Corporate Governance/King Report Issues 1

Risks at the Overall F/S Level 2

Risks at the Assertion Level 2

Risk of Outsourcing 5

Advantages and Disadvantages of Outsourcing IT 6

Procedures to be performed by Management to prevent errors and irregularities 6

Internal Control Components applied to safeguard info 7

Access Controls / Controls to ensure customers only have access to their own accounts 8

General IT Controls 9

Controls to prevent or detect unauthorised transfer of funds 9

Impact of management override on Audit Approach 10

Possibility of using combined Audit Approach for valuation of inventory 11

Audit Approach Options for Accounts Payable System 12

Application Controls for ordering and receiving inventory 13

Master file 13

Data CAATS 14

Substantive Procedures: 16

General 16

Inventory 16

Risks and rewards of ownership have passed 17

Expense Accruals 17

Website 17

Development Costs 18

Leasing 18

Variances 19

Deferred Revenue 19

1
Provision for restoration costs 20

Protect on-line orders from fraudulent customers or those who don’t pay 20

Immoveable Property (Land and Buildings) 20

Imported Machinery 21

Hedging Positions 22

Expert 22

Going Concern 23

Factors to take into account for non-compliance 23

Effect of internal audit work on audit risk and audit approach 24

Key Controls 24

Functions of an Audit Trail 26

Planning use of Audit Retrieval Software 26

Principles to follow when delegating Audit Work 27

Audit Plan impact from management claiming for work they did not do 27

How to ensure no account in master file is excluded from selection 27

Controls over Systems Development/Program changes 27

Aspects to include in external service provider agreement to meet internal control

objectives 28

Risks and concerns with Wireless Networks 28

Effect of work performed by internal auditors on external audit fee 29

Considerations to reach a conclusion concerning appropriate form of the audit report to be

issued on F/S 30

Possible issues concerning accepting audit clients 31

2
CORPORATE GOVERNANCE
Corporate Governance/King Report Issues

 Majority of the non-executives on board of directors should be independent

 Board must comprise balance of executive and non-executives
 S90 - Auditor must be appointed at AGM and nominated by audit committee
 Removal of auditor can only be done at AGM. Unless auditor resigns, no vacancy
would be available
 Audit committee should consider independence of external auditor and determine
fees and terms of engagement and ensure in compliance with Companies Act
 S91 – in event of auditor’s resignation the board would fill the vacancy and not one
director
 S75 – Directors personal financial interest
 A register of director’s interests in contract should be kept i.t.o S24
 S44 – financial assistance for purchase of shares
 S45 – financial assistance to director or a person related to a director
 S41 – Share issues to director or person related to director and terms not same as
public – need special resolution
 S46 + S48 – Share buybacks and distribution
 S30(6)(f) requires disclosure of director’s remuneration, including financial assistance
to a person related to a director, in the financial statements
 The above contraventions of the Companies Act could all constitute reportable
irregularity
 S22 – reckless trading
 Director’s conduct could appear unethical and in breach of ethical values of
governance of Discipline, Responsibility, Accountability, Fairness and Transparency
 Transactions may also represent breach of director’s fiduciary responsibilities
 There must be a representation by the holding company on the board of directors
 Audit committee is required to meet with auditor once a year
 Directors meet at least 4 times a year
 Number of directorships accepted by non-executives need to be limited to ensure
boards on which they serve receive the full benefit of their expertise and knowledge
 Service contracts for executive directors may not exceed 3 years unless shareholders
grant permission
 Major portion of directors remuneration should be performance based, not fixed

3
Risks at the Overall F/S Level

 Listed company – non-compliance with JSE Manipulate results and overstate

 Major shareholder, director’s bonus assets and understate liabilities to
 Merger/acquisition show improved financial performance

 Management override
 Bribery – management integrity
 Audit deadline increases risk of undetected error
 Newly acquired sub – risks related to acquisition accounting i.t.o. IFRS3
 Changes/updates to IFRS = management lack of familiarity/not being up to date
 Going Concern risk due to difficult trading conditions, operating losses, high debt,
possible claims against the company
 Going concern is an automatic impairment indicator
 Weak corporate governance principles lead to weak control environment and risk of
management override
 New client – do not have benefit of previous auditor. Not fully familiar with
enterprise. Opening balances may be misstated (detection risk)
 Systems and controls may not have coped with expansion (control risk)
 Staff overworked and underpaid
 Subsidiary of company listed in US and London. Sarbanes Oxley Legislation will apply,
making flaws in governance structures more important. Group reporting difficult
 Disputes with previous auditor
 Related party transactions may not be accounted for correctly
 Company dependent on computer systems – risk of incorrect recording of
transactions and creating need to evaluate computer controls
 Privately owned enterprises often lack formal internal controls and proper
segregation of duties and are dominated by one individual
 Accounting records that are inadequate may result in material misstatement
 Outsourcing could result in possible undue reliance on third parties

Risks at the Assertion Level

Manufacturer

 Incorrect computation of labour and overheads = incorrect cost of finished goods

 Incorrect cost due to using incorrect measure of normal capacity
 Incorrect classification of inventory between RM, WIP and FG
 Incorrect allocation of labour between cost of inventory, PPE and property
development

Subsidiary

4
  Inaccurate elimination of intercompany profits
 Inappropriate disclosure of related party transactions

Importer

 Inaccurate recording due to using incorrect exchange rate

 Difficulties in recording import duties, shipping charges, freight
 Inaccurate recording of year-end liabilities due to failure to using correct closing rate
 Cut-off difficulties leading to over/understatement of inventories, inventory in
transit
 Incorrect recording of forex loss/gain on transactions
 Incorrect hedge accounting

Branches

 Inventories could be incorrectly counted at branches

 Inventory in transit between locations could be counted twice
 Weak accounting controls at branches = accounting errors

Deferred revenue

 Failure to defer revenue (occurrence of revenue, completeness of deferred revenue)

 Incorrect computation of deferred amount (valuation, accuracy)
 Failure to defer portion of sales revenue that may relate to free servicing

Derivatives

 Failure to recognise assets and liabilities at year end

 Incorrect reporting of liabilities, commitments arising from derivatives
(completeness)
 Inaccurate recording of fair values attributed to FECs and derivatives at accounting
date
 Need to use expert to assist in understanding of complex derivative instruments
 Incorrect accounting treatment of hedging costs (Cash flow vs Fair Value Hedge)
 Failure to recognise impairment

Development costs

 Failure to separate research and development costs

 Inaccurate capitalisation of development expenditure when it does not meet criteria
of IAS38
 Inadequate amortisation of costs capitalised
 Failure to recognise impairment

5
  Inflating amount of costs capitalised
 Incorrect computation or allocation of labour and overhead components

PPE

 High technology industry or PPE becoming unsuitable for use increases risk of
unrecognised impairment of PPE
 Amount spent on purchasing the PPE might not all relate to the capital asset and
thus may need to be treated as an expense

Inventories

 Increase in current assets and decrease in revenue suggests overstatement of

inventories and accounts receivable
 High technology industry and competitive market raises risk of inadequate allowance
against obsolete inventories and to reduce to NRV
 Specialised nature – may be incorrectly costed for final inventory amount
 Inappropriately accounting for goods on consignment
 Reliance on computer system for year end inventory quantities could create
difficulties in determining year end quantities
 Private ownership increases the fraud risk that invalid purchases could be included in
the purchases expense
 No access controls for ordering, receiving and recording increases risk
 No physical controls over goods receiving

Accounts receivable

 Using independent dealers increases risk of doubtful debt (valuation of receivable)

 Could be overstated with fictitious revenue

Lease

 Risk of accounting for lease and whether it is finance or operating lease

 For Finance lease: risks relating to measurement of fair value of asset
 Recognition of finance expense – PV used to determine interest and liability
 For finance lease, consider impairment and depreciation of the assets
 With operating lease, may be issues with straight-lining (completeness) and
disclosure (presentation)

Provision

 Whether provision meets criteria i.t.o. IAS37

 Estimation of the cost

6
  Accounting for the debit as a depreciable part of PPE
 Determination and measurement of provisions may require expert

Investment Property

 Could incorrectly classify property as investment property instead of PPE in order to

record gains in I/S
 Overstate value in investment property to inflate gain in change in fair value

Goodwill

 With new acquisition there may be risks with appropriate measurement of goodwill
taking into account fair values of net assets and liabilities
 Possible impairment of goodwill
 Complex requirements of IFRS3 may lead to goodwill being misstated

Risk of Outsourcing

Risk
Reliance on outsourcer for continuity of
business operations
Breach of confidentiality
Availability. Outsourcer may fail to deliver
timeously
Economy. Increased cost of outsourced
services
Integrity. Possible errors in validity and
completeness of commissions
Effectiveness. May compromise long term
strategy
Compliance with legislation
Consequence
Can jeopardise going concern ability
Our ability to price deals competitively may
be compromised
Negative reputational consequences
Risk of litigation
We may be unable to comply with reporting
deadlines
Negative reputational consequences
Negative publicity from failure to settle
claims timeously
Inability to write further new business
Potential litigation
Savings from outsourcing could be
compromised
May have to start hiring staff and deal with
own division again. Could lead to delays
Our decision making may be incorrect as it’s
based on inaccurate info
Reputational risk
Cash flow implications
Lag in achieving long term strategy as not
developed in-house expertise
Unnecessary costs/fines

7
Advantages and Disadvantages of Outsourcing IT

Advantages
Access to wider pool of IT skills
Cost savings as not necessary to employ IT
staff with experience
Access to latest technology and research
No need to attract and retain IT specialists
Less investment in research and
development of IT and training of staff
Frees management time to focus more on
strategic issues
Disadvantages
Management has less control over IT
IT operations and support further removed
from the business
Possible risk of being locked into absolute
technology
Risk that the outsourcer did not implement
the same level of controls as the company
Exposed to policies and procedures of
service provider
Poor definition of service levels resulting in
unsatisfactory service delivery
Can be costly and synergy or benefits are
seldom achieved
Going concern at risk if service provider
ceases operations

Procedures to be performed by Management to prevent errors and irregularities

Staffing
 Review selection procedures for staff
 Ensure adequate training

Setting of policies
 Acceptance criteria for new suppliers
 Pricing policy
 Quality specifications
 Goods return policy
 Trade/bulk discount terms
 Early settlement discount

Authorise any exceptions to stated policy and non-routine transactions

Supervisory functions
 Regular walk-through of activities
 Unannounced visits to staff
 Monitor organisational structure to ensure adequate segregation of duties

Approval of reconciliations

8
  Review reconciliations between ledger and control account
 Review recon between ledger and supplier statements
 Review recon between bank statement and cash book
 Review theoretical and physical inventory
 Review internal audit reports
 Review and follow up on following exception reports:
Integrity of Info
Unauthorised access/activity
Changes to access rights
Changes to standing data
Large/unusual orders or variances
Missing sequence numbers
Review of common customer complaints
Periodic review of master file and standing data
Efficiency and Effectiveness of Operations
Stock out situations
Review of economic order quantities
Age analysis
Discounts taken
Reasons for goods being returned to suppliers
Hedging activity
Legislation
Monitor stock levels so that orders will not lead to contravention of insurance
provisions
Overall review of results
Trend analysis
Average days purchases in accounts payable
Stock turnover
GP%

Internal Control Components applied to safeguard info

Control Environment

 Management should have strong commitment to customer satisfaction and

maintenance of effective internal controls
 Should implement an information security policy
 Strict policies and monitoring regarding employee access to private customer info
 Ensure internal audit department include risk in their review

Risk assessment

9
  Continually monitor risk factors relating to possibility of fraud/breach of
confidentiality in changes in economic, social and technological environment

Information System

 Identify all points in the information process at which info can be compromised:
point of entry, transmission, storage of info

Control Activities

Point of entry:
 Have unique registered domain name
 Digital certificate
 Ensure improper links/content not added to company website
 Input screens include warnings i.r.o. protecting info
 Customers should only be required to provide minimum info
Transmission:
 Info encrypted across network
 Firewall
 One-time password
Custody:
 Highly confidential info should be encoded and decoding requires appropriate keys
 Allocation of responsibilities done with segregation of duties
 Review logs of access
 Repeat customers should be allocated logon Ids so they can change personal info

Monitoring of Controls

 Management and internal audit department should review effectiveness of controls

on regular basis

Access Controls / Controls to ensure customers only have access to their own accounts

 Firewall
 Anti-virus
 Encryption
 Assurance logos
 Log-on ID’s for identification
 Edit checks to ensure no duplicate ID’s
 Password linked to log-on ID
 Automatic change of passwords every few weeks
 Passwords never appear on the screen

10
  Access rights restricted according to segregation of duties
 Security matrices, different levels of user access
 Rights disabled when customer no longer complies to agreed terms or no longer a
customer
 Access disabled after number of log-in attempts/ period of inactivity
 Unauthorised access attempts automatically logged and followed up
 Password file protected from unauthorised users
EFT specific
 Dropdown list of approved suppliers
 Restrict link to bank to one terminal
 Special passwords to allow users into EFT-client base
 Use of one-time passwords

General IT Controls

Organisational controls

 Segregation of duties: database admin, network admin, systems design

 Function of IS Department must be separate from users of the system
 Control over database should not be vested in one person
 Care in the selection and recruitment of staff
 New staff should be properly trained
 All staff sign a code of conduct

Controls over management of computer operations

 Standard procedures should be defined, communicated and adhered to

 Processing runs performed according to a planned schedule
 Logs and reports should be regularly reviewed and signed by appropriate level of
management
 Error reports should be produced and reviewed

Continuity of operations

 Adequate backup procedures

 Adequate physical environmental safeguards. E.g. UPS, air conditioning, fire
extinguishers
 Disaster recovery plan

Controls to prevent or detect unauthorised transfer of funds

 Employment practices to ensure integrity of personnel is appropriate

 Implement a security policy including policies such as: protection of viruses, use of
hardware and software, privacy of info, role and use of passwords

11
  There must be strict segregation of duties
 Strict physical security over specified terminals
 Access to desktop/laptop computers should be limited
 Proper safekeeping of all electronic media and user manuals
 Routine linkage procedures: visual confirmation of closed padlock and https
 Firewall and antivirus software
 Digital signatures and one-time passwords
 Controls over changes to software that manages payments
 All adjustments to accounts payable should be authorised by at least 2 senior staff
members
 Special authorisation from 2 senior members for the electronic transfer of funds
 Specify max amount of any individual fund transfer
 Limit EFT transactions to an agreed schedule with the bank
 Bank should request confirmation of EFT transactions prior to transfer of funds
 Regular review of accounts payable master file for EFT payments
 Monitor access to payments module and terminal link
 Computer validation checks on pending payments
 Exception report for transfers or refusals of transfers to accounts payable
 Regular independent reconciliation of supplier’s and bank statements to accounts
balances
 Details of bank transfers to be printed regularly and compared with accounts
payable register
 Regular review of supplier complaints
 Regular comparison of expenditure to budget
 Regular analysis of accounts for unusual items
 Management to do regular supervision and spot checks on payment process and
policies

Impact of management override on Audit Approach

Nature
 Perform substantive procedures on systems where general IT or application controls
is subject to management override
 Review integrity of any changes in accounting policies/estimates
 Place less reliance on representations by management
Timing
 Procedures concentrated on year end activities
Extent
 Extend audit tests in areas where significant account balances require judgement
 Extend audit tests on adjusting journal entries

12
Possibility of using combined Audit Approach for valuation of inventory

NATURE

Necessity

 Valuation of inventory is a significant risk. Therefore need to evaluate controls that

manage that risk
 Volume of transactions and complexity of system
 Determining raw materials cost is dependent on controls, therefore may not get
sufficient audit evidence from substantive procedures only
 Determining raw materials cost is dependent on computerised controls, therefore
necessary to test computerised application controls
 Then also test general controls over computer environment
 Existence and need to rely on general IT controls over computerised system
 Any special client requests

Possibility

 Effective control environment may allow more confidence in controls

 Design of general controls and application controls need to be sound before test of
control can be followed
 If controls over determining costs of raw materials are sound, then will be feasible to
test controls
 Controls monitored by internal audit suggest that they are reliable
 Testing computer controls requires client cooperation and access to the system, and
use of computer audit specialists
 Availability of suitable audit software makes testing computer controls more viable
 Possibility of relying on application controls in new system

Desirability

 Value added benefits – need to prepare management comments letter in terms of

value added audit service
 Staff training opportunities
 Efficiency and effectiveness of relying on new controls in system
 Cost effectiveness through reduction in substantive testing
 Long term benefits of future testing of controls placed on three year cycle provided
they are unchanged and do not address significant risks. Some controls tested every
year
 Cost effectiveness using work of internal auditors

13
  For computer controls, clearance must be obtained from client for processing
dummy data through the system
 Nature and extent of evidence of the strength of general IT controls obtained in prior
years that have not changed and do not address significant risks

TIMING

 Focus on doing procedures at year end

EXTENT

 Changes in inherent risk factors increase amount of audit evidence:

Volume changes
Staff turnover
Stock take results through the year
Volume of customer complaints
 Probable materiality of inventory for the year
 Extent on relying on any controls found to be effective in prior year

Audit Approach Options for Accounts Payable System

Option Use of CAATS

Control Based
Reliance on manual IT independent controls
Reliance on manual controls dependent on
IT information
Reliance on automated controls
Substantive Based
Testing of program logic
Testing of detail making up transactions
Analytical review procedures
Confirmation procedures
Schedule comparing computer produced
totals with input batch controls
Programme code investigation
Test data examining integrity of computer
info
ITF
Parallel processing
Test data examining valid and invalid options
Programme code investigation
Test data examining integrity of program
logic
SCARF routines
Use of data CAATS to select items for
sampling
Download records and performance of
statistical analysis
Extract sample of records and print out
standardised circularisation forms

14
Application Controls for ordering and receiving inventory

Ordering and receiving

 Segregation of duties must be implemented
 Logical access controls:
 System must identify terminal and check that its authorised before granting access
to read/write
 Employees requite user ID and password authentication to access
 Use screensaver with password if inactive for a while
 System automatically shuts down or log outs if 3 violation attempts
Ordering
 Generate a report of all inventory items that have reached reorder levels
 Ensure appropriate edit checks on report: alphanumeric, sign, reasonableness
 Access to editing restricted to store manager
 Each purchase order sequentially numbered
 Exception reports on pending orders for goods not received
Receiving
 Receiving area subject to strict physical access controls
 Only one entrance and only receiving clerks have access
 Receiving clerks count goods received and inspect quality and compare details to
delivery note
 System matches order number to pending order
 Only manager has access to override function
 All overrides logged and reviewed
 Apply alphanumeric check and limit check to quantity entered in receiving module
 Missing data check on all key fields
 System records on goods receiving report the user ID of the clerk responsible for
receiving the delivery
 On transfer of the goods from receiving bay to storeroom, the storeroom clerk
should check goods against receiving report and sign
General
 Management supervision
 All staff adequately trained
 Screen and document design user friendly

Master file

Validity

 Set initial credit limit

 Review appropriateness of credit limit
 User approved signed documentation

15
  Restrict access to update function
 Require log-on ID and authentication before amendment
 Senior management authorisation for overrides to any policies
 Identify any duplicated entries

Accuracy

 Staff should be adequately trained

 Input screens/documentation must be well designed
 Field names/codes to be standardised/automated
 Standard field to be subject to edit and validation procedures
 Only one standard file should be available to the applications programs at any time

Completeness

 All changes should be pre-numbered using pre-numbered documents or automated

sequencing
 All identified errors to be corrected and reprocessed
 Date and sequence number of changes made to master file to be reviewed to ensure
all changes made timeously

General

 Reconcile update control report to identified changes

 Before master file is updated, a backup must be made and marked with an external
file label

Data CAATS

How to use Audit Software for verification of Accounts Payable

 Casting individual accounts payable (accuracy, valuation)

 Casting accounts payable year end master file and printing out total
 Select sample according to set criteria e.g. all items above a certain rand value, nil
balances, duplicate account numbers (existence, completeness)
 Automatically print circularisation letters (existence, completeness)
 Accumulate total balances and print details of balances above specified rand value
(accuracy, valuation)
 Extract report of all receipts not matched to accruals (completeness)
 Identify from inventory master file goods received 3 days before and after year end
and compare supplier details and amounts to purchase transaction logs before and
after year end

16
  Identify from the accounts payable master file all payments 3 days before and after
year end and compare details to cash payment files records before and after year
end (completeness, cut-off)
 Perform ARP: extract monthly trends, quick ratio, current ratio, gross profit % (all)
 Extract list of all account payable accounts with debit balances (presentation)

How to use Audit Software for verification of Accounts Receivable

 Select sample for positive circularisation

 Compare receipts post verification date with Accounts Receivable file at verification
date
 Print list of duplicate account receivable numbers
 Produce exception reports of: overdue accounts, account balances greater than
credit limits, blank or zero limits
 Produce list of accounts under query and any adjustments in subsequent period
 Extract missing numbers in accounts receivable records
 Recalculate arithmetic accuracy of invoices and extract report with any errors
 Print lists of last sales and receipts for period and first for subsequent period
 Calculate total of accounts receivable master file
 Perform ARP: total balance, number of days in acc receivable, trend analysis, age
analysis, ratios of bad debts and doubtful debts to revenue
 Print out total list of credit balances

How to use Audit Software for inventory

 Schedule of total value of inventory broken into Raw material, WIP and FG
 Samples of high value items for verification
 Reports listing inventory items and total for inventory
 Report listing items not counted by staff for a period
 Details of standard quantities of a sample of items
 Details of slow-moving stock by reference to last purchase and sale date
 Age analysis
 List of finished goods where cost exceeds selling price
 Abnormal items: negative quantities or purchase prices, missing fields
 List of significant variances between actual materials issued and standard
 List of items where cost or quantity has varied significantly over the period
 List of significant adjustments to cost
 Comparison between current year and prior year for inventory quantities and values
for major items
 Schedule of movements in inventory: Opening, Purchases, Cost of sales, other
movements, Closing balance
 Computation of total raw materials issued to production

17
Substantive Procedures:

General

 Obtain management representation letter

 Obtain schedules of all balances
 Check opening balances to previous year’s F/S
 Agree year-end balance to the general ledger, trial balance and F/S
 Compute related adjustments to taxation and deferred tax
 Evaluate effect of any unadjusted errors and transfer unadjusted errors to summary
of audit differences
 Consider integrity, ethical values and competence of client personnel involved in
valuation

Inventory

 Items purchased locally

 Select sample of cost of inventories and check to suppliers invoices
 Imported Inventory
 Select sample of cost of imported inventory and check:
Cost in foreign currency to suppliers invoices
Shipping documentation to determine transaction date
Rate of exchange to bank documentation
Shipping duties, freight, etc, to documentation
Overall computation of cost
 Allowances for obsolescence and NRV
 Physically inspect sample of inventory and note any slow-moving/obsolete
 Enquire of staff of any slow-moving/obsolete
 Obtain recent selling prices by inspection of sales records
 Inspect sales invoices and check prices to selling prices recorded on system
 Review computations of selling and distribution costs
 Perform NRV comparisons on an item by item basis, recompute and compare to cost
 Discuss slow moving and obsolete inv with management and assess their
explanations as to why the allowance is adequate
 Recalculate inventory write-down and judge reasonableness
 Follow up items where inventory was written down in prior year to identify write
backs
 Perform analytical reviews of inventory turnover and enquire concerning poor
turnover
 Labour and overhead
 Obtain schedule of all payroll costs allocated to production
 Check payroll costs to payroll ensuring only wages paid to productive staff included

18
  Review payrolls and GL accounts to ensure all production related costs included
 Obtain schedule of overheads allocated and agree to GL
 Review basis of allocation for compliance with GAAP
 Consider client’s determination of normal capacity
 Reperform computations per client’s schedule
 Reperform allocation of labour and overheads taking into account normal capacity

Risks and rewards of ownership have passed

 Inspect contracts to ascertain terms of the sale whether or not risks have passed
 Inspect cash book to ascertain full payment has been made
 Request client to confirm in writing that the inventory is the property of the client
 Inspect correspondence relating to client’s request to store goods
 Inspect storage invoices to ensure rental is charged
 Inspect invoices to ensure sales have been properly recorded
 Review delivery costs to ensure that they are minimal
 Inspect insurance documentation to ascertain who bears insurable risk
 Inspect inventory sheets to ensure items not included in inventories

Expense Accruals

 Compare accruals list to list for previous year and investigate missing/unusual items
 Review cash book payments for period after year end and check items accrued to list
 Enquire of management and staff about possible accruals
 Review general ledger expense accounts for missing items which may be accrued
 Compare expenditure to budgets to identify possible accruals
 Review all long term agreements (insurances, leases, pension schemes, royalties) to
determine whether provision has been made for all accruals
 Cut-off of supplier accounts:
 Obtain last goods received note number from inventory count
 Select sample of goods received notes and trace details to supplier invoices
 Trace invoices to purchase records to ensure purchase recorded in correct period
 Review year end reconciliations for major suppliers to supplier statements for any
outstanding invoices which may require accrual
 Review any invoices still to be processed

Website

 Obtain schedule of website costs

 Cast schedules and reperform calculations
 Consider adequacy of payroll system as a basis for allocating costs

19
  Check times worked on websites for a sample of employees to time records,
ensuring correct hours are recorded
 Enquire of employees whether they actually worked on the websites
 Check rates per hour to payroll to ensure correct cost used
 Recompute cost of time worked
 Review schedule of allocated overheads to ensure only production related
overheads relevant to websites included
 Reperform computation of overheads
 Compare actual costs of website to budget and investigate differences
 Review and reperform amortisation calculation

Development Costs

 Examine appropriate authority – board minute/research manager approval

 Examine supporting documentations for correctness of amounts and classification
 Test allocation – R + D expenditure to be separated
 Determine FEB by reviewing minutes to confirm management’s intention to proceed,
market surveys to obtain an indication of future market, considering availability of
resources to proceed and reperform management’s estimate of FEB
 Substantiate existence and technical feasibility of the products by inspecting product
and supporting documentation
 Assess appropriate of amortisation and reperform
 ARP – expenditure on R+D, exp capitalised to exp written off, exp capitalised to
revenue

Leasing

Equipment (Asset):
 Check cost by inspecting suppliers invoice
 Ensure VAT is excluded by reperformance of arithmetical accuracy of cost
 Reperform present value computations
Depreciation
 Establish useful life of equipment by enquiry of technical personnel
 Enquire from client and inspect supplier documentation for residual value
 Compare depreciation rates to rates used for similar assets in previous years
 Reperform depreciation calculations
Impairment
 Consider possible signs of impairment and whether FEB exceed CV
 If CV exceeds FEB, check impairment charge reducing CV to recoverable amount
Completeness
 Physically inspect sample of equipment and trace to accounting records

20
  Analyse lease expense account to identify any finance lease which was treated as
operating lease
 Liability
 Reperform present value of future payments and interest expense
 Inspect bank documentation to check appropriateness of market related interest
rate used
General
 Perform ARP comparing depreciation as % of cost and ratios of fixed assets to
turnover

Variances

 Check arithmetical accuracy of variances

 Review variances from month to month to establish trends
 Enquire of management regarding reasons for variances
 Substantiate reasons by inspecting management reports
 Substantiate reasons for labour expense variance by checking details to payrolls
 Substantiate reasons for labour efficiency variance by comparing budgeted and
actual production
 Consider possibility that two variance offset each other
 Consider consistency and appropriateness of basis used for prorating variances into
inventory
 Reperform proration of variances
 Trace inventory adjustment to final inventory summary and lead schedule

Deferred Revenue

 Check final balance to ensure VAT is excluded

 Perform analytical review assessing reasonableness of relationship between fair
values and amounts of revenue recognised and deferred, deferred amount as % of
revenue, trends in amount deferred against trends in revenue
 Obtain a schedule of all sales made
 Inspect terms of the sale to ascertain exact terms of the deals
 Select sample of items from schedule and trace to sales invoices checking dates of
contracts and amounts involved
 Select sample of sales invoices and trace to schedule to check completeness
 Consider confirmation of details with customers
 Recalculate amount of revenue to be recognised this year and to be deferred for
next year
 Reperform clients computation of the allocations of revenue between sales, services
and interest
 For maintenance services, check the fair value by reperforming client’s estimates

21
 Obtain client’s workings and check to supporting documentation
Enquire of client staff concerning basis of estimation
Assess validity of assumptions regarding estimate
Consider use of expert in determining fair value

Provision for restoration costs

 Inspect records to establish date on which mine commenced operations

 Obtain schedule of estimates of the closure costs for the mines
 Obtain written opinions from experts about dates of closure of the mines and
environmental costs involved
 Enquire of client staff and experts regarding understanding of how the estimates
were computed
 Review estimates for reasonableness and agree to detailed supporting workings
 Reperform all calculations in the estimates
 Analytical Review: Actual restoration costs in the past to estimates made
 Enquire from management and experts to ensure adequate allowance made for
contingencies
 Check disclosure of this item in F/S including accounting policy note which should
include details on basis of estimation

Protect on-line orders from fraudulent customers or those who don’t pay

 Obtain personal details from customers, ID no, credit card details

 Provide customer with a PIN or password to identify themselves when placing orders
 Use challenge-response where customers answer questions they provided when
opening their account
 Request email address to contact customers to confirm order
 System should obtain clearance on credit card details. Direct link with the bank will
confirm that card is genuine and contains necessary funds
 Before goods despatched, funds transfer should be authorised
 System should check credit limit of approved longstanding customers
 Passwords, pins, card details must be kept secure
 Maybe request delivery address. Policy only to deliver to approved addresses
 Digital signatures
 Time stamps
 Logging records of system activity
 Web security seal to ensure website is secure

Immoveable Property (Land and Buildings)

Existence
 Perform a physical inspection of the building

22
 Inspect title deeds noting description of the property and that its registered in the
client’s name
Measurement
 Check cost of the property to audited financial statements
 Inspect formal written valuation certificates for various valuations and agree
valuation amounts to adjusting entries
 Consider valuator’s (expert) objectivity, independence etc
 Assess valuation assumptions used by valuator
 Reperform any calculations performed by valuator
 Consider reasonableness of the valuations in relation to market related rentals
Valuation
 Inspect condition of building for signs of impairment
 Reperform depreciation calculations
Completeness
 Enquire of client concerning any improvements, additions, alterations and inspect
building for any such improvements
 Consider possibility of alterations or improvements debited to maintenance account
in error
General
 Check tax computation to ensure that depreciation is added back
 Reperform all computations including adjusting entries to the fair value adjustment
and related deferred tax amounts

Imported Machinery

 Inspect the contract to ascertain validity, amounts involved and terms of the sale
 Inspect shipping documentation to ascertain date machine was received and
when risks and rewards passed as well as the other costs such as shipping,
import duties etc
 Confirm liability at year end, including confirmation that there is no interest
 Inspect invoices for the cost of installation
 Inspect bank documentation to support exchange rates provided
 Inspect forward contracts for the dates and amount
 Consider appropriateness of discount rate used in arriving at cost of machine
 Assess company policy for hedging transactions
 Reperform computations of
- present value at year end and transaction date
- cost of machine at spot rate at transaction date
- total cost plus shipping and installation charges
- year-end liability at year end spot rate
- fair value of FEC at transaction date and year end

23
 - gains and losses on foreign currency translations
- hedging gains and losses
- amounts taken to P+L and amounts taken to OCI

Hedging Positions

 Obtain a schedule of open positions at year end and select a sample of items for
detailed audit
 Consider adequacy of the system for recording open positions
 Obtain written confirmations from counter parties setting out details of all open
positions at year end
 Inspect correspondence for any changes in the terms and conditions
 Agree market values of the positions to the supporting documentation
 Where there is no active market, obtain client’s valuation models for determining
fair values of positions
 Assess assumptions (financial, economic, commercial) used in the valuation models
 Check detail per the valuation model to the contract terms
 Consider appropriateness of the discount rates used and whether appropriate risk
premiums are included
 Where future cash flows form the basis of the estimates: consider whether previous
forecasts have been reliable, check arithmetical accuracy and perform analytical
review of the forecasts
 Reperform computations of the valuations
 Consider using an expert or independent valuation model to assess model and
assumptions
 Where hedge is in-the-money consider impairment of the financial instruments in
light of the credit risk and issuer’s ability to honour the contract

Expert

 Obtain client’s permission for appointment of expert

 If client refuses, this would constitute scope limitation on the audit
Consider:
 qualifications and suitability
 Independence to client
 Reputation and experience
 Membership of professional body
Consult with expert prior to appointment regarding:
 Objectives of their assessments
 Basis on which work will be performed
 Methods of assumptions used
 Understanding of the purpose for which their opinions are required

24
  Form and content of their reports
Evaluate adequacy of the expert’s work, including
 Relevance and reasonableness of findings
 Consistency of findings with other audit evidence
 Relevance, completeness and accuracy of any source data used by expert

Going Concern

 Obtain cash flow forecast for the new financial year

 Examine sales trends in the new year to determine whether sales are improving
 Evaluate validity of the assumptions (commercial, economic and financial) under
which the forecasts have been prepared
 Consider whether previous forecasts have been reliable
 Consider correlation between the forecasts for the new year and actual performance
to date
 Check arithmetical accuracy of the cash flow forecast
 Inspect orders in respect of new product sales
 Reperform computation of profitability of new products
 Perform analytical review of results of new production facility to validate improved
productivity and profitability
 Review product costings to ensure products are sold at a profit
 By discussion with management, client bankers and key supplier form an opinion of
whether the company is likely to get ongoing support of financiers and suppliers
 Inspect correspondence with bank to assess likelihood of continued bank support
 Review cash flow forecast to ensure debt repayments and interest are properly
included
 Review events after balance sheet date for items affecting entity’s ability to continue
as a going concern
 Obtain management representations concerning future cash flows and going
concern status
 Consider effect on financial statements and disclosure

Factors to take into account for non-compliance

 Rechecking results to ensure error meets criteria of non-compliance

 Importance of control being tested (key control)
 Pervasiveness of control (general/application)
 Seriousness of the deviation
 Nature, cause and significance of deviation
 Existence of compensating control
 Is non-compliance so serious that management needs to be told immediately or can
you just include it in report to management

25
  How comprehensive was the testing? (sufficient sample size?)
 What effect does it have on other systems
 Should audit work be extended or what audit procedures should be employed?

Effect of internal audit work on audit risk and audit approach

Audit Risk

 Inherent risk will be reduced as internal audit demonstrates commitment to controls

and governance
 Control risk will be reduced as controls are more effective and monitored by internal
audit

Audit Approach

 Less work will be necessary on understanding systems and controls as these have
been documented by internal audit
 Combined audit approach is possible as controls are effective
 Approach is cost effective as controls already tested by internal audit
 If controls not changed, testing controls on three year cycle based on internal audit
work will be cost effective

Key Controls

Completeness and Accuracy of purchases

Control Tests of Controls

Completeness
All goods received in one area and incoming Observe and Enquire
goods are checked and details captured
System generates sequential orders and GRN Use audit software to test systems ability to
generate and follow up sequential numbers
System produces daily exception reports Use audit software to test systems ability to
which list all discrepancies generate exception reports
System matches invoice against GRN. Use audit software to test systems ability to
produce accurate list of unmatched GRNs
System produces listing of all unmatched
GRN. Discrepancies are investigated and
appropriate action taken
List is reconciled to the general ledger Check/reperform reconciliation
account and reconciliation is checked and
signed by department head Inspect for signature
Accuracy
System validates goods received against Use audit software to test systems ability to
orders and produces daily exception reports generate exception reports
System matches all details per suppliers Use audit software to test systems ability to

26
invoices to orders and GRNs and check
arithmetical accuracy
Inventory records, general ledger are
updated automatically and account
allocations are done by the computer
Completeness and Accuracy
System produces daily exception reports
that lists all discrepancies
Daily audit trails are produced and reviewed
by manager and signed
Incoming goods are checked for quantity and
agreed to suppliers delivery notes
match invoices details to orders and check
arithmetic computations
Use audit software to test systems ability to
process accounting entries
Use audit software to test systems ability to
generate exception reports
Inspect audit trails for signature
Observe and enquire

Goods despatched only to customers who have acceptable credit risks

Computerised validation of credit control Use audit software to validate operation of

this control
Credit controller’s ability to override Attempt to illegally access override facility
protected by restricting facility to credit
controller’s terminal and through use of a
password
Details of instances of overrides should be Inspect override reports
printed and reviewed by credit controller
Amendments to standing data files:
Software should require a password before Attempt to illegally amend files
any files can be amended
Each amendment should be approved by Inspect file amendment for evidence of
credit controller before data is input authorisation
Before new customers are added, Inspect documentation for evidence of
creditworthiness must be assessed and checks
credit controller should approve credit limit
System should number each batch of Inspect printouts for evidence of checking
amendments sequentially and print and approval
amendments
List of customers should be reviewed Enquire and inspect list
periodically

Invoices prepared for all goods despatched

Delivery notes should be sequentially Use audit software to check integrity of

numbered and system should check integrity sequential numbers
of sequential records
System should match all orders to delivery Use audit software to check matching of
notes and output lists of outstanding orders orders
System should match all delivery notes to

27
invoices and output lists of uninvoiced
deliveries
Despatch staff member checks goods packed
to orders. Packer and checker should sign
Goods leaving premises should be agreed to
delivery notes
Inspect list of outstanding items
Observe and enquire
Inspect order and delivery notes for
signature

Selling prices in accordance with management’s authority

System retrieves selling prices and discounts Use audit software to validate this
from standing data
System should restrict any price overrides to Attempt to illegally access override facility
a certain limited range. Special password for
overrides outside a range
All overrides should be printed for review Inspect override reports for evidence
Sales director should authorise changes in Inspect price amendment document for
prices evidence of authorisation
Prices on computer files should be checked Enquire about this. Inspect documents
to manual records and errors corrected
Implement access controls to ensure only Enquire and observe
authorised persons can input and authorise
data
Input data subject to edit/validation checks Use audit software to check this

Functions of an Audit Trail

 Allow management to follow history of a transaction

 Allow auditor to follow history of a transaction
 Permit recovery when user incorrectly updates or deletes a record
 Investigate causes when record is erroneous
 Assist recovery from massive file destruction
 Assist in correcting file where data damage is program caused
 Correct false information that is sent to system users
 Assist in recovery from system failure
 Monitor way system is being used
 Provide evidence in case of a dispute

Planning use of Audit Retrieval Software

 Cost effective
 Necessary regarding volume of data and complexity of system
 Compatibility between ARS and client’s hardware, software and layout
 Availability of generalised ARS
 Availability of computer time

28
  Timing of procedures due to data retention period of one month
 Timing of procedures owing to tight deadline
 Ability of audit staff to run ARS and whether computer audit specialist required
 Adequacy of client’s general controls to ensure integrity of software

Principles to follow when delegating Audit Work

 Competent staff
 Adequate instructions
 Supervision
 Review
 Independent

Audit Plan impact from management claiming for work they did not do

 Decrease level of acceptable audit risk

 Increase level of inherent risk with regards to occurrence of purchases and existence
of accounts payables
 Fraud is a significant risk, therefore review management design and implementation
of controls
 Lower materiality due to increase in risk
 Place less reliance on representations by management
 Exclude reliance on control activities where there is possibility of management
override

How to ensure no account in master file is excluded from selection

 Test run program on dummy file and check results against pre-determined results
 Review program logic
 Check that no specific account is mentioned in the program
 Observe computer run to determine whether correct master file was used and
correct operating instructions were followed
 Review activity and access logs to determine correct master file was accessed
 Reconcile number of records accessed to number of records in acc payable master
file

Controls over Systems Development/Program changes

 Requests for changes should be written on pre-numbered change request forms and
recorded in a register
 Changed forms authorised in writing by CIS manager for operating system, and by
CIS manager and user manager for changes to application software
 Significant changes must be authorised by computer steering committee

29
  Users to be involved in definition of system requirements
 Functions of system analysts and programmers to be defined
 Procedures and techniques to be standardised
 Analysts design the system
 Programmers write new programs
 Changes made only to test versions, not live versions
 Users to review and authorise every phase of development or change
 CIS manager should approve logs of all changes
 Staff to be adequately trained
 Systems backed up to prevent loss
 Documentation of all changes
 Post-implementation review

Aspects to include in external service provider agreement to meet internal control

objectives

 Economic
 Basis on which fees will be charged
 Liability for loss of data
 Efficiency
 Exact responsibilities of both parties
 Methods of communication
 Content and format of input and how it will be delivered to service provider
 Effectiveness
 Content and format of output
 Confidentiality
 Safeguarding of clients info
 Availability/ continuity/safeguarding of assets
 Termination conditions
 Arrangements for recovery of records from loss or destruction
 Ownership of data and programs
 List of controls/changes to be applied by service provider
 Compliance with legislation
 Comply with industry legislation and international legislation

Risks and concerns with Wireless Networks

Integrity of info
 Viruses
 Unauthorised access to network, use of utilities, changes to programs or changes to
data

30
 Accuracy and completeness
 Incomplete transmission due to inexperience of users with technology
Confidentiality of Info
 Unauthorised use of info
Availability
 Interruption due to hacking or technological breakdown
 Destruction of data or programs
Efficiency and effectiveness
 Staff resistance to change
 Risk of loss/theft of laptops
Legal exposure
 Non-compliance with licensing arrangements

Effect of work performed by internal auditors on external audit fee

 In terms of ISA 500, the onus is on external auditor to obtain sufficient appropriate
audit evidence to draw reasonable conclusions to base the audit opinion
 If external auditor places reliance on work of internal audit he must be satisfied that
work constitutes appropriate audit evidence
ISA 610
Objectivity
 This can be compromised by:
 Financial director reviewing and table internal audit findings at board meetings
 No audit committee which will compromise independent non-executives to ensure
no restrictions placed on work of internal audit
 Internal audit department become involved in the operations of the company by
designing systems of internal control
 Staff members assisting on the internal audit who was previously employed at Head
Office
Technical Competence
 The fact the internal audit has permitted the above to take place points to concerns
about the technical competence of the staff of the internal audit department
 Raises concerns about training internal auditors receives
 Experience and qualifications of staff involved
Scope of function
 The relevance of the work by the internal auditor on the external audit is likely to be
limited
External audit work
 Reviewing company policies and procedures for completeness and appropriateness
and identifying areas for improvement may assist in improving effective operation of
internal control systems, but will only reduce time spent on audit if auditor intends

31
 testing operating effectiveness of the internal financial control systems and areas
were remedied as to reduce risk that system will fail to prevent or detect and correct
material misstatements
Assessment of internal auditor’s work
 Internal auditor’s work will be tested by:
 Performing review of their working papers
 Reperformance of items already tested by internal audit
 Performing tests on similar items
 Observation and enquiry of internal audit procedures
 The auditor will consider whether:
 Work was performed by persons with adequate training and proficiency
 Conclusions are supported by audit evidence and are appropriate
 Exceptions, errors and abnormal items were properly resolved

Considerations to reach a conclusion concerning appropriate form of the audit report to

be issued on F/S

Are the issues quantitatively material?

 Audit differences should be considered individually and in aggregate
 *Compare each audit difference line item and aggregates to the final materiality
figure. If higher then it is quantitatively material*
Qualitatively material?
 Consider nature of the errors
 The apparent trend towards overstatement of net assets and income
 Contraventions to IFRS
- Consider the Companies Act requirement to comply with IFRS and the possibility
of misleading financial reporting
 Managements reasons for not adjusting the errors
 Distinction between known errors and projected errors
- If the errors contain a strong element of projected error, consider performing
additional substantive work to establish the level of error with more certainty
 Effect on ratio’s and trends
Conclusion
 Request adjustment on the items above materiality and not qualify if not adjusted.
IFRS contravention would however influence to qualify audit opinion
 Failure on the client to adjust where necessary would lead to a qualified report
Communication with those charged with Governance
 Should communicate all audit differences to those charged with governance and
record their responses
Documentation
 Document decisions comprehensively

32
 Reportable irregularity
 Report would be modified to draw attention to the fact that a reportable irregularity
has been reported to IRBA

Possible issues concerning accepting audit clients

 Consider high risks of clients within their activities and operations

 Dismissing previous auditors due to disputes leads to concerns of management’s
commitment to transparency – would therefore be questionable whether
procedures for client acceptance have been followed properly
 Dismissal due to disputes could also be non-compliance with IFRS
 Firm should consider and document the independence of all members of the
engagement team and not only the person that completes the engagement form
 Provision of non-audit services to clients could create self-review threat to
independence and objectivity
 High amount of non-audit fees could create self-interest threats to independence
 Look for familiarity and intimidation threats
 Consider the integrity of management
 If none of the directors receive remuneration, this could be bias to overstating
profits or they are getting their income in other ways such as misappropriation of
cash sales
 Possible breach of fiduciary duties by directors
 Failure to complete VAT returns indicates lack of management integrity
 Allegations of theft indicates high risk of fraud
 Going concern difficulties
 Keeping accounting records on a spreadsheet is a violation of S28 of Companies Act
to keep proper accounting records

33