Professional Documents
Culture Documents
Test 2 2016, Answers Test 2 2016, Answers
Test 2 2016, Answers Test 2 2016, Answers
PART A
Memorandum
To: Board of Directors
From: Internal Auditor
Date: xxx April 2016
Subject: General Control Systems
I have performed my observations of the company and have found the following deficiencies in your general
control systems:
Weakness Explanation
1. Control Environment: Participation by those 1.1. As a result of the poor participation on the
charged with governance is poor as the CEO CEOs part, this attitude will filter through the
who is responsible for the company has no company as employees at all levels look
interest in the financial and decision making as towards executive management to set the
he feels he can delegate all his responsibility to tone for the company.
his team. 1.2. This ultimately will have a negative effect on
the company as employees will not take the
controls of the company seriously.
2. Control Environment: there is no proper 2.1. Mr Slattery has too much power in the
Assignment of Authority and Responsibility as position that he is currently in and as a result
Mike Slattery does not report to the CEO on he can easily undermine controls and do as
any matters relating to the IT department. he pleases since he doesn’t report to the CEO
as a result he could commit fraud which will
go undetected.
3.1. Control Environment: Organisational Structure 3.1. As the IT staff may not have a financial
has not been developed adequately as the background and may not be familiar with the
staffs in the IT department are assisting the accounting this can result in incorrect data
employees from the revenue department being captured and errors being made thus
with capturing of the monthly debtors resulting in loss for the company.
transactions.
3.2. There is also no segregation of duties between
the user and the IT department as the IT
department staff assist the finance staff with
revenue processing.
4. Control Environment: HR Policies and 4. By not having a formal recruitment process,
procedures: there appears to be no HR policies the company has hired someone that has
being followed as Mike Slattery was hired been alleged to commit fraud and as such the
without any formal interview structure or company is being exposed to the risk of
background check being performed. fraudulent activities.
5.1. Access Control: Physical Access controls are 5. The poor access controls indicates that
weak as currently the other staffs are anyone can get into the building and cause
unaware of your appointment and you have harm in the form of theft of confidential
not acquired a visitor’s pass and to your information, theft of the laptops or
surprise you walk straight through the front destruction to hardware.
entrance of the building and make your way
to the 4th floor in which the IT department is
situated.
Downloaded by NM NM (vansphoto2017@gmail.com)
lOMoARcPSD|6047543
Downloaded by NM NM (vansphoto2017@gmail.com)
lOMoARcPSD|6047543
10. Continuity Of Operations: Physical Access 10. The fact that the server is a major component
controls are weak as the company’s to a company and it is located in a general
mainframe servers are located together access room means that it is more prone to
with the printers and other utilities in a damage which will result in major loss for the
general access room and not in a dedicated company as their systems run via the server.
room.
11. Control environment: IT management 11. This position puts him in a position to do as he
philosophy and operating style: Mike pleases and since the CEO takes no interest in
Slattery’s is seen as controlling and the company it becomes easier for him to be
aggressive. able to gain and cover his tracks, this can easily
filter through lower levels of management.
If you have any other queries which you want to address please do not hesitate to contact me.
Kind Regards,
Candidate
PART B
From the scenario the following fraud risk factors relating to the misappropriation of assets are evident:
Incentives/ pressures:
Mike Slattery has just gone through a divorce in which he has to pay large alimony and maintenance
payments to his ex-wife. As a result he is experiencing personal financial pressures.
These personal financial pressures could also incentivise him to misappropriate assets from the
company.
Opportunities
There is opportunity based on the nature of the products sold by the company:
As the company is an arms dealer that manufactures arms, the designs to the various products are
assets to the company.
These designs are trade secrets and as such there is a readily available market as other arms
manufacturers would be interested in acquiring the designs.
The designs are saved in electronic format which makes it easy to steal and sell to the highest bidder.
Downloaded by NM NM (vansphoto2017@gmail.com)
lOMoARcPSD|6047543
Part C
I would be concerned that fraud is potentially being committed and would be concerned that the company
potentially has a reportable irregularity that I would need to report.
I would determine if the definition of a reportable irregularity has been met or not as follows:
1) Any unlawful act or omission
Mike Slattery has divulged trade secrets to a competitor and has gained in the process. The
divulging of the blue-print to the competitor is a direct breach of his employment contract.
Downloaded by NM NM (vansphoto2017@gmail.com)
lOMoARcPSD|6047543
5) Or Represents a material breach of fiduciary duty owed by such a person to the entity or any
partner, member, shareholder, creditor or investor of the entity under any law applying to the
entity or the conduct of management thereof:
As Mike Slattery is a director of the company, his divulging of trade secrets has results in a breach
of his fiduciary duty to the company as he has not acted in the best interest of the company.
Thus, if I was the external auditor of the company, I would have concluded that a reportable irregularity
has taken place and I would need to consider how to proceed in terms of S45 of the Auditing Profession
Act.
PART D
As I am just the internal auditor, I am not bound by the Auditing Profession Act and as such I cannot
report a reportable irregularity to IRBA.
Neither am I performing an independent review as such I cannot report the reportable irregularity to
the Commission (CIPC).
As a Chartered Accountant, I am bound by the SAICA Code of Professional conduct which states that
I need to act with integrity, objectivity, confidentiality, professional competence and due care and in
a professional behaviour and that I need always maintain these principles.
As I have uncovered fraudulent activities at my employer, I cannot ignore the matter as I would be
condoning the unlawful behaviour and would thus not be acting with integrity.
I am still bound by confidentiality as such, I cannot divulge the information obtained to any 3rd parties.
As Mike Slattery is also a chartered accountant, I cannot openly criticise him but I cannot condone his
behaviour.
Therefore I need to approach Commander Chandler as he is next most senior person with the
information that I have obtained and notify him of the fraud that is taking place so he can take
corrective action.
PART E – Audit Plan
Nature
As the company is highly computerised and has one of the largest IT Departments, (01 Mark) the
external auditors would have to consider if they can adopt a combined approach by performing tests
of controls as well as substantive tests.
However, as Mike Slattery has used his super user access to access restricted information for his own
advantage reflects that he lacks integrity and since he is also responsible for managing the finance
department there is a greater risk that the financial statements may me materially misstated at both
a financial statement and assertion level.
As such the external auditors would not want to place much reliance on controls as Mike may have
used his power of position to override controls that may be in place.
The overall control environment at the company is also questionable as noted in part A above as such
it would make more sense for the auditors to perform a fully substantive audit.
In determining whether to perform tests of details or analytical review, the external auditors would
have to determine which provides more audit comfort.
As there are only 6 customer’s tests of details would probably be selected for revenue testing as
opposed to analytical review.
Downloaded by NM NM (vansphoto2017@gmail.com)
lOMoARcPSD|6047543
PART F
Income Tax Act.
Customs and excise Act.
Exchange control regulations as they sell to foreign customers.
PFMA – Supply chain management.
Any South African laws relating to Arms Dealing such as the National Conventional Arms Committee.
VAT Act.
Explanation
The non-compliance with laws & regulations may also potentially be a reportable irregularity as such
the external auditors would have to be aware of the potential risk.
The external auditor would have to understand what requirements need to be met in order for the
company to comply so they can assess if there has been any non-compliance.
The auditor would have to understand the consequence of non-compliance as there may be a financial
impact in the form of fines and penalties. (01 Mark)The materiality of these fines and penalties would
have to be taken into account as they may impact the audit opinion.
By understanding the laws & regulations applicable, the external auditor can assess the risk attached
to non-compliance and can therefore develop an audit plan to address the risk.
Note to Marker – award a maximum of 5 for identification of the legislation/regulation.
Downloaded by NM NM (vansphoto2017@gmail.com)