages expenses and wages owing are correctly described/ classified in the financial statement s

Analytical procedures.

C as h B al an ce s

All transactio ns been included in arriving at cash balances have

Cash Balance s exist.

Cash balanc es can be realize d at stated amoun t

(Same as under occurr ence)

(Same as under Valuation)

Cash balances are properly identified and classified and restriction s on use are disclosed.

Cash Counts Cut-off tests Confirmatio ns Bank Reconciliatio n review.

47