Professional Documents
Culture Documents
Note That There Is Not Much Info On This Topic Due To Time Constraints
Note That There Is Not Much Info On This Topic Due To Time Constraints
Note That There Is Not Much Info On This Topic Due To Time Constraints
INDEX
Description Page(s)
Prepared by: Martin van Niekerk Preparation date time: 04/06/2013 at 13:32
AUE301P Exam Revision Summary Page 1 of 18
Internal Control Structures - General
01) Take note that VALIDITY is replaced with OCCURRENCE & AUTHORISATION .
02) Assertions:
• Transactions & events
○ These relate mostly to income statement accounts
○ Related assertions:
◘ Accuracy ▬ Transactions are recorded at the correct amounts .
◘ Occurrence ▬ All recorded transactions did take place .
▬ No fictitious transactions have been recorded.
◘ Completeness ▬ There are no unrecorded transactions.
▬ All transactions that took place have been included & recorded .
◘ Cut-off ▬ All transactions were recorded on the date they took place.
◘ Classification ▬ Transactions are classified correctly according to their nature &
recorded in the correct accounts .
• Balances
These
Inventory relate mainly to the balance sheet accounts
Count
○ Related assertions:
◘ Completeness ▬ There are no unrecorded assets, liabilities or other balances .
▬ All assets, liabilities & balances that exist have been recorded .
◘ Existence ▬ No fictitious balances are recorded.
▬ All recorded balances do exist .
◘ Rights & obligations ▬ Recorded assets & liabilities belong to the entity .
◘ Valuation & allocation ▬ Assets, liabilities & equity is included at the appropriate
amounts & correctly accounted for .
• Presentation & disclosure
○ This applies to the following assertions:
◘ Accuracy
◘ Occurrence
◘ Completeness
◘ Classification
◘ Rights & obligations
◘ Valuation & allocation
02) When reliance can be placed on internal controls , Control Risk is assessed as LOW .
Prepared by: Martin van Niekerk Preparation date time: 04/06/2013 at 13:32
AUE301P Exam Revision Summary Page 2 of 18
Internal Control Structures - General
Prepared by: Martin van Niekerk Preparation date time: 04/06/2013 at 13:32
AUE301P Exam Revision Summary Page 3 of 18
Internal Control Structures - General
Prepared by: Martin van Niekerk Preparation date time: 04/06/2013 at 13:32
AUE301P Exam Revision Summary Page 4 of 18
Internal Control Structures - General
Prepared by: Martin van Niekerk Preparation date time: 04/06/2013 at 13:32
AUE301P Exam Revision Summary Page 5 of 18
Internal Control Structures - General
Prepared by: Martin van Niekerk Preparation date time: 04/06/2013 at 13:32
AUE301P Exam Revision Summary Page 6 of 18
Internal Control Structures - General
Prepared by: Martin van Niekerk Preparation date time: 04/06/2013 at 13:32
AUE301P Exam Revision Summary Page 7 of 18
Internal Control Structures - General
Prepared by: Martin van Niekerk Preparation date time: 04/06/2013 at 13:32
AUE301P Exam Revision Summary Page 8 of 18
Internal Control Structures - General
Prepared by: Martin van Niekerk Preparation date time: 04/06/2013 at 13:32
AUE301P Exam Revision Summary Page 9 of 18
Internal Control Structures - King III
Prepared by: Martin van Niekerk Preparation date time: 04/06/2013 at 13:32
AUE301P Exam Revision Summary Page 10 of 18
Internal Control Structures - General CIS Controls
01) Considerations for general controls
• Control environment
○ Communication & enforcement of integrity & ethical behaviour
○ Commitment to competence
○ Participation of those charged with governance
○ Management's operating style & philosophy
○ Organizational structure
○ HR policies & practices
• System development & implementation controls
○ In-house development
○ Off-the-shelf Software
○ Programme change controls
• Access controls
• Continuity of operations
○ Risk assessment
Inventory
Physical
Countsecurity
○ Disaster recovery & backups
• System software & operating controls
• Documentation
02) General controls
• Control environment
○ Communication & enforcement of integrity & ethical behaviour
• Organizational structure & HR policies & practices
○ Proper recruiting policies
○ Qualification verification & background checks
○ Immediate exclusion from computer facilities upon dismissal or resignation
○ Compulsory leave
○ Training & development
○ Rotation of duties
○ HR policies & practices should be formally documented
• Operating procedures
○ Job schedules should be prepared for running specific applications & jobs
○ Equipment must be operated & maintained in accordance with manufacturer's standards
○ Equipment & machine services should be done as prescribed by manufacturers
○ Users must be given specific procedures to follow when performing each task
○ All activities must be logged in an activity log to ensure unauthorised actions can be detected
○ Work areas should be kept neat & tidy
○ Standard policies & procedures should be documented & introduced for the running of physical libraries
• System development & implementation controls
○ System development MUST be subject to ISO 9000 standards
○ Costs vs. benefit studies must be done & approved
○ Project management team's responsibilities
◘ Project plans must be drawn up to include
▬ Objectives
▬ Responsible persons
▬ Deadlines
◘ Control of the project
◘ Progress monitoring
○ Involvement from all levels is crucial
◘ Users to provide info on their requirements
○ System specification & programming should be approved before the start of the project
○ Testing should be done before implementation
◘ Program tests for each program
◘ String tests
▬ Testing of a series of related and/or integrated programs
◘ Systems test to be done to ensure that all programs work together correctly
◘ User acceptance test
Prepared by: Martin van Niekerk Preparation date time: 04/06/2013 at 13:32
AUE301P Exam Revision Summary Page 11 of 18
Internal Control Structures - General CIS Controls
02) General controls (continued)
• System development & implementation controls (continued)
○ All parties involved should provide final approval of the system
○ Training should be provided to all users of the system
○ Conversion from old to new system
◘ Old & new files should be compared to ensure that data was accurately & completely transferred
◘ Reconciliation between old & new system would ensure that all data has been accurately &
completely transferred
◘ Exception reports should be printed & investigated
◘ Approval should be given from users to ensure that user agree that data on new system is correct
◘ Evidence must be obtained from suppliers & customers with regard to balances.
○ The system must be reviewed a couple of months post implementation
• Continuity of operations
○ Physical security
◘ Physical location should be away from anything that might damage the computer system'
◘ Fire & natural disaster prevention & detection equiment
◘ UPS & generators to ensure that power surges & outages don't result in loss of data
◘ In the servers & computers should be in temperature controlled environments
◘ Access controls should be in place
▬ Physical controls
▬ Usernames & passwords assigned to each person with specific access rights attached to
each username that only allows them access to the part of the system they need to
perform their specific function
Prepared by: Martin van Niekerk Preparation date time: 04/06/2013 at 13:32
AUE301P Exam Revision Summary Page 12 of 18
Internal Control Structures - Application Controls
Prepared by: Martin van Niekerk Preparation date time: 04/06/2013 at 13:32
AUE301P Exam Revision Summary Page 13 of 18
Internal Control Structures - Application Controls
Also read through Appendix 1 on pages 117 - 121 of the study guide
Prepared by: Martin van Niekerk Preparation date time: 04/06/2013 at 13:32
AUE301P Exam Revision Summary Page 14 of 18
Internal Control Structures - The Auditor's Approach to Internal Control Systems
01) Methods of gather information & gaining an understanding of various components of internal controls
• Do a systems walk-through test
• Have meetings with management & users & enquire about how the system should work & any problems that
occur & how frequently they occur
• Discuss risk areas with the MD
• Inspect all documentation used for various transactions cycles , procedure manual & also prior year's audit
system notes & working papers , should they be available
• Observe the internal control process & document what happens in the different cycles
• Internal control questionnaires could be given to staff & management, from which the internal control
procedures & objectives can by assessed & analysed
• All finding from above procedures should be documented and/or flow charts drawn up giving a visual
description of the internal controls & procedures
02) When designing control systems , take into account the principals of good internal control
• Control environment
• Inventory Count
• Segregation of duties
• Isolation of responsibility
• Access & custody controls
• Source document design
• Comparison & reconciliation
Know these points & what they're all about, off by heart, as it's the crux for
identifying risk areas in internal controls & designing tests of control
Prepared by: Martin van Niekerk Preparation date time: 04/06/2013 at 13:32
AUE301P Exam Revision Summary Page 15 of 18
Internet Based Sales
Prepared by: Martin van Niekerk Preparation date time: 04/06/2013 at 13:32
AUE301P Exam Revision Summary Page 16 of 18
02) Application Controls To Ensure Occurrence & Authorisation & Completeness
• Occurrence & authorisation of internet orders
○ Orders should only be accepted after the customer has provided identification & authorisation via:
◘ For subscribers
▬ Obtain personal details over the internet that can be authenticated
■ ID numbers
■ Credit Card numbers
▬ Provide them with a PIN or password that must be used to identify & authenticate the
subscriber when it logs on to the website
▬ Restricting the method of payment to valid credit card holders only
◘ For other customers
▬ They should be given a separate log-on details based on existing customer details
▬ The customer should be provided with a unique username & password to log on to the
website after all credit & authentication checks have been done
▬ These customers should log on to a separate portal area on the site
▬ Available credit checks should be done, taking into account physical & on-line orders ,
before the order is accepted
• Completeness of transactions
○ Security techniques should be implemented that
◘ Encrypts sensitive data
◘ Ensure data integrity & completeness
◘ Displays the subscription/order back to the customer with a button requiring them to accept the
details
◘ The step above could also be done via email confirmation sent to the subscriber/customer
◘ Produce transaction & transmission logs that are reviewed by an independent person to ensure
all transaction were received
◘ Produce error logs that are reviewed & error should be investigated
◘ Automatically generates a sequential subscription/order number for the transaction
◘ Performs sequence checks & provides exception reports that are reviewed by management
◘ Performs missing data checks
• General user controls
○ See general CIS Controls
Prepared by: Martin van Niekerk Preparation date time: 04/06/2013 at 13:32
AUE301P Exam Revision Summary Page 17 of 18
Inventory Count
Prepared by: Martin van Niekerk Preparation date time: 04/06/2013 at 13:32
AUE301P Exam Revision Summary Page 18 of 18
Inventory Count
Prepared by: Martin van Niekerk Preparation date time: 04/06/2013 at 13:32