Merged Tests - 231016 - 111010 - 240120 - 142540

TEST 1 QUESTION PAPER
4 SEPTEMBER 2010
SUBJECT : GENERAL AUDITING 3 CODE: RGO302/RGO352
TIME : 90 MINUTES MARKS : 70
EXAMINERS : MODERATOR :
Prof G Radder Prof F E Prinsloo

Mr G Penning
Ms C Green
SPECIAL INSTRUCTIONS
1. All questions must be answered.

2. Start each question on a new page.
3. Number your answers clearly.
4. Organise your answers under appropriate headings and present in point form where
possible.
5. Although the primary purpose of the test is to assess the candidate’s knowledge and
application of the subject matter, the ability to organise and present such knowledge in
acceptable written language will be considered by the examiners. Marks for
presentation have been allocated for this very reason.
6. Any assumptions made by candidates should be clearly stated.
NOTE : This paper consists of 2 questions on 3 pages (excluding cover page).
ANSWER BOOK
QUESTION MARKS MINUTES
1 23 30 Book A
2 47 60 Book B
70 90
Page 1 of 3 pages
QUESTION 1 (23 MARKS: 30 MINUTES)
PART A (8 Marks)
MiSpares (Pty) Ltd operates a franchise business and has twenty franchisee stores in operation
throughout South Africa. The franchisee must use the IT systems as prescribed by the franchisor.
Currently MiSpares (Pty) Ltd is busy developing a new re-ordering system for inventory items at
each store. The main objective for developing the new system is to ensure that no store is out of
inventory items. The new system will use the past year’s sales to determine the optimum re-order
level.
The directors have requested that the switch over from the old to the new system should be done
with the least disruption to business and that the new system must be thoroughly tested before
implementation.
YOU ARE REQUIRED TO:
a) Describe four implementation methods available to MiSpares (Pty) Ltd. (6)
b) Choose the implementation method that you believe to be the most suitable and provide
reasons for your choice. (2)
PART B (3 Marks)
MiSpares (Pty) Ltd maintains an Access Database which stores accounting information for 5 years.
The CEO is concerned that sales of one particular product has declined over the past 2 to 3 years
and has requested information regarding the sales of this product.
(a) After a query (like the sales decline) has been formulated (written) in SQL or QBE, what tool can
be used to display the information in a well presented format with headings and totals? (1)
(b) Which Access tool would you use to GRAPHICALLY show this decline? (1)
(c) Name the information you would include on the two axes. (2 x ½ = 1)
PART C (12 Marks)
The CEO of MiSpares (Pty) Ltd is concerned about the development of the new re-ordering system
and has the following questions:
(a) What are the two techniques available for scheduling and monitoring to ensure that the project is
completed on time? (2)
(b) What are possible reasons why entities need to change their computer systems? (6 x ½ = 3)
(c) What can be done to overcome the behavioral problems of employees not being in favour
of change? (6 x ½ = 3)
(d) What are the stages of a Systems Development Life Cycle? (4 x ½ = 2)
(e) What are the basic prototyping steps? (4 x ½ = 2)
YOU ARE REQUIRED TO answer the CEO’s questions.

Page 2 of 3 pages
QUESTION 2(47 MARKS: 60 MINUTES)
PART A (35 Marks)
You are the senior in charge of the audit of Arctica (Pty) Ltd, a medium-sized wholesale company
distributing camping and skiing gear. You have been tasked to evaluate the general controls in Arctica
(Pty) Ltd’s computerized financial system. The company’s main shareholder and managing director,
Sarah Snow, has expressed concern that during the year under review some data loss has occurred and
on several occasions the business had to temporarily halt its operations for reasons she does not fully
understand. You have determined the following:
1. Sarah Snow has a number of overseas business activities, resulting in her being away from Arctica
(Pty) Ltd during some weeks of the year. For this reason, she has chosen not to get involved in the
company’s information and communication technology (ICT) matters and has given full responsibility
for ICT to the ICT supervisor, Wally Winter. Wally solely decides what ICT equipment to buy and who
to appoint in the event of vacancies in the ICT department. She has also authorized Wally to have full
access in making corrections to financial information on the system in the event of an emergency when
she is out of the country. Fortunately Wally, like his ICT staff, is very knowledgeable of computer-
related matters and he even assisted in the design of part of the financial software package in use by
the company.
2. User terminals in both the stores and administrative department are linked to the mainframe computer
through a local area network (LAN). Sarah has given her financial manager her username and
password in the event that he needs to urgently approve transactions in her absence. Sarah’s user ID
provides super-user access to all components of the financial system.
3. During the year, Sarah Snow closed the staff tea room in order to convert it to a server room for the
mainframe computer due to the room being air conditioned and situated well above ground level. The
server room now also doubles as Wally’s new office. It led however, to much dissatisfaction amongst
staff and especially for Wally Winter, as he was the staff member who frequented the tea room most
often. Accordingly, when Sarah is away on overseas business, he allows staff into the server room to
“relive the good old days” when it was still a tearoom. He serves coffee to his “visitors” and encourages
their presence by inviting them to have their lunch in the server room with him.
4. At the end of every three month period, Wally Winter’s two assistants back up all data and programmes
stored on the mainframe onto digital video discs (DVDs). The discs are then submitted to Wally who
labels them and locks them away in a cupboard in his office. Arctica (Pty) Ltd’s internal auditors have
performed test procedures on the company’s disaster recovery plan as well as uninterrupted power
supply (UPS) systems and found these to be in order.
5. Wally Winter has been tasked with issuing user names to all new employees, as well as setting
up and maintaining the staff’s access profiles on the financial system. After a profile has been set
up, changes can only be made if the employee requests the change directly from Wally, in writing.
All passwords must be at least 3 digits long and be changed on 30 June each year. When an
employee wants to change his/her password, the new proposed password must first be submitted to
Wally or an ICT assistant for verification.
Page 3 of 3 pages
a) Distinguish between general controls and application controls in a computerised environment. (4)
b) Identify and explain the weaknesses in the general controls at Arctica (Pty) Ltd based on the
information provided. For each weakness you have identified, explain the consequence(s) of the
weaknesses identified. Structure your answer as follows:
1. Control environment and security policy (5)

2. Organizational structure and personnel practices (5)
3. Continuity of operations (8)
4. Logical access controls (11)
Presentation: (2)
PART B (5 Marks)
The following controls have been implemented at Arctica (Pty) Ltd
1. Staff are frequently sent on computer training courses.

2. A detailed disaster recovery plan has been prepared.
3. When taking sales orders over the phone, the sales clerk must first check that the person calling is
a customer.
4. Employees are forbidden to play computer games on the internet.
5. The payroll is compared to the employees masterfile to ensure that only valid employees are paid.
6. Back-ups are made of all files on a daily basis and stored off-site.
7. All log-in violations are reviewed by Wally Winter.
8. All masterfile amendments is compared to the supporting documents by the financial manager.
9. The monthly supplier’s age analysis is compared to the suppliers ledger by the financial manager.
10. A programmed validation test ensures that no staff member can be paid for more than 40 normal
working hours per week.
YOU ARE REQUIRED TO state whether each of the controls stated above are general or application
controls.
PART C (7 Marks)
Sarah Snow has attended a workshop on improving sales of distributing camping and skiing gear.
She was surprised when one of the presenters mentioned that the way data is processed could
affect the effectiveness of your credit sales systems. She mentioned that the presenter referred to:
batch input/ batch processing;
online input/batch processing and
online/ real time processing
systems and that she did not understand these different processing methods.
Explain the steps required to input/process data for a credit sales system for each of the following
methods of data processing. Your answer should also clearly indicate the files which would be
created for each of the methods:
1. Batch input/batch processing (3)

2. Online input/batch processing (2)
3. Online/real time processing (2)
Note: You are not required to discuss controls within any of the systems.
DEPARTMENT OF AUDITING AND TAXATION
GENERAL AUDITING 3
RGO302/RGO352
TEST 1
4 SEPTEMBER 2010
SUGGESTED SOLUTION
Page 1 of 6 pages
SUGGESTED SOLUTION TO QUESTION 1

PART A
1.(a) Four major forms of system conversion include:

Parallel Conversion: - Both the old and the new system are operated until the project
development team and end user management agree to switch completely over to the
new system. It is during this time that the operations and results of both systems are
compared and evaluated. Errors can be identified and corrected, and the operating
problems can be solved before the old system is abandoned. (2)
Phased Conversion: - Only parts of a new application or only a few sites at a time are
converted. A phased conversion allows a gradual implementation process to take
place within an organization. (2)
Pilot Conversion: - Where one site serves as a test site. A new system can be tried
out at this site until developers feel it can be implemented throughout the organization. (2)
Plunge/Direct Cutover: - Use the system immediately, and totally abandon the old (2)
system.
Max. (6)
(b) Pilot Conversion: (1)
 Only 1 franchisee is affected. (1)
 The franchisor can control changes and be on hand to support the franchisee
until the new system is working as required. (1)
Max. (2)
PART B
2. Report – report creator – moving it to report – anything that shows they know and (1)
(a) have used it.
PivotChart tool (1)
(b)  Time
 Total/Quantity of sales. (½)
(c) (½)
PART C
3. Pert charts and (1)

(a) Gant charts (1)
– To respond to changes in user needs or business needs. (½)

(b) – To take advantage of or respond to technology changes. (½)
– To accommodate improvements in their business process. (½)
(½)
– To gain a competitive advantage and/or lower costs.
(½)
– To increase productivity. (½)
– To accommodate growth. (½)
– To accommodate downsizing or distribute decision making (½)
– To integrate incompatible systems. (½)
– To replace a system that is aged and unstable. (½)
Max. (3)
Page 2 of 6 pages
(c) – Meet needs of the users (½)

– Keep communication lines open (½)
– Maintain a safe and open atmosphere (½)
(½)
– Obtain management support
(½)
– Allay fears (½)
– Solicit user participation (½)
– Make sure users understand the system (½)
Max. (3)
– Systems analysis (½)
(d) – Conceptual design (½)
– Physical design (½)
(½)
– Implementation and conversion
(½)
– Operation and maintenance
Max. (2)
– Identify basic systems requirements (½)
(e) – Develop initial prototype that meets agreed-on requirements (½)
– Users identify changes, developers make changes, and system is turned over to (½)
(½)
user
– Use system approved by users
Max. (2)
Page 3 of 6 pages
a) General Controls are those controls which:

 Establish an overall framework of control over computer activities and which (1)
 Should be in place before any processing of transactions get underway i.e.
independent of processing. (1)
Application controls are controls over:
 Input, processing and output of financial information relating to a specific (1)
application e.g. wages to ensure that
 Such information is valid, accurate and complete e.g. the authorization of a
purchase order. (1)
Total: (4)
b) 1. Control environment and security policy
1.1 Weakness: Sarah Snow does not get involved in any aspects of the company’s
ICT matters, indicating poor leadership over the company’s operations and internal (1)
control.
Explanation: ICT staff and employees will not take ICT-related controls seriously (poor
control awareness), resulting in a possible breakdown of the internal control structures of (1)
the company.
1.2 Weakness: Wally Winter has full control over ICT-related decisions as there is no
ICT steering committee. (1)
Explanation: Firstly, Wally Winter can make decisions which are not aligned with the
operational and financial strategy of the company, leading to possible financial losses
(e.g. if unnecessary or substandard computer equipment is purchased). (1)
Secondly, the absence of a strong steering committee increases the risk that poor,
inappropriate decisions pertaining to computer matters will be taken and that adequate
control over the section won’t be exercised. (1)
Thirdly, Wally may purchase unnecessary or substandard computer equipment, and/or

choose suppliers who cannot properly serve the company’s business needs. (1)
1.3 Weakness: There is generally a weak internal control environment within the
company (weak “tone at the top” / not leading by example), as
* the managing director and financial manager share user IDs and have super-user (1)
access to the system.
* Sarah Snow, being the managing director, has given authorization to her ICT
supervisor to make financial changes to the system. (1)
Explanation: This practice does not communicate the importance of good internal
control to employees and may lead to employees abusing internal controls in the
company without fear of reprimand. (1)
2. Organizational structure and Personnel Practices
2.1 Weakness: There are no clear reporting lines as the ICT supervisor (Wally
Winter) doesn’t have particular reporting responsibilities to either the Board of
Directors or an ICT steering committee. (1)
Explanation: This means that the ICT has no direct representation on the Board to give
it authority and to assist in promoting a clear organizational structure within the company. (1)
Page 4 of 6 pages
2.2 Weakness: Wally Winter is given too much authority in respect of ICT-related
matters and fulfills functions which should be carried out by others (insufficient (1)
segregation of duties).
2.2.1 Weakness: Wally has “sole responsibility” for appointing new ICT staff. (1)
Explanation: This may result in unsuitable staff being employed (e.g. friends and (1)
family).
2.2.2 Weakness: The ICT supervisor (Wally) has access to the financial system
since he can make corrections to financial information, even though he was also
involved in designing the system. (1)
Explanation: Wally will be able to possibly circumvent controls in the system and
cover up his actions, as he has in depth knowledge of how the financial system (1)
works.
3. Continuity of operations
3.1 Weakness: The positioning of important components of the mainframe e.g.

servers in a room:
 with other general office equipment (it is Wally’s office); (1)
 which is not access controlled; (1)
 which is used as a (social) staff gathering place; (1)
 where drinks and food are consumed (risk of water damage); (1)
Explanation:
(i) These conditions increase the risk of damage to the hardware e.g. drinks or
food could be spilled onto electronic equipment, resulting in its malfunction
and disruption to processing. (1)
(ii) The failure to physically secure (access control) the hardware increases the
risk of accidental or intentional damage to the servers (sabotage), hacking (1)
and theft.
3.2 Weakness: Data is inadequately backed up:

 No automatic back up takes place (only manual); (1)
 Backups are not performed frequently enough; (1)
 The DVDs are inappropriately stored (not in a fire-proof safe but in a (1)
cupboard)
 No off-site storage of backups as the backup DVDs are only stored in the (1)
server room.
Explanation:
(i) Backing up only every three months means that a great deal of information
include month end information) could be lost should a disaster occur. (1)
(ii) Simply locking the DVDs in a (non-fire proof) cupboard in the server-room as
opposed to storing them off-site does not sufficiently protect the company
against the risk of losing the data should a disaster occur e.g. fire at the (1)
premises or theft.
4. Logical Access Controls
4.1 Weakness: Granting of access to the managing director and financial manager to
all parts of the system through the use of a super-user ID i.e. failure to implement
the least privilege principle (insufficient logical access controls). (1)
Explanation: Allowing the managing director and financial manager logical

access: (1)
* substantially increases the risk of unauthorized entry to the system / manipulation
of data and (1)
* leads to inadequate isolation of responsibility on the system.
Page 5 of 6 pages
4.2 Weakness: User passwords are

 Not changed regularly enough (it is only changed once a year); (1)
 Not at least 6 characters in length (alphanumeric); (1)
 Not kept confidential (Sarah shares her password with her financial (1)
manager).
 Known by ICT staff (since it must be “verified by ICT staff first). (1)
Explanation:
(i) Having passwords that don’t change regularly increases the possibility of
passwords that have been deliberately or accidentally distributed, being used
for unauthorized purposes. (1)
(ii) Having passwords that are only 3 characters in length, increases the risk of
passwords being correctly guessed by persons who want to attempt to gain
unauthorized access to the system; (1)
(iii) Having passwords authorized by the computer section (ICT):
* compromises the basic requirement that passwords remain private and (1)
* leads to the possibility of ICT staff using the access right to “masquerade”
as (1)
financial staff while making unauthorized changes to financial data.
(iv) The same concern (passwords not kept confidential) arises with the financial
manager who has access to the managing director’s password. (1)
4.3 Weakness:
(i) Employees themselves are able to change their access privileges. (1)
(ii) Wally Winter can change user profiles as he wishes. (1)
Explanation:
(i) Allowing employees to decide what access they should have (and not their (1)
supervisors/the financial manager) undermines sound segregation of duties.
(ii) It is doubtful whether Wally Winter, the ICT supervisor, will understand
exactly who should have access to each part of the system without input from
the financial manager. (1)
Presentation: (2)
Possible: (44)
Max: (31)
PART B
1. General (½)
2. General (½)
3. Application (½)
4. General (½)
5. Application (½)
6. General (½)
7. General (½)
8. Application (½)
9. Application (½)
10. Application (½)
Max (5)
Page 6 of 6 pages
PART C
1. Batch input/ Batch processing
1.1 Invoices are collected into distinct batches in the user department – e.g. sales
invoices, and properly identified, e.g. description, date and control totals taken e.g.
hash numbers of invoices. (1)
1.2 Details of the batch and information from the invoices within the batch are keyed
into the computer and stored on a “batch file”. (1)
1.3 The batch file would be validated and sorted into debtors master file record
sequence (alphabetic debtors) to create a “sorted sales transaction file”. (1)
1.4 On a predetermined day (say 25th each month) or daily (prefereable) the existing
debtors masterfile would be updated from the “sorted sales transaction file” to
produce the current debtors masterfile. (1)
2. On line input/ batch processing
2.1 A sales order, for example taken over the telephone, would be keyed in via a
terminal directly onto the “unsorted sales transaction file” (validation takes place at (1)
this time).
2.2 This file would be sorted into debtors master file record sequence to create the
“sorted sales transaction file”. (1)
2.3 On a predetermined date (say 25th of each month) or daily (preferable) the
existing debtors master file would be updated from the sorted “sales transaction
file” to produce the “current debtors masterfile”. (1)
3. On line/real time processing
3.1 A sales order will be entered into the system via a terminal (validation takes (1)
place).
3.1.1 As entry takes place the debtors master file (which will be right up to date)
is immediately updated. (1)
3.1.2 A transaction log indicating time and date of each on line entry should be
created, simultaneously with the masterfile update. (1)
Possible: (10)
Max: (7)

4 SEPTEMBER 2010
SUBJECT : AUDITING 3 CODE: RO302/RO352

Mr G Penning
Ms C Green

possible.

ANSWER BOOK
1 18 23 Book A
2 52 67 Book B
70 90
Page 1 of 4 pages
PART A (6 Marks)
level.
implementation.
c) Describe the implementation methods available to MiSpares (Pty) Ltd. (4)
d) Choose the implementation method that you believe to be the most suitable and provide
PART B (5 Marks)
MiSpares (Pty) Ltd maintains an Access Database which stores accounting information for 5 years. The
CEO is concerned that sales of one particular product has declined over the past 2 to 3 years and has
requested information regarding the sales of this product.
a) Which Access tool would you use to GRAPHICALLY show this decline? (1)
b) Name the information you would include on the axes. (2 x ½ = 1)
c) Examine the REA diagram below. Describe/explain the business rules the relationship
represents. (3)
Page 2 of 4 pages
PART C (7 Marks)
The CEO of MiSpares (Pty) Ltd is concerned about the development of the new re-ordering system and
has the following questions:
(a) Name two techniques that are available for scheduling and monitoring to ensure that a project is
completed on time. (2 x ½ = 1)
(b) Briefly describe the role the accountant can play in the successful development and implementation
of information systems. (3)
(c) State what can be done to overcome the behavioural problems of employees not being in favour of
the change. (6 x ½ = 3)
Page 3 of 4 pages
PART A (23 Marks)
(Pty) Ltd’s computerized financial system. The company’s main shareholder and managing director is
Sarah Snow. You have determined the following:
company’s information and communication technology (ICT) matters and has given responsibility for
ICT to the ICT supervisor, Wally Winter. Wally decides what ICT equipment to buy and who to appoint
in the event of vacancies in the ICT department. Sarah has also authorized Wally to make corrections
to financial information on the system in the event of an emergency when she is out of the country
(since Wally is very knowledgeable of computer-related matters).
2. Sarah has given her financial manager her username and password in the event that he needs to
urgently approve transactions in her absence. Sarah’s user ID provides super-user access to the
financial system.
3. Wally Winter has been tasked with issuing user names (user IDs) to all new employees, as well as
setting up and maintaining the staff’s user profiles on the financial system. After a profile has been
set up, changes can only be made if the employee requests the change from Wally, in writing. All
passwords must be at least 6 digits long and be changed on 30 June each year. When an employee
wants to change his/her password, the new proposed password must first be submitted to Wally or an
ICT assistant for verification.
through a local area network (LAN). You have obtained reliable internal audit reports from the
company’s internal auditors in which you noted that disaster recovery controls (including procedures
over backups) operate efficiently. You have also noted no concerns over the security and physical
environment of the mainframe computer room.
YOU ARE REQUIRED TO identify and explain the weaknesses in the general controls at Arctica (Pty)
Ltd based on the information provided. For each weakness you have identified, explain the
consequence(s) of the weaknesses identified. Ignore the information in Part B, C and D for the purpose
of answering Part A. (23)
Page 4 of 4 pages
PART B (14 Marks)
Wally Winter contracted PC Power (Pty) Ltd to install and maintain Arctica (Pty) Ltd’s network and
computer hardware equipment, including terminals and the mainframe computer (server). PC Power (Pty)
Ltd is a small company recently established by Wally Winter’s brother, Chilly Winter. PC Power (Pty) Ltd
also installed the necessary system software as well as a number of off-the-shelf applications (including
the financial package) for Arctica (Pty) Ltd. An informal arrangement between the two companies makes
PC Power (Pty) Ltd responsible to carry out all general program maintenance.
Chilly Winter, not having many other clients, spends a lot of time in Wally’s office and keeps himself busy
by experimenting with enhanced program features on Arctica (Pty) Ltd’s financial package. Chilly knows
where to obtain programming code and add-on modules from the internet and downloads many program
features accordingly. As Chilly charges by the hour, he installs the new features directly on the live system
in order to reduce the costs to Arctica (Pty) Ltd.
YOU ARE REQUIRED TO identify and explain the concerns that arise resulting from the information
provided above. (14)
PART C (12 Marks)
During your visit to determine the general controls of Arctica (Pty) Ltd you bumped into Purco Purchases,
the newly appointed buying officer. He informed you that one of his duties is to evaluate potential
suppliers and negotiate contracts with the suppliers, which he enjoys. But he added that he also has the
responsibility to maintain Arctica (Pty) Ltd’s suppliers masterfile, and he has no idea how it should be
done. On further enquiry he informed you that he must use Dick Buy, the buying clerk, to capture
amendments to the suppliers masterfile and that Joe Finance must review all amendments to the
suppliers masterfile. He further informed you that he has no idea what controls to implement to ensure
that amendments to the suppliers masterfile are valid, accurate and complete.
YOU ARE REQUIRED TO advise Purco Purchases on which controls should be in place over the
amendments to the suppliers masterfile. (12)
PART D (3 Marks)
The following controls have been implemented at Arctic (Pty) Ltd.

2. The monthly supplier’s age analysis is compared to the supplier’s ledger by the financial manager.
controls. (3)
AUDITING 3
RO302/RO352
TEST 1
4 SEPTEMBER 2010
SUGGESTED SOLUTION
Page 1 of 5 pages

PART A

system.

Max. 2
PART B
2. (a) PivotChart tool (1)
(b)  Time (½)

 Total/Quantity of sales (½)
Each employee can be a member of only 1 work area at any time.

(c) No employee can have a work area that is not in the WorkArea table. (1)
Each employee has to have a valid work area. (1)
A WorkArea can exist and be valid without having ANY employees. (1)
Max. (1)
(3)
PART C
3. (a)  Pert charts (½)

 Gant charts (½)
(b) – Determine information needs of MiSpares (Pty) Ltd. (1)

– To be members of the project development team. (1)
– To play an active role in designing system controls. (1)

(½)
(½)
– Make sure users understand the system
Max. 3
Page 2 of 5 pages
PART A
1. Control environment and security policy
ICT matters, indicating poor leadership over the company’s operations and (1)
internal control.
the company.
operational and financial strategy of the company, leading to possible operational
inefficiently and/or financial losses. (1)
control over the section won’t be exercised.

* the managing director and financial manager share user IDs and have super- (1)
user access to the system.
it authority and to assist in promoting a clear organizational structure within the (1)
company.
Explanation: This may result in unsuitable staff being employed (e.g. friends, (1)
family).
since he can make corrections to financial information. (1)
works.
Page 3 of 5 pages
3. Access Controls
3.1 Weakness: Granting of access to the managing director and financial manager
to all parts of the system through the use of a super-user ID i.e. failure to
implement the least privilege principle (insufficient logical access controls). (1)
Explanation: Allowing the managing director and financial manager full access:
* substantially increases the risk of unauthorized entry to the system / (1)
manipulation of data and
* leads to inadequate isolation of responsibility on the system. (1)

 not changed regularly enough (it is only changed once a year); (1)
 known by ICT staff (since it must be “verified” by ICT staff first); (1)
 not kept confidential (Sarah shares her password with her financial (1)
manager).
Explanation:
passwords that have been deliberately or accidentally distributed, being
used for unauthorized purposes. (1)
(ii) * Having passwords authorized by the computer section compromises the
basic (1)
requirement that passwords remain private and
* leads to the possibility of ICT staff using the access right to “masquerade” (1)
as
(iii) The same concern (passwords not kept confidential) arises with the
financial manager who has access to the managing director’s password. (1)
3.3 Weakness:
Explanation:
(i) Allowing employees to decide what access they should have (and not their
supervisors/the financial manager) undermines sound segregation of (1)
duties.
exactly who should have access to each part of the system without input
from the financial manager. (1)
Presentation (1)
Possible (29)
Max Part A (23)
Page 4 of 5 pages
PART B
Risks resulting from the relationship between Arctica (Pty) Ltd and PC Power (Pty) Ltd
1. Organisational structure access control
1.1 Weakness: The lack of independence (family relationship between the Winter
brothers) increases the chance of: (1)
Explanation:
(i) Collusion between the Winter brothers (increased fraud risk). (1)
(ii) Retaliatory reaction by Chilly should Wally Winter be disciplined/ (1)
dismissed.
(iii) The service provider not in fact being sufficiently competent to perform ICT (1)
services.
2.1 Weakness: Arctica (Pty) Ltd is very / overly dependent on PC Power (Pty) Ltd
since the latter: (½)
2.1.1 supplied and installed the hardware systems. (½)
2.1.2 supplied and service the application software. (½)
2.1.3 is responsible for all programme maintenance and development. (½)
Explanation: Should PC Power (Pty) Ltd go out of business (common among (1)
small computer companies) Arctica (Pty) Ltd may face great difficulties in
continuing their normal operations.
2.2 Weakness: No formal agreement of service exists between Arctica (Pty) Ltd and
PC Power (Pty) Ltd. (1)
Explanation: It will be unclear what the responsibilities of the service provider are
and when the latter can be held accountable for damages suffered (if no formal (1)
agreement).
3. Program changes
3.1 Weakness:
(i) Chilly Winter keeps himself busy by “experimenting with enhanced (1)
programme features” which he downloads from the internet.
(ii) Chilly is able to make unscheduled programme changes without specific (1)
authorization.
(iii) Chilly makes the changes without formal requests from users or (1)
management.
Explanation: Uncontrolled programme changes can result in the implementation

of:
3.1.1 Programmes which may not suit user requirements properly; (½)
3.1.2 Programmes which contain errors and bugs; (½)
3.1.3 Programmes which no-one knows how to use. (½)
3.1.4 Programmes which is unnecessary for which the company is charged. (½)
3.1.5 The risk of viruses, spyware and other illegal software being loaded onto
the system increases as Chilly makes elaborate use of internet downloads. (1)
3.2 Weakness: Programme changes are not made in a test environment first, but
directly on the live system. (1)
Explanation: Corruption or loss of information can result if programme changes

are not tested first on a test system. (1)
Presentation (1)
Possible (17)
Max Part B (14)
Page 5 of 5 pages
PART C
1. Sequentially numbered masterfile amendment forms (MAF’s) should be used to record

each amendment to the suppliers masterfile. (1)
2. Unused MAF’s should be subject to strict stationery control and responsibility for these
MAF’s should be isolated to Purco Purchases. (1)
3. MAF’s should be signed by Wally Winter to indicate authorization for amendments to the
suppliers masterfile. (1)
4. MAF’s should be cross-referenced to relevant documentation to provide evidence of

satisfactory investigation and negotiations by Purco Purchases, such as correspondence
with suppliers/ contracts signed/ quotes. (1)
5. Proper physical and logical access controls should be strictly applied to masterfile
amendments and logs of masterfile amendments so that only Dick Buy is allocated to (1)
capture MAF’s.
Additional controls: (1)
5.1 A specific terminal (Dick Buy’s) must be identified for the capture of MAF’s. (1)
5.2 Use should be made of unique user IDs and passwords.
6. All masterfile amendments should be automatically logged by the system, showing

information such as date, time, terminal, user ID, sequential MAF no’s and amendment (1)
details.
7. MAF logs should be reviewed by Joe Finance.

7.1 Only Joe Finance should have access to MAF logs, enforced through the use of
user IDs and passwords. (1)
7.2 Sequence of MAF logs and MAF’s should be complete (no missing or duplicate (1)
MAF’s).
7.3 He should reconcile the details on the log to the relevant MAF’s for accuracy and (1)
validity.
8. Programmed check should be carried out on data input by Dick Buy:

8.1 Alpha-numerical checks on supplier’s codes. (1)
8.2 Blank field checks for missing data. (1)
8.3 Range checks for discount terms and prices. (1)
Max (3)
9. Screen prompts
9.1 Careful design of MAF for new suppliers and changes to supplier’s details. (1)
9.2 Screen prompts for entry of information / Appropriate screen layout. (1)
Possible (16)
Max Part C (12)
PART D
1. General (½)
2. Application (½)
3. General (½)
4. General (½)
5. General (½)
6. Application (½)
Max Part D (3)

17 SEPTEMBER 2010

Mr G Penning
Ms C Fourie

possible.
ANSWER BOOK
1 35 45 Book A
2 35 45 Book B
70 90
Page 1 of 2 pages
You are a member of the audit team engaged with the 30 June 2010 audit of CelluGlove (Pty) Ltd, a
wholesale company distributing protective cell phone covers and related accessories. You are presently
evaluating the controls over the sales ordering system and have obtained the following information:
1) The company makes use of a fully computerized financial system. A secure server room houses a
mainframe computer, to which several user terminals are connected.
2) All sales are made to retail shops on credit and orders are taken over the telephone. CelluGlove
(Pty) Ltd employs 3 sales clerks for the purpose of taking orders, who answer the phones from
Mondays to Fridays during business hours only. Each clerk has his/her own dedicated terminal, but
all three terminals are located in a shared office.
3) When a customer phones in to place an order, the customer should first provide a debtor code to
the sales clerk. The clerk then enters the code into the system using the keyboard where after the
details of the order are input directly onto the sales ordering module of the financial system. Order
details include the product code and quantity ordered. In order to determine the availability of
inventory items before ordering, the sales ordering module is linked to the inventory masterfile.
4) The credit controller, Tom Yoda, is responsible for authorizing new debtor account applications. New
customers need to complete a pre-printed application form for this purpose. A thorough credit-check
is performed on the customer’s credit worthiness before the addition is processed to the masterfile.
He also sets credit limits within his delegated authority for each new debtor. Applicants are usually
loaded onto the masterfile within 24 hours of applying, after which they may start submitting orders
to CelluGlove (Pty) Ltd.
5) In the event that a debtor’s order will result in its credit limit being exceeded, Tom Yoda is called by
the order clerk to first authorize or deny the additional credit. Users have the ability to print exception
reports from the sales ordering module.
6) Vuyo Msila, the financial manager, is responsible for approving each day’s changes to the
pricelist-, debtors- and inventory masterfiles.
1) Describe the application controls that should be in place over the input of sales orders in the
revenue and receipts cycle of CelluGlove (Pty) Ltd, to ensure the validity, accuracy and
completeness of sales orders. You are to ignore controls over the addition of or changes to the
applicable masterfiles. Structure your answer as follows:
Validity (12)
Accuracy (6)
Completeness (3)
Presentation: (1)
2) Describe the controls that should be in place to ensure the validity, accuracy and completeness
of captured changes to the debtors masterfile of CelluGlove (Pty) Ltd. Do not deal with controls
over verifying the applicants’ creditworthiness or establishing the credit limit. (9)
3) Explain what is meant with the following two approaches which an auditor can adopt to assist in
the gathering of audit evidence:
3.1) Using computer assisted audit techniques (CAATS) to audit through the computer. (2)
3.2) Using CAATs to audit with the computer. (2)
Page 2 of 2 pages
You are the senior-in-charge at ABC Audit Inc. assigned to the audit of PE Flowers (Pty)
Ltd for the financial year ended 30 September 2010. You are currently busy planning the
audit of inventory and have obtained the following information to date:
1. This is a new client for the audit firm. The audit of PE Flowers (Pty) Ltd for the 2009
financial year was performed by XYZ Audit Inc.
2. PE Flowers (Pty) Ltd has a large warehouse in Brickmakerskloof, Port Elizabeth.
3. PE Flowers (Pty) Ltd sells fresh and fake flowers to the general public and retailers.
4. Fresh flowers and the fake flowers are stored in separate areas of the warehouse.
5. Fresh flowers must be sold within two days of receipt, thereafter they are thrown
away.
6. Fake flowers’ shelf life is for all practical purposes unlimited, but fake flowers also
become redundant due to normal product life cycles.
7. A perpetual inventory system is used to keep track of all fake flowers. As fresh
flowers are unsaleable after two days, no perpetual inventory record is kept for these
flowers.
8. The financial manager, G Flowers, informed you that:
8.1 The inventory count of the fake flowers will take place on 30 September 2010
from 17:00 to 22:00.
8.2 He has personally counted fake flowers on a surprise basis during the year. He
sometimes found big differences between actual count and the inventory
records. He requested that you explain how cycle counts should be conducted
and what physical controls should be implemented in respect of the warehouse.
8.3 PE Flowers (Pty) Ltd is considering implementing an internal audit function, but
he would like your input on the structure and functioning of this department if it
is to be of use to the external auditors.
(a) Describe the audit procedures that you will carry out to determine if reliance can be
placed on the inventory balance on 30 September 2009. (4)
(b) Advise the financial manager on the procedures to be adopted in conducting the
proposed cycle counts of inventory (as per number 8.2 above). (14)
(c) Write a memo to the financial manager to explain the physical controls that should
be in place at the warehouse to safeguard inventories. (6)
(d) Advise the financial manager on the criteria that will be considered by you relating to
the proposed internal audit department when deciding whether your firm will be able
to make use of their work. (11)
GENERAL AUDITING 3
RGO302/RGO352
TEST 2
17 SEPTEMBER 2010
SUGGESTED SOLUTION
Page 1 of 7 pages
Part 1: Application controls over input of sales orders
1. Validity
1.1 Physical access to the office in which the sales clerk’s terminal are located, should
be restricted to the sales clerks only. (1)
1.2 Logical access restriction should be in place by using access tables: only the order
clerk’s user ID’s (profiles) should have write access to the sales ordering application. (1)
1.3 Each clerk should have his/her own unique user I.D. and password. (1)
 at least 6 characters long, (½)
 be kept strictly confidential, (½)
(½)
 be changed regularly,
(½)
 consist of alphanumeric characters.
1.4 All activity on the Sales Ordering module should be logged by the computer system (1)
(for future follow-up).
1.5 On entry of the debtor code, the computer should search the debtors’ masterfile to
establish the existence of the account. (Valid code check). (1)
1.6 The clerk should then authenticate the customer by asking the customer to provide
pertinent details of his/her account. (1)
1.6.1 The clerk should then compare the answers provided by the customer to
the details contained in the debtors’ masterfile. (1)
1.7 The system should check the validity of the product codes against the inventory
masterfile. (Valid code check). (1)
1.8 The system should automatically price the products ordered based upon customer
and product price rules stored in the customer and product masterfiles. (1)
1.9 Before the order is finally approved the system should perform the following limit
tests:
1.9.1 Check that the quantity ordered is less than the quantity of inventory on
hand (stock availability check). (1)
If there is insufficient inventory on hand an error message should
appear and the clerk should inform the customer of the shortage. (1)
1.9.2 Check the credit availability after the current order.

If the limit is exceeded, or if there is a “hold/restriction” on the account,
the order should not be accepted. (1)
Credit overrides should be restricted to the credit controller’s ID and (1)
password.
 A reason code should be entered for each override. (1)
 All overrides should be printed on an audit trail, including the
“reason codes”, for regular review by the financial manager. (1)
1.10 The order clerks should only have read-only access to the pricelist and inventory (1)
masterfiles.
Available: (18)
Page 2 of 7 pages

2. Accuracy
2.1 There should be a range of input validation checks, e.g.:

2.1.1 Alphanumeric check on order quantity field (positive numbers only); (1)
2.1.2 Check digit on product and debtors code; (1)
2.1.3 Field size check on product and debtors code; (1)
2.1.4 Limit check on quantity field. (1)
2.2 The screen layout of the ordering module should facilitate the minimum keying in of
information, to reduce the probability of inaccurate data capturing. (1)
2.3 Use should be made of screen dialogues/prompts, e.g. error messages should be
displayed when errors are detected after performing the above-mentioned (1)
validation checks.
2.4 Once the order details have been captured, a “confirmation screen” should appear
containing pertinent details of the order as entered. (1)
2.4.1 The clerk should then read this information back to the customer in order to
confirm accuracy of the information provided. (1)
2.5 The financial manager (Vuyo Msila) should review the daily transactions listings,
test checking codes and prices to stock and price listings. (1)
Available: (9)
3. Completeness
3.1 The system should automatically generate a sequentially generated sales order
number for each order opened. (Minimum keying in of information). (1)
3.2 Programmed sequence checks should be carried out by the system e.g.
automatically prompting for the next order number in sequence when the input (1)
function is accessed.
3.3 Mandatory field checks by the system to contribute to completeness of information. (1)
(Note: the user will be warned if some fields have been left empty and will not be
allowed to continue until the fields have been completed).
3.4 Missing data checks should be in place to ensure that orders are not accepted until
all fields have been completed. (1)
3.5 A daily exception report of long outstanding orders in the “pending orders” file
should be generated by the system for review and follow-up by Tom Yoda. (1)
Available: (5)
Max Part 1: (21)

Presentation Part 1: (1)
Page 3 of 7 pages
Part 2: Validity, accuracy and completeness of changes to the debtors masterfile
1. 1.1 Masterfile additions should be recorded on pre-numbered masterfile amendment (1)

forms (MAF’s).
1.2 Unused MAF’s should be subject to strict stationery control and responsibility for
these MAF’s should be isolated to Tom Yoda or Vuyo Msila. (1)
1.3 MAF’s should be cross-referenced / attached to the relevant supporting

documentation relating to the addition required, i.e. application forms for all new (1)
debtors accounts.
1.4 MAF’s should be authorized by Tom Yoda prior to processing by signing the MAF (1)
after checking it to supporting documentation.
1.5 All masterfile amendments should be logged by the system automatically. (1)
1.6 All details captured into the masterfile application should be subject to
programmed edit checks for example:
 Range checks on the credit limit field. (1)
 Alpha numeric checks on the debtor’s code. (1)
 Other valid points. (1)
Max. (2)
1.7 Use should be made of screen formatting/ prompts at the input stage. (1)
1.8 Access to the masterfile amendment application should be restricted through the
use of user IDs and passwords so that: (1)
 A person independent from the debtors function captures MAF’s (1)
 Only Vuyo Msila has (read-only) access to MAF logs. (1)
1.9 MAF logs should be reviewed by Vuyo Msila and

 Reconciled to authorized MAF’s (1)
 Sequence checked to ensure that all MAF’s have been captured. (1)
1.10 The standing data contained in the masterfile should be reviewed by Vuyo Msila
on a regular basis to ensure that the data is up to date and relevant. (1)
Possible: (14)
Max: (9)
Page 4 of 7 pages
Part 3: CAATs definitions
1. Auditing through the computer
1.1 This approach is concerned with testing the computer system and controls which
are built into the system. (1)
1.2 This is achieved primarily by sending transactions (test data) through the system
to test controls supposedly in the system. (1)
1.3 Examples of techniques associated with this approach are commonly “test data”,
“integrated test facility” and “embedded audit facility”. (1)
Max: (2)
2. Auditing with the computer
2.1 There are two aspects to “auditing with the computer”:

2.1.1 Using the computer to assist in the performance of audit procedures
(mainly substantive testing). (1)
2.1.2 Using the computer to produce electronic/ automated workpapers, audit
programmes and financial statements. (1)
2.2 Using this approach for substantive testing, involves gaining access to a client’s
files and using software (programs which help the auditor to perform audit
procedures) to read, sort, compare, analyse etc, data on the file, quickly and (1)
extensively.
2.3 The idea behind using the computer to automate the audit is to make it a more
effective and efficient audit by harnessing the power of the computer. (1)
Max: (2)
Page 5 of 7 pages
a) 1. Assess the risk attached to the inventory opening balance. (1)
2. Consider the materiality of the inventory opening balance. (1)
3. Review the accounting policy for inventories and test for the correct application and
consistency of the policy. (1)
4. Agree the prior year inventory closing balance to the current year opening balance –
agree to prior year financial statements. (1)
5. Conduct audit procedures on inventory sheets prepared by PE Flowers (Pty) Ltd: (1)
- inspect inventory count sheets and agree with perpetual inventory records; (1)
- analytical procedures like comparing inventory for current year with previous (1)
year.
6. Contact the previous auditors and request them if you could review their working
papers relating to inventory at 30 September 2009. (1)
Max. (4)
b) 1. The timing of each cycle count must be planned at the start of the year, e.g. two
days every three weeks, or at the end of every third month. (1)
2. The items to be cycle counted must be identified. There are a number of ways in
which this selection can be done: (½)
2.1 random samples can be selected from the perpetual inventory records; (½)
2.2 items which are susceptible to theft or have some other identifying (½)
characteristics;
2.3 high value items can be selected; or (½)
2.4 the entire inventory population can be divided into sections so that all items
are counted at regular intervals during the year; (½)
2.5 a particular section of the warehouse may be chosen. (½)
3. Once it has been decided how cycle counts will be conducted, the cycle counts will
be conducted as follows:
3.1 Staff requirements – count teams should consist of two members, one
warehouse staff member and one staff member independent from the
warehouse. The count teams’ duties are: (1)
3.1.1 One member of the team counts and the other records. (1)
3.1.2 Clearly mark the inventory items counted. (1)
3.1.3 Identify any damaged and/or slow-moving inventory. (1)
3.2 A cycle count supervisor must be appointed for each cycle count, his duties (1)
are:
3.2.1 Ensure count areas are prepared for the cycle count. (1)
3.2.2 Issue inventory sheets to count teams. Teams to sign for the inventory (1)
sheets.
3.2.3 Inspect the count areas to ensure that all inventory was counted. (1)
3.2.4 Ensure that count teams follow cycle count instructions. (1)
3.2.5 Reconcile inventory sheets at the conclusion of the cycle count. (1)
3.3 Drafting a warehouse floorplan identifying count areas for each count team. (1)
3.4 Well designed numerically sequenced inventory sheets should be prepared for
each cycle count. (1)
4. The physical count quantity (actual) for each item counted must be compared to the
theoretical quantity on the perpetual inventory records and all count discrepancies
must be entered onto a sequenced inventory adjustment form. (1)
5. All discrepancies must be thoroughly investigated by the warehouse supervisor. (1)

5.1 The financial manager should review the forms and authorize the
adjustments by signing the form; (1)
5.3 inventory adjustment forms should be filed numerically and should be
sequenced checked regularly. (1)
6. The adjustment to the records should be made by a clerk who is independent of

inventory custody, receiving and issuing. (1)
Page 6 of 7 pages
7. The perpetual inventory records should be reviewed periodically by the financial

manager and adjustments to the records traced to the authorized inventory (1)
adjustment form.
8. An overall analysis of the discrepancies over a period should be conducted to

identify any trends e.g. frequent discrepancies in a particular section of the (1)
warehouse.
Available: (23)
Max: (14)
c) MEMO
TO: G FLOWERS FINANCIAL MANAGER – PE FLOWERS (PTY) LTD

FROM: A TRAINEE – ABC AUDIT INC
DATE: 17 September 2010
RE: PHYSICAL CONTROLS AT THE WAREHOUSE

(1)
Your request regarding what physical controls should be in place at the warehouse
refers.
Physical controls should be implemented over the warehouse:
1. The number of entry and exit points should be limited – this would make the
monitoring of these points a lot easier. (1)
2. Entry to and exit from the warehouse should be restricted to authorized personnel (1)
and this access should be controlled.
3. No other persons (other staff, customers and suppliers) should be allowed in the
warehouse. (1)
4. To control the entry and exit points to the warehouse, swipe cards could be given
to authorized personnel and entry is only granted upon swiping the authorized (1)
card.
5. The physical buildings should be secured, for example the number of windows
should be kept to a minimum, the warehouse should be locked overnight, electric
fencing could be put up around the warehouse etc. (1)
6. Surveillance cameras, CCTV etc. could be installed. The footage of these

cameras should be reviewed for any suspicious activity. (1)
Please contact me if you have any questions regarding the above.
Yours faithfully
A Trainee
ABC Audit Inc (1)
Available: (8)
Max. (6)
Page 7 of 7 pages
(d) 1. In order to place reliance on the internal audit work, the external auditor (½)
will consider the Objectivity of the internal audit function and
Organisational status
1.1 the status of the internal audit function, i.e. is the department accorded a
status or level of importance, which enables it, and its members, to be (1)
objective?
1.2 whether the internal audit function reports directly to those charged with
governance e.g. the audit committee, and not to a functional manager
such as the chief accountant. (1)
1.3 whether the internal audit function is free of conflicting responsibilities, e.g.
members of the department are not drawn into “everyday accounting
responsibilities and procedures”. (1)
1.4 whether there are restrictions placed on the function by management e.g.
denial of access to certain information. (1)
1.5 the extent to which management acts on the recommendations of the (1)
department.
2. Technical competence of the internal auditors (½)
2.1 The members of the department should be properly qualified as

professional internal auditors. (1)
2.2 The members of the department should have the relevant experience,
technical training and proficiency to do internal audit work at PE Flowers (1)
(Pty) Ltd.
2.3 Human resources policies for hiring and training the internal auditors
should be in place. (1)
3. Scope of the internal audit function (½)

3.1 To what extent does the scope of the work performed by internal audit
overlap with that of the external auditor. (1)
3.2 The department must have a well planned schedule of control evaluations,
compliance testing and similar activities. (1)
4. Due professional care (½)
4.1 Whether the activities of internal audit are properly planned, supervised,
reviewed and documented. (1)
4.2 The existence of adequate audit manuals, work programmes and internal
audit documentation. (1)
5. Communication (½)
5.1 Whether internal audit is free to communicate with the external auditor. (1)
5.2 Whether there are regular meetings between internal audit and external (1)
audit.
5.3 Whether external audit has access to internal audit reports and other (1)
documentation.
6. External auditor using the work of the internal auditors

6.1 The use of the internal audit department’s work will depend on the external
auditor’s assessment of the risk of material misstatement. (1)
6.2 The degree of subjectivity involved in the evaluation of the audit evidence
gathered by the internal auditors in support of the relevant assertions. (1)
6.3 The nature and scope of the specific work performed by the internal audit
department. (1)
Available: (20½)
Max. (11)

17 SEPTEMBER 2010

Mr G Penning
Ms C Fourie

possible.
ANSWER BOOK
1 35 45 Book A
2 35 45 Book B
70 90
Page 1 of 5 pages
PART A (27
Marks)
You are a member of the audit team engaged in the 30 June 2010 year-end audit of Cool Candles (Pty)
Ltd, a manufacturer and wholesaler of glow-in-the-dark candles and other wax products. The company
operates from a warehouse located in Port Elizabeth and serves the whole of South Africa. Both retail
stores and curio shops frequently submit orders to Cool Candles (Pty) Ltd due to consumer’s high demand
for the company’s products.
For its debtors function, the company employees an order clerk, a data capture clerk and a credit
controller. All staff reports to the company’s financial manager. All sales are on credit.
You are presently evaluating the controls over the sales system and have obtained the following
information:
1. Debtor applications are reviewed by the credit controller, who allocates a credit limit to each customer
after performing a thorough background check. After approval by the financial manager, the debtors
are loaded onto the debtors masterfile on the company’s computerized financial system. Existing
credit limits on the masterfile are reviewed by the credit controller on a daily basis and a list is printed
of those debtors who have exceeded their credit limits.
2. The pricelist masterfile is updated by the financial manager on a daily basis. The latest prices of
each product sold can be viewed by customers on the website of Cool Candles (Pty) Ltd, which is
automatically updated from the pricelist masterfile in real-time.
3. All debtors who have successfully applied as registered customers are provided with the ability to
download order forms from the company’s website. Order forms contain a list of all available types
of products (with corresponding product codes). To place an order, a customer must fill in the desired
product quantities and fax the order form to Cool Candles (Pty) Ltd. Since products are manufactured
based on quantities demanded, it is not necessary for the company to run a back-order system.
4. At the commencement of each business day, the order clerk collects the faxed orders from the fax
machine and stamps them as “Received”. The company receives on average about 70 orders per
day. After writing a sequential order number on the orders, the clerk makes a photocopy of each
order. (Note that the faxed sales order serves the purpose of an internal sales order as well). The
faxed copy is filed and the photocopy is batched. Review of orders takes place by the sales order
clerk and credit controller before batching.
5. Batches are sent to the data capture clerk by midday, who then captures all orders onto the sales
ordering module by means of a computer terminal in her office. Captured orders are initially written
to a transaction file on the system and are then automatically updated to the debtors masterfile at
midnight.
YOU ARE REQUIRED TO describe the application controls which you would expect to find in respect
of the input of sales orders onto the sales ordering module (refer points 3 to 5 above).
Note: You are to ignore controls relating to amendments and additions to the debtors-, inventory-
and pricelist masterfiles.
(26)
Presentation: (1)
Page 2 of 5 pages
QUESTION 1 continued
PART B (8 marks)
As part of your planning for the audit of accounts receivable of Cool Candles (Pty) Ltd, you have decided
to perform substantive audit procedures on the existence of trade debtors at 30 June 2010, by means of
a positive circularization on a sample of debtor accounts. The gross trade receivables balance in the
balance sheet at 30 June 2010 has been valued at R560 540, consisting of 243 debtors. The largest of
these debtors consist of retail chain stores, making up about 40% of the total monetary value of debtors.
Two types of debtors exist on the system, namely “chain stores” and “other customers”.
As you are knowledgeable in the use of “computer assisted audit techniques” (CAATS), you have
obtained permission from the management of Cool Candles (Pty) Ltd to extract its debtors age analysis
from the financial system for the purpose of your tests.
Data fields available on the debtor’s age analysis are:

 Debtor code
 Debtor name
 Type of debtor
 Address
 Outstanding balance split into ageing of balance (current, 30 days, 60 days, 90 days and over)
 Credit limit.
Debtor statements are printed on the 10th of each month and you have agreed with management that the
debtor statements for the 10th of July can be sent out with your confirmations.
YOU ARE REQUIRED TO describe how you would use your audit firm’s “generalised audit software” to
perform the year-end debtors circularization for the audit of Cool Candles (Pty) Ltd.
(8)
Page 3 of 5 pages
You are the senior-in-charge assigned to the audit of PE Agri Supplies (Pty) Ltd for the
financial year ended 30 September 2010 and you have obtained the following information
to date:
9. The inventory ranges from agricultural fertilizers to chemicals used in farming. A

perpetual inventory system is used to maintain records of all inventory movements.
10. The company has a large central warehouse in Port Elizabeth and two new
warehouses were opened since 1 January 2010.
11. The inventory value per warehouse is as follows:
30/9/2010 30/9/2009
LOCATION Estimate Actual
R R
Port Elizabeth 3 900 000 1 935 801

Kareedouw 500 000 -
Alice 50 000 -
R4 450 000 R1 935 801
12. During January 2010 it was decided to establish an internal audit department from
1 March 2010.
The company appointed Joe Farmer as the internal auditor of the company. He
reports to George Priest, the financial manager. Prior to his appointment as
internal auditor, Joe Farmer had been an administration clerk in the creditors
section. However, due to a restructuring of the creditors section his position had
become redundant, and his options were either to leave the company or accept the
newly created post of internal auditor. Although he has no formal training in
auditing, Joe Farmer is regarded as a competent and enthusiastic staff member who
could develop into a satisfactory internal auditor.
It has also been decided that, as internal auditor, Joe’s time would be optimally used
if he performs the duties of staff members in the accounting department who are
absent on annual or sick leave.
As a result of the newly created internal audit department, a final decision is yet to
be made on whether reliance can be placed on the work done by Joe Farmer.
Page 4 of 5 pages
13. In planning for this year’s inventory count the financial manager provided you with a
document on how the inventory count was performed for the 30 September 2009
year end.
TO: SENIOR-IN-CHARGE of PE AGRI SUPPLIES (PTY) LTD’S AUDIT

FROM: G PRIEST - FINANCIAL MANAGER
RE: INVENTORY COUNT PROCEDURES FOR THE YEAR ENDED
30 SEPTEMBER 2009.
DATE: 14 SEPTEMBER 2010
I don’t know if you are aware of the following:

- Last year’s inventory was kept in a single warehouse in Port Elizabeth;
- some inventory items are packaged in sealed boxes or cartons; and have an
expiry date printed on the side of the bag.
The procedures followed at the 2009 inventory count were as follows:
1. The count took place on the afternoons of 29 and 30 September 2009 (between 14:00
and 16:00) due to the availability of counting staff. This worked out well because we
could continue with business as usual in the mornings.
2. The inventory count was conducted by the warehouse employees who are usually
responsible for the picking of goods to fill orders. A week before the count, I had a
quick meeting with them to explain the areas that they were responsible for.
3. The accountant, Peter Makaba, printed numerically sequenced inventory sheets from
the perpetual inventory system. He was responsible for handing the sheets to the
counters and also receiving them back after the count. He made sure that all the
sheets were signed by the count team and were returned at the end of the count.
4. Peter then compared the quantities per the count sheets (as counted by the count
team) to the quantities per the perpetual inventory system. If a difference arose, he
sent a team to count the goods for a second time. Any remaining discrepancies were
captured onto an inventory adjustment form. Peter processed a journal entry for the
total value of these items to write off the inventory losses.
5. I was on leave at the time and therefore I could not attend the inventory count. I did
however review the inventory reconciliation and the journal related to the inventory
losses when I got back the next week. The losses amounted to R300,000 which was
quite significant in relation to the value of our closing inventory at that stage.
Kind regards.
G Priest
Page 5 of 5 pages
(a) Identify weaknesses in the inventory count procedures performed in the 2009
financial year and explain the consequences thereof to the financial manager.
Answer in tabular format as follows:
Weakness Consequence
(20)
(b) Explain fully with respect to the information provided whether reliance on the work of
the internal audit department would be justified for the 2010 external audit of PE Agri
Supplies (Pty) Ltd. (15)
AUDITING 3
RO302/RO352
TEST 2
17 SEPTEMBER 2010
SUGGESTED SOLUTION
Page 1 of 6 pages

PART A
PREPARATION OF SOURCE DOCUMENTS (SALES ORDERS)
1. Access to order forms on the company’s website should be strictly controlled through the
use of logical access controls, by providing each customer with a unique user ID and (1)
password.
2. All order forms available to customers on the company’s website should be in a standard (½)
format in order to support its authenticity. (validity)
2.1 The order forms downloaded by each debtor from the company’s website should be
pre-populated with the debtor’s code and name. (validity) (1)
2.2 Upon collection of the orders, the order clerk should ensure that the order is based
on an acceptable (valid) company order form. (validity) (1)
3. Prior to batching the orders, the sales order clerk should ensure that no debtors have
exceeded their credit limits by referring to the list of debtors who have exceeded their credit (1)
terms. (validity)
3.1 Any debtor appearing on this list should be referred to the credit controller. (½)
(validity)
4. In the event that there are any discrepancies on the order form with regards to product
codes and descriptions (i.e. manual changes made by customer), the debtor should be (1)
phoned for follow-up.
5. To isolate responsibility, the sales order clerk should sign each sales order before it is (1)
photocopied. (validity)
6. The credit controller should review each order and approve it through a signature on the
order (before being photocopied and batched). (validity) (1)
BATCHING OF SOURCE DOCUMENTS (SALES ORDERS)
7. The order clerk should batch the sales orders for the day by:
7.1 grouping the orders into workable batches of e.g., 35 each (½)
7.2 checking the sequence on the orders for completeness (½)
7.3 create (practical) control totals per batch, e.g. a record count and hash total, e.g.
total of items ordered. (completeness) (1)
7.4 completing a batch control form (batch control sheet) which reflects (½)
 a unique batch number, (½)
 the date of the orders, (½)
 batch control totals, (½)
 transaction type: sales orders, (½)
 signatures of preparer /reviewer. (½)
7.5 perform a test on the accuracy of manual sequence-numbering by subtracting the
total orders in the batch from the last order number allocated and comparing the
answer with the last order number of the previous day. (1)
8. All batches should be entered into a batch register which should accompany the batches
to the data capturer. (completeness) (1)
9. On receipt of the batch register and batches, the capturing clerk should check the
batches against the register and sign the register to acknowledge receipt. (1)
(completeness and accuracy)
Page 2 of 6 pages
CAPTURING OF BATCHED SOURCED DOCUMENTS (SALES ORDERS)
10. On commencing the keying in of batches, the capturing clerk should enter the details of
the batch from the batch control form, e.g. batch number, hash total (if applicable) and
record count, in order to create a batch header label. (completeness) (1)
11. Access to the function for keying in orders on the computerized financial system should
be: (validity)
11.1 restricted to the capture clerk’s terminal, by terminal identification and
authentication controls and (1)
11.2 to the capturer herself, by the use of user IDs and passwords. (write-access) (1)
11.3 Passwords should be:
 at least 6 characters long,
(½)
 be changed regularly, (½)
 consist of alphanumeric characters. (½)
12. To enhance the accuracy and completeness of data of the ISO, there should be a number
of screen aids in place:
12.1 minimum keying in of data e.g. the capturing clerk should not have to capture all of
the customer’s details or a description of the goods; the keying in of the customer’s
account number and product code should call up all related detail from the (2)
masterfile;
12.2 the screen should be formatted to look like a sales order; (1)
12.3 there should be screen dialogue and prompts; (1)
12.4 there should be mandatory fields, e.g. processing cannot continue unless a
customer order number is keyed in. (1)
13. To enhance accuracy, completeness and validity, there should be a range of programmed
checks:
13.1 validation of customer account number and product codes against the masterfiles; (1)
13.2 alphanumeric checks on, for example, the quantity field; (1)
13.3 missing data on customer order (can be detected by mandatory field check); (1)
13.4 sequence test on sales orders by batch (and to previous batch). (1)
14. After each batch has been keyed in, the computer will calculate the applicable control
totals from the ISOs entered and will compare them to the control totals on the batch
header label. Where the totals do not agree, the batch will be rejected for checking,
correction and re-entry. (accuracy and completeness)
(2)
Available: (32)
Max: (26)
Presentation: (1)
Page 3 of 6 pages

PART B
PERFORMANCE OF DEBTORS CIRCULARISATION BY USING GAS
1. On the 10th of July 2010, I would take control of all debtors’ statements immediately after
they have been printed and:
1.1 use generalized audit software (GAS) to extract a debtors listing/age analysis from
the debtors ledger. (1)
1.2 use GAS to cast the age analysis (in order to agree the total to the balance in the
debtors control account in the general ledger and trial balance). (1)
2. Using GAS, I would stratify debtors by: (1)

2.1 type of store (“chain” and “other”) (½)
2.2 ageing (½)
2.3 debtors in excess of their credit limits; and (½)
2.4 value (½)
3. I would then use GAS to select a representative sample of debtors for circularization,
taking into account the above stratification so as to ensure adequate coverage of: (1)
3.1 all chain stores and a smaller sample of “other customers”; (½)
3.2 long outstanding debts; (½)
3.4 larger balances, particularly those of the retail chain stores. (½)
4. For the sample selected for circulation, I would:

4.1 Use GAS mail merge facilities to print a letter to each debtor, requesting that the
debtor confirm his/her outstanding balance directly with my audit firm. (1)
5. GAS should then be used to record errors identified through the circularization and project
them over the entire population of debtors, to establish the extent of possible misstatement
of the overall debtors balance. (1)
Available: (10)
Max.: (8)
Page 4 of 6 pages
a)
Preparation and planning of the
count was not adequate
1. Having the count over two afternoons (1) Due to receiving and dispatch activities (1)
(with normal operations in the morning) taking place in the mornings, problems
is not sensible due to the movement of can be encountered with the count as
inventory. counters are unsure of whether items
should be included in the count
quantities or not (if delivered after the
cut-off) or whether the discrepancies
identified during the count relate to
actual sales that occurred after the
count sheets were printed etc.
2. Composition of the counting teams is (1) If pickers have been involved in (1)
inadequate (done by the pickers). misappropriating inventory they are now
Whilst knowledge of the product is in a position to hide any shortages by
important, counting should be done in having the perpetual inventory records
teams, one of whom should be amended (amendments were done
independent of the warehouse function. without authority or investigation).
Count instructions
3. No written instructions were prepared Count teams may forget some of the (1)
for the count, therefore the count teams instructions given to them especially if
might not know how to deal with: (1) taking into account the fact that the
 expired/damaged items identified meeting took place a week before the
during the count; (½) count.
 problems encountered during the
count and how these should be (½)
resolved.
The count itself was inadequately

conducted
4. Inventory was counted only once, no Errors in count totals not detected.
recount by another counter when a (1) Therefore there may be errors in the (1)
discrepancy identified. final quantities updated into the
accounting records and also the journal
related to the inventory losses.
5. There is no method of identifying (1) Inventory items may be (1)

inventory items which have been  double counted
counted, e.g. the sticker, tag or chalk  omitted from the inventory count.
system.
6. No identification and recording of (1) Errors in the value and quantities of (1)
expired or damaged inventory. stock in the accounting records if items
are not adjusted to the net realizable
value.
7. Peter – acting as the count controller – (1) There is no way of ensuring that all
did not walk through the warehouse inventory items on the floor have been (1)
once the count was complete. counted.
8. No procedures were conducted to (1) Items that were received after the cut- (1)
ensure that goods received or off time could have been included in the
dispatched during the count were count totals and vice versa, resulting in
properly accounted for. the overstatement of inventory and
profits.
9. The inventory count was inadequately (1) As the financial manager was on leave (1)
supervised. The financial manager there was nobody to ensure the
was unavailable during the inventory inventory count instructions were
count. followed, which could lead to an
inaccurate inventory count.
10. No test was performed by opening (1) Inventory quantities may be incorrect (1)
some of the boxed items to ensure that (because it might be based on
the content matched the description on description per the packaging).
the box.
Page 5 of 6 pages
11. Peter did not record the “cut-off” (1) Items that were received after the cut-off (1)
numbers of documents (particularly numbers could have been included in
important in view of the movement of the count totals and vice versa.
inventory during the count).
12. Peter captured the inventory losses (1) Incorrect items could be updated into the (1)
without authorization from an accounting r ecords, items written off
independent senior person e.g. the without authorization, items written off
financial manager. without investigating the reasons or
supporting documentation.
Possible: 25
Max. 19
Presentation 1
Page 6 of 6 pages
(b) 1. Objectivity, including organizational status (½)

1.1 Status of the internal audit function
 the department consist of a single individual whose qualification is
questionable for an internal auditor as his background is that of a (1)
creditors clerk.
 It is preferred that the internal audit department report directly to those
charged with governance, like the board of directors or the audit (1)
committee or somebody not linked to the financial function. (1)
 Joe Farmer reports to the financial manager, which is not
acceptable (1)
 The financial manager is likely to instruct Joe Farmer on exactly
what he must do (remember Joe Farmer is in effect a creditors (1)
clerk).
 The financial manager has the power to block/control any adverse (1)
findings by Joe Farmer.
 The internal auditor should be free of any conflicting interests (1)

- Joe Farmer assists with operational matters when staff is absent,
which is a conflict of interest
Scope of function (½)
1.2  An internal department should have its own terms of reference. (1)
- None of this appears to be present in this internal audit department (1)
 No indication of any risk assessment performed by the internal audit (1)
department.
Technical competence (½)
1.3 Joe Farmer does not have the necessary technical skill and competence
for us to rely on his work at this stage. (1)
 He has no formal training in or theoretical knowledge of auditing and (1)
 has no experience as an auditor of any kind. (1)
 Although regarded as competent (and enthusiastic) with regard to his
creditors responsibilities, this is no substitute for auditing knowledge
and the capability to carry out and understand routine or sophisticated (1)
audit techniques.
Due professional care (½)

1.4 Whilst there is nothing to suggest that Joe Farmer will be “careless” in his
work, his general lack of knowledge and experience is likely to result in
assignments which do not reflect the necessary level of due professional (1)
care in planning and execution.
Communication (½)
1.5 In order for the internal audit department to be of any value to the external
auditor the internal auditor should be able to freely communicate with the (1)
external auditor.
 As Joe Farmer is not properly qualified to be an internal auditor and
reports to the financial manager, it is highly unlikely that Joe Farmer (1)
will be able to freely communicate with the external auditor.
In Conclusion
1.6 It will not be possible to rely on the work of the internal audit department
as indicated in the discussion above. (1)
Available: (20½)
Max: (15)

3 SEPTEMBER 2011


Mr G Penning
Ms C Fourie
Mr L Feyt

possible.
ANSWER BOOK
1 35 45 Book A
2 35 45 Book B
70 90
Page 1 of 3 pages
PART A (13 Marks)
A friend of yours, Barney Bright (a mechanical engineer by qualification), has recently been
promoted to CEO of Steel Manufacturers CC.
Before his promotion, Barney was the CC’s production director. As production director he left
all systems development and financial/accounting matters to the experts. Now he has the
problem that he needs to oversee all departments and needs to have some knowledge of
systems development and financial/accounting matters. Barney’s predecessor has
commenced a process of upgrading the corporation’s information systems and Barney needs
to complete the process. Barney has requested your assistance regarding a number of matters.
YOU ARE REQUIRED TO explain to Barney in writing:
(a) The role of Accountants in a System Development Cycle. (3)
(b) The reasons why companies would change their Accounting Information Systems. (6)
(c) The differences between a “summary report” and a “control-break report”. (4)
PART B (12 Marks)
The accountant at Steel Manufacturers CC contacted you to assist him with the conversion of
salary data onto the new salaries application (currently salaries are done on a MS Excel
spreadsheet).
1) Describe the data conversion controls which should be put in place by Steel Manufactures
CC when converting the salaries data to the new salaries application to ensure that all data
captured is valid, accurate and complete. (4)
2) Identify and describe the conversion methods that are available when implementing a new
system. (8)
Page 2 of 3 pages
QUESTION 1 (CONTINUED)
PART C (10 Marks)
You are a manager at Acc Com Inc, a company that specialises in information solutions. The
company provides a comprehensive range of services for information systems for businesses.
You are currently reading a letter from the manager of Consumer Sales Distributors (Pty) Ltd,
which, inter alia, states the following:
“We have seen a steady decrease in sales during the past six months, and one of the reasons
identified is that our company’s communication systems are out of date. The staff in the sales
department indicated that they will leave unless the company implements a proper electronic
communication system, such as better emailing software, improved photocopying and
scanning devices and teleconferencing facilities.
I am prepared to install a proper electronic communication system, but would like to have
your comments on the following:
(a) What benefits can the company derive from an electronic communication system? (4)
(b) There is always a possibility that some of the employees in the other departments will
resist the introduction of an electronic communication system. Why would an employee
resist the introduction of an electronic communication system? (3)
(c) What steps could we take to alleviate the possible resistance in (b) above?” (3)
YOU ARE REQUIRED TO answer the questions as posed to you in the letter from Consumer
Sales Distributors (Pty) Ltd.
Page 3 of 3 pages
QUESTION 2 (35 MARKS : 45 MINUTES)
You are employed by a large accounting firm in its information and communication (ICT)
consulting department. The following concerns one of your clients.
Dairy Delights (Pty) Ltd is a company that distributes milk and other dairy products to retail
customers. The company’s management always took pride in the efficient way the business
operated, up until a few days ago when the company suffered a major setback. The company’s
managing director, Kate Perry, phoned you and provided the following information about the
event:
“Last Friday night I was called to the company’s head office and was dumbstruck at the mess I
saw. Earlier a passerby heard a loud crash and alerted the security guards. It would appear
that a water pipe connected to the geyser started leaking heavily onto the ceiling and at some
point the weight of the water became too much. A part of the ceiling fell onto a section of the
accounting office. Several of the bookkeeping clerk’s computers were drenched in the process.
The main computer server, which is situated on the floor in the accounting office, stood in a
puddle of water when I arrived, and the smell of burnt metal was in the air.
The electricity for the whole premises also went out, interrupting the computer server’s critical
month-end processing. Chaos ensued when the accounting staff arrived on the Saturday
morning for month-end procedures, as no-one knew what to do (except me!). I had my hands
full in giving out instructions. What’s worse is that the finance department didn’t perform monthly
backups and probably lost four weeks’ of financial data. A small ICT company who usually
provides Dairy Delights (Pty) Ltd with assistance in respect of its computer problems informed
us that they will not be able to assist us with such a hardware and data crisis, but will try to refer
us to a supplier that can.”
Upon your visit to Dairy Delights (Pty) Ltd early the next week, you were told by the receptionist
where the accounting office is located. Arriving at the room you found no-one there. You could
see the damage all around you. Apparently staff was in discussions on how to avoid “future
disasters.” A nearby clerk’s computer screen caught your attention and you saw it displaying a
“Debtor’s Profile Menu”. The clerk must have been busy updating the debtor’s masterfile, as
there was a stack of “Masterfile Amendment Forms” next to the keyboard.

a) Describe the general controls that Dairy Delights (Pty) Ltd should put in place in order to
minimize the impact and likelihood of recurrence of the risks evident from the information
provided above. Ignore controls relating to logical access and masterfile data. Structure
your recommendations as follows:
1. Physical security and physical access controls (5)
2. Disaster recovery controls (6)
3. Backup strategies (5)
Presentation (2)
b) Describe the controls you would expect to find at Dairy Delights (Pty), which would ensure
that changes to its debtors’ masterfile are valid, accurate and complete. (11)
Ignore controls relating to physical and logical access.
c) Briefly explain the terms “principle of least privilege” and “super-user access” in a
computerized environment. (3)
Distinguish between general controls and application controls in a business’s computerised

financial information system. (3)
GENERAL AUDITING 3
RGO302/RGO352
TEST 1
3 SEPTEMBER 2011
SUGGESTED SOLUTION
Page 1 of 4 pages
PART A
1. The Accountant’s role in the System Development Life Cycle.
a) Determine the corporation’s information needs. (1)

b) Be a member of the project development team. (1)
c) Play an active role in designing system controls. (1)
Total (3)
2. The reasons behind why companies would change their Accounting Information Systems.
 To respond to changes in user needs or business needs (1)
 To take advantage of or respond to technological changes (1)
 To accommodate improvements in their business process (1)
 To gain a competitive advantage and/or lower costs (1)
 To increase productivity (1)
 To accommodate growth (1)
 To accommodate downsizing or distribute decision making (1)
 To replace a system that is aged and unstable (1)
Total (8)
Max. (6)
3. The differences between a summary report and a control-break report.

a) Summary reports:
(i) Show only subtotals and totals. (1)
(ii) Useful for upper-level managers who do not require extensive detail. (1)
b) Control-break reports:
(i) Use a control field (1)
(ii) Must be sorted on the control field. (1)
(iii) A control break occurs when the control field value changes. (1)
Total (5)
Max. (4)
PART B
1. 1.1 The conversion should be considered as a project in its own right. (1)
1.2 Data to be converted must be thoroughly checked and discrepancies resolved prior
to conversion. (1)
1.3 Controls over preparation and entry of data onto the system should include the use
of a data control group to:
 Perform file comparisons between old and new files and resolve
(1)
discrepancies
(1)
 Reconcile from original to new files using record counts and control totals
 Follow up exception reports of any problems identified through the use of (1)
programmed checks e.g. limit checks.
2. Conversion Methods
2.1 Direct conversion (1)
Immediate shutdown of the old system on the implementation of the new system. (1)
2.2 Parallel conversion (1)
Parallel processing of the old and new system for a limited period. (1)
2.3 Phase-in conversion (1)
Phase-in of different aspect of the new system over a period of time. (1)
Once new system works, close down the old system. (1)
2.4 Pilot conversion (1)
Implements a system in just one part of the organization. (1)
When that part works, it is implemented in all sections. (1)
Available (10)
Max. (8)
Page 2 of 4 pages
SUGGESTED SOLUTION OF QUESTION 1 CONTINUED
PART C
a. The benefits that companies and their employees can receive from electronic
communication include:
 A greater optimization of organizational resources. This will increase productivity,
thereby increasing profitability. (1)
 More timely information for management decision making.
(1)
 Easier and quicker access to corporate data. (1)
 More technological advancements. This will sustain or increase the organization’s
competitive status. (1)
 Standardized procedures and operations. Once a program is established
computers will repeat the same logical procedures. (1)
Total (5)
Max. (4)
b. An employee might resist the introduction of an electronic communication system due to:
 General resistance to change. This may include the fear that they will be replaced
by a machine and lose their employment. (1)
 A general lack of knowledge of what the system is and how it will help the employee
on the job. (1)
 Embarrassment of not knowing how to use the system. (1)
Total (3)

c. The steps an organization can take to alleviate employees’ resistance to electronic
communication include:
 Communication of information as to why the system is being implemented and how it
will affect each employee’s job. The intent should be to reinforce job security.
(1)
 Education and training of employees on how to use the system by providing system
manuals and designated user support. (1)
 Giving employees the opportunity to make suggestions for improving the system. (1)
Total (3)
Page 3 of 4 pages

QUESTION 2
a) General controls
1. Physical security and physical access controls

The physical security of hardware and financial data of Dairy Delights (Pty) Ltd, for the
purpose of business continuity, is insufficient. The following controls should be
implemented:
1.1 Physical location:

1.1.1 Computer facilities (especially the server) should not be situated below obvious
water hazards such as geysers and piping, but at sufficient distance away (1)
therefrom.
1.1.2 The facilities should be located within a secure area within a building, preferably a
room with no outside wall or windows. (1)
1.1.3 The facilities should further not be situated on ground level or low lying areas in
order to minimize the risk of flooding. (1)
1.2 The physical environment is currently inadequate within Dairy Delights (Pty) Ltd. The
following physical access controls should be implemented:
1.2.1 Security or authorized staff members should accompany all authorized visitors to
the computer facilities after confirming the reason for their visit. (1)
1.2.2 The area leading to the computer facilities and accounting offices should be made
secure through the use of lockable doors or security key pads etc. (1)
Total: (7)
Max: (5)
2. Disaster recovery controls
2.1 The existence of a disaster recovery plan, in writing, would have enabled the company to
minimize disruption to its business activities. Such a plan would need to have the (1)
following characteristics. The plan should:
2.1.1 list the procedures to be carried out by each employee in the event of a disaster. (1)
2.1.2 be widely available to all staff to prevent frantic searching. (1)
2.1.3 address priorities, i.e. what procedures to perform first after disaster has struck. (1)
2.1.4 be tested in disaster recovery based thereon practiced (1)
2.1.5 detail alternative processing arrangements agreed upon, e.g. using service
providers to assist with recovery. (1)
2.2 Dairy Delights (Pty) Ltd should make use of an ICT service provider who is capable of
and has the necessary resources to service the company in case of any eventuality that
may befall its computerized environment. (1)
2.2.1 The company should further put in place official arrangements with a provider as
to the provider’s responsibilities and availability in the event of unforeseen (1)
circumstances, such as through a formal service level agreement.
2.3 It would further appear that there were no backup electricity generators. The company
should install uninterrupted /dual power supplies to enable processing to continue in the
event of a power outage. (1)
Total: (9)
Max: (6)
3. Backup strategies
3.1 The company only performs backups on a monthly basis. The following backup strategies
should be implemented by Dairy Delights (Pty) Ltd going forward:
3.1.1 Backups of masterdata should be made more regularly, such as daily or weekly. (1)
3.1.2 At least three generations of backups should be maintained of each set of data. (1)
3.1.3 The most recently backed up information should be stored off site. (1)
Page 4 of 4 pages
QUESTION 2 SUGGESTED SOLUTION CONTINUED
3.1.4 All back up data should be maintained in a fireproof safe and be stored away
from the computer facilities. (1)
3.1.5 Critical data and programs can be copied in real time to a “mirror site” server, in
order to continue processing on the unaffected server in the event of a disaster. (1)
3.1.6 Copies of all user and operations documentation should be kept off-site. (1)
Total: (6)
Max: (5)
Presentation: (2)
b) Controls over masterfile amendments
1.1 The “Masterfile Amendment Forms” (MAFs) used by the company should be pre-
numbered. (1)
1.2 Unused MAFs should be subject to strict stationery control and responsibility for
these MAFs should be isolated to specific persons within the accounting function. (1)
1.3 MAFs should be cross-referenced / attached to the relevant supporting
documentation relating to the change required, e.g. application forms for all new (1)
debtors accounts.
1.4 The task of capturing MAF’s onto the system should be allocated to a specific
administration clerk to enhance validity of changes and isolate responsibility. (1)
1.5 MAFs should be authorized by a senior accounting official prior to processing,
through a signature on the MAFs form after the person checked it to the above
supporting documentation. (1)
Range checks on the credit limit field. (1)
Alpha numeric checks on the debtor’s code. (1)
Other valid points. (1)
Max. (2)
1.9 To limit errors, only information to be changed should be captured (minimum
keying in of information) i.e. by entering the debtors number and all related (1)
standing documentation.
1.10 MAF logs should be reviewed by a senior accounting official and
Reconciled to authorized MAF Request Forms (1)
Sequence checked to ensure that all MAF forms have been captured. (1)
1.11 The standing data contained in the masterfile should be reviewed by a senior
accounting official on a regular basis to ensure that the data is up to date and (1)
relevant.
Possible: (13)
Max: (11)
c) The principle of least privilege is that users should be given access to only those (1)
aspects of
the computer system which are necessary for the proper performance of their duties.
 On the most basic level, an employee who does not need access to the computer
system to perform his function, should not be given any access at all. (1)
A person who has “super user privileges” has virtually unlimited powers to access and
change, sometimes without trace, all programs and data, bypassing normal access
controls. (1)
Thus this person has the power to act fraudulently, destruct data, etc.
Total: (3)
d) General Controls are those controls which:
 establish an overall framework of control over computer activities and which (1)
 should be in place before any processing of transactions gets underway i.e.
independent of processing. (1)
Application controls are controls over:
 input, processing and output of financial information relating to a specific application
e.g. within the payroll cycle (1)
 controls to ensure the information is valid, accurate and complete e.g. the
authorization of a purchase order. (1)
Possible: (4)
Total: (3)

3 SEPTEMBER 2011

Mr G Penning
Ms C Fourie
Mr L Feyt

possible.
ANSWER BOOK
1 35 45 Book A
2 35 45 Book B
70 90
Page 1 of 2 pages
You are a manager at Comp Dec CC, a corporation that provides a range of information
technology services.
The management accountant of one of your newly acquired clients has contacted you to assist
him by explaining and providing reasons for the need to constantly improve information systems
at his company. He specifically requested that you provide answers to the following:
(a) Explain why you would survey his company’s existing systems during a systems study.
(5)
(b) Describe the general activities and techniques that are commonly used during a systems
analysis. (15)
(c) List and describe the activities that are commonly used during the systems
implementation phase. Please do not provide information on systems conversion
(including conversion approaches) and post implementation review as I have already
obtained details of these controls. (15)
Page 2 of 2 pages
consulting department. The following information concerns one of your clients.
event:
saw. Earlier a passer-by heard a loud crash and alerted the security guards. It would appear
full in giving out instructions. What’s worse is that the finance department didn’t perform its
monthly backups and have probably lost four weeks’ of financial data.
Because of a cost savings drive the company undertook recently, Dairy Delights (Pty) Ltd had
to dismiss its ICT staff and are still in the process of searching for an external ICT service
provider. There was also a cut-back on insurance cover for ICT equipment as the company
never had any claims before and no-one foresaw this event at all.”
d) Describe the general controls that Dairy Delights (Pty) Ltd should put in place in order to
provided above. Ignore controls relating to logical access and controls over masterfile data.
(20)
Presentation (1)
e) Describe the controls you would expect to find at Dairy Delights (Pty), which would ensure that
changes to its debtors’ masterfile are valid, accurate and complete. Ignore any controls relating
to physical and logical access. (12)
f) Briefly explain the term “principle of least privilege” in a computerized environment. (2)
AUDITING 3
RO302/RO352
TEST 1
3 SEPTEMBER 2011
SUGGESTED SOLUTION
Page 1 of 4 pages
a. The purposes and reasons for analyzing an organization’s existing system include:
 To gain an understanding of the existing system and how it functions. (1)
 To determine the constraints of the current system (1)
 To assess the strengths and weaknesses of the existing system and to identify
problems (1)
that need to be resolved.
 To provide a source for design ideas for the new system and to identify the (1)
resources (1)
which are available.
 To provide information about the information needs of the users.
Max. (5)
b. General activities and techniques which are commonly used during systems analysis
include:
Initial Investigation (1)
 Verify the nature of the problem and the needs of the users. (1)
 Gather the information needed to evaluate the feasibility of the request. (1)
Systems Survey (1)
 Study and review the existing organizational structure to determine how it (1)
functions.
 Review and collect internal documents and reports to determine design, content,
use, frequency of preparation etc. (1)
 Develop and use questionnaire forms to determine processing frequencies,
input/output volumes, and other information useful to the systems study. (1)
 Conduct personal interviews with operating personnel to confirm and expand
upon data gathered from the questionnaire. (1)
 Develop flowcharts and data flow diagrams to document the existing system. (1)
 Study external sources of data which include companies who have developed or
who market similar systems, consultants specializing in such systems, customers,
industry trade associations, and government agencies. (1)
 Observe activities of the system to determine how the system actually works,
rather than what people or the documentation say should be done. (1)
Feasibility Study (1)
 Conduct a study to determine whether or not to continue with the project. (1)
Information Needs and System Requirements (1)
 Define and document the information needs of the users. (1)
 Define and document the requirements of the new system. (1)
Systems Analysis Report (1)
 Summarizes and documents the findings of the analysis activities. (1)
Possible (18)
Max. (15)
c.
1. Implementation planning consist of
1.1 List of implementation tasks to be completed. (1)
1.2 List of specific staff that is responsible for each section of the tasks in 1.1 (1)
above.
1.3 Expected completion date for each task. (1)
1.4 A detailed budget for the implementation detailing each task. (1)
1.5 Identification of risk areas of the implementation plan. (1)
1.6 Prepare a new organizational chart. (1)
2. Site Preparation (1)

2.1 Physical preparation of offices where equipment will be placed. (1)
2.2 Security measures (1)
2.3 Electricity supply (1)
3. Select and Train Personnel (1)

3.1 Determine the additional employees (including skills levels) that need to be (1)
employed.
3.2 Determine training needs of current staff. (1)
3.3 User procedure manuals updated and clearly defined job descriptions. (1)
Page 2 of 4 pages
SUGGESTED SOLUTION TO QUESTION 1 (CONTINUED)
4. Complete Documentation (1)

Three types of documentation must be prepared for new systems:
4.1 Development documentation describes the new system. It includes a system
description, copies of output, input, and file and database layouts; programme
flowcharts; test results; and user acceptance forms. (1)
4.2 Operations documentation includes operating schedules; files and databases
accessed; and equipment, security, and file-retention requirements. (1)
4.3 User documentation teaches users how to operate the system. It includes a
procedures manual and training materials. (1)
5. Test the System (1)
5.1 Program tests and string tests (walk-throughs) are step-by-step reviews of
procedures or program logic. The development team and system users attend (1)
walk-throughs early in system design. The focus is on the input, files, outputs,
and data flows of the organization. Subsequent walk-throughs, attended by
programmers, address logical and structural aspects of programme code.
5.2 Processing test transactions (systems test) determines if a program operates
as designed. Valid and erroneous data are processed to determine if
transactions are handled properly and errors are detected and dealt with
appropriately. To evaluate test results, the correct system response for each
tests transaction must be specified in advance. (1)
5.3 User acceptance tests use copies of real transactions and files rather than
hypothetical ones. Users develop the acceptance criteria and make the final
decision whether to accept the system. (1)
Available (22)
Max. (15)
Page 3 of 4 pages
QUESTION 2 SUGGESTED SOLUTION TO QUESTION 2
a) General controls
purpose of business continuity, is insufficient. The following controls should be
implemented:

1.1.1 Computer facilities (especially the server) should not be situated below obvious
water hazards such as geysers and piping, but at sufficient distance away (1)
therefrom.
1.1.2 The facilities should be located within a secure area within the building,
preferably a room with no outside wall or windows. (1)
1.1.3 The facilities should further not be situated on ground level or low lying areas in
order to minimize the risk of flooding. (1)
1.2 The physical security environment is currently inadequate within Dairy Delights (Pty)
Ltd. The following physical access controls should be implemented:
1.2.1 Security or authorized staff members should accompany all authorized visitors
to the computer facilities after confirming the reason for their visit. (1)
1.2.2 The area leading to the computer facilities and accounting offices should be
made secure through the use of lockable doors or security key pads etc. (1)
2.1 The existence of a disaster recovery plan, in writing, would have enabled the company
to minimize disruption to its business activities. Such a plan would need to have the (1)
following characteristics. The plan should:
2.1.5 detail alternative processing arrangements agreed upon, e.g. using service
providers to assist with recovery. (1)
2.2 Responsibility for disaster recovery should not fall onto only one person (Kate Perry). All
staff should be trained in the execution thereof and be aware of the course of action to (1)
take.
2.3 Dairy Delights (Pty) Ltd did not have a service arrangement with a computer and
network service provider yet.
2.3.1 The company should as soon as possible appoint a service provider who can
service its computer and networking facilities and be contacted in the event of
ICT-related operational failures. (1)
2.4 It would further appear that there were no backup electricity facilities. The company
should install uninterrupted /dual power supplies to enable processing to continue in the
event of a power outage. (1)
2.5 The fact that the company never had to make use of its insurance thus far is not
sufficient grounds for cutting back thereon. Proper insurance needs to be re-established
over ICT equipment as soon as possible. (1)
3.1 The company only performs backups on a monthly basis. The following backup
strategies should be implemented by Dairy Delights (Pty) Ltd going forward:
3.1.4 All back up data should be maintained in a fireproof safe and be stored away
from the computer facilities. (1)
Page 4 of 4 pages
3.1.5 Critical data and programs can be copied in real time to a “mirror site” server, in
order to continue processing on the unaffected server in the event of a disaster. (1)
4. Control environment
4.1 The company’s management should portray an operating style to its staff which
communicates and enforces the importance of good controls. (1)
(From the matters described by Kate Perry (e.g. little security over the computer server,
inadequate insurance) , this control measure does not currently seem to be in place).
4.1.1 Management should lead by example as their attitudes, control awareness and
actions will set the tone for all other staff to follow. (1)
4.2 Although relying on an external service provider for ICT is acceptable, there should still
be an ICT steering committee made up of knowledgeable persons who report to the
board of directors on ICT-related matters. (1)
Possible: (24)
Max: (20)
Presentation (1)

numbered. (1)
1.2 Unused MAFs should be subject to strict stationery control and responsibility for
these MAFs should be isolated to specific persons within the accounting function. (1)
1.3 MAFs should be cross-referenced / attached to the relevant supporting
documentation relating to the change required, e.g. application forms for all new (1)
debtors accounts.
1.5 MAFs should be authorized by a senior accounting official prior to processing,
through a signature on the MAFs form after the person checked it to the above
supporting documentation. (1)
Range checks on the credit limit field. (1)
Alpha numeric checks on the debtor’s code. (1)
Other valid points. (1)
Max. (2)
1.9 To limit errors, only information to be changed should be captured (minimum
keying in of information) i.e. by entering the debtors’ number and all related
standing data appear. (1)
Reconciled to authorized Masterfile Amendment Forms; (1)
Sequence checked to ensure that all MAF forms have been captured. (1)
accounting official on a regular basis to ensure that the data is up to date and (1)
relevant.
Possible: (13)
Max: (12)
c) The principle of least privilege is that users should be given access to only those (1)
aspects of
On the most basic level, an employee who does not need access to the computer
system to
perform his function, should not be given any access at all. Where an employee (1)
needs only to read a file, she should be given “read only” privileges not “read/write
privileges”
Total: (2)

14 OCTOBER 2011

Mr G Penning
Ms C Fourie

possible.
acceptable written language will be considered by the examiners. Marks for presentation have
been allocated for this very reason.
ANSWER BOOK
MARKS MINUTES
QUESTION 1 25 32 Book A
QUESTION 2 20 26 Book B
QUESTION 3 25 32 Book C
70 90
Page 1 of 5 pages
You are an internal auditor employed by WoolMart Ltd, a large retailer of clothing apparel. As part
of WoolMart Ltd’s corporate social responsibility program, it has recently started a project called
“The Clothing Factory”. The project aims to stimulate entrepreneurship whereby small business
owners (“merchants”) can buy apparel from The Clothing Factory at wholesale prices for distribution
to retail
customers.
You have been tasked with the responsibility to establish the internal controls in the Revenue and
Receipts cycle of The Clothing Factory. The following system has been proposed:
1. Business owners wishing to register as merchants with The Clothing Factory must complete an
application form in the presence of a project representative trained in the National Credit Act
and in dealing with start-up and small business owners. Background checks are performed to
establish the legitimacy of a merchant’s business intentions. If successful, a merchant is issued
with a store card containing his/her personal and business details.
2. Merchants are allowed to purchase clothing apparel only in store, from one of The Clothing
Factory’s depots. Items are selected by the merchant from the warehouse floor and then taken
to a special holding area first. The store man at the holding area issues the merchant with a
warehouse slip, indicating all items selected. The items are retained in the holding area and not
issued until the merchant returns with an invoice and corresponding receipt. To obtain an
invoice, the merchant must proceed to a sales clerk who will issue the invoice.
3. The sales clerk calls up the merchant’s details from the company’s fully computerized financial
system on screen. Using the warehouse slip, the clerk then enters all items selected by the
merchant onto the sales invoicing module of the system, where after a customer invoice is
generated.
4. Merchants must proceed with their invoice to a cashier for payment. Merchants can choose
whether they want to pay for all items in full for immediate collection from the warehouse or pay
a 50% deposit for collection within 30 days. The latter allows for the reservation of items for
which merchants typically do not have immediate storage space at their own stalls or premises.
5. Should a merchant choose to only pay a 50% deposit for future collection of invoiced items, an
“Item reservation” (IR) document and a receipt for the payment of the deposit is generated by
the cashier. When the merchant returns to The Clothing Factory for subsequent collection of the
items, the balance of the outstanding amount first needs to be paid before the reserved items
can be removed from the warehouse.
6. No back-order facility exists due to the nature of the project.
YOU ARE REQUIRED TO describe the controls that should be implemented in The Clothing
Factory project to ensure the following objectives are met:
a) Invoice details captured onto the computerized system by the sales clerk are valid, accurate
and complete. (20)
b) Clothing apparel subject to “item reservation” are appropriately identified and issued to
merchants. Do not deal with physical access controls to the holding area or warehouse.
(4)
Presentation: (1)
Page 2 of 5 pages
QUESTION 2 (20 MARKS: 26

MINUTES)
You are the senior in charge of the audit of Famous Toys (Pty) Ltd. The company’s financial year
is on 31 October 2011. The company is required by its Memorandum of Incorporation to have its
financial statements audited. You are currently busy planning the audit for the inventory and
production cycle.
You have obtained the following information regarding inventory:
1. Famous Toys (Pty) Ltd has a large warehouse.
2. All toys are stored in boxes which are arranged in parallel rows. All the boxes are sealed with
the label visible which contains details of the manufacturer and type of toy.
3. The company accounts for inventory on a periodic basis.
4. Christa Maxima, the warehouse manager, has a staff of five warehouse clerks reporting to her.
5. During September 2011 all inventory in the warehouse had to be moved due to the installation
and testing of a new fire extinguisher sprinkler system. Unfortunately when the inventory was
put back on the shelves, many boxes were returned to the incorrect sections.
6. The previous senior in charge of the audit informed you that a properly organised and
conducted inventory count should be completed in about eight hours and that the “tag system”
is not necessary or recommended.
7. The financial director has instructed that no orders be despatched on the day of the inventory
count, but that all deliveries from suppliers be accepted.
You have also received the following internal memorandum from the client’s financial manager, John
Player, regarding the inventory count to be conducted, for your comment.
MEMORANDUM
To: All staff involved in the inventory count

From: John Player - Financial Manager
Date: 10 October 2011
Subject: Inventory count
1. The inventory count will take place on Monday 31 October 2011 from 08:00 to 17:00.
2. Miss A Leslie, the Accountant, will be in charge of the inventory count. Chris Maxima, the
warehouse manager, will be available to assist the inventory counters during the count.
3. The following staff members from the accounting department should count the inventory
in the identified section of the warehouse:
Toy Smal North store

Jack Legos West store
Ray Macano South store
Mila Dolls East store
Page 3 of 5 pages
4. Christa Maxima, please do not forget to record last document numbers for all source
documents (including goods received notes, invoice and delivery notes) on Monday 31
October 2011 before the count commences.
5. Iris Crusher, (the financial director’s secretary) will you please order four examination
pads from stationery to use as inventory sheets. Also purchase some carbon paper so
that we can give the auditors a copy of the inventory sheets once the count is complete.
6. Will those responsible for counting inventory (see 3 above) do so in the following
manner:
6.1 Write down the details from the labels on the box and the quantity of identical
boxes.
6.2 Sign your inventory sheets on completion of the count.
6.3 All inventories should be counted twice. One member of a team counts and the
other records, swopping roles thereafter and performing a second count in the
same section to which they were assigned.
6.4 As boxes are counted they should be neatly marked by the counters. Second
counters should use a different coloured marker.
I know that the warehouse is still in a bit of a mess due to the installation of the new
sprinkler system, but the inventory is roughly in its correct location by style category.
Just move through your section systematically when you are counting.
This memorandum will be my last official communication concerning the inventory count but if
you wish to discuss any aspect of the count, please contact me.
Signed:
John Player
Write a letter to John Player detailing those additional control procedures which should be
addressed in the inventory count instructions to ensure a successful inventory count. (20)
Page 4 of 5 pages

MINUTES)
You are the senior in charge of the audit of Food Distributors (Pty) Ltd for the year ending 30
November 2011. The audit manager has requested you to document the payroll system as the
salaries expense has been steadily increasing during the 2011 financial year, but management
cannot explain why.
You have documented the following payroll system from your discussions with the client’s
management and staff:
1. The company has three divisions, namely, buying, sales and financial administration. In total,
about 250 staff are employed.
1.1 Each division has a manager which reports directly to the CEO, Bo Kamula.
1.2 Authority for appointments and dismissals and remuneration packages rests with the
manager of each division.
1.3 Each division has a secretary who reports directly to the divisional manager. The
secretaries maintain the personnel records for their division and advise Joe Masters,
the salary administrator, of any changes (new employees, dismissals, incentives,
bonuses and salary increases) which effect the monthly salaries, using the division’s,
unnumbered internal memos.
2. Computerised payroll records are maintained using a reliable purchased software package
which Food Distributors (Pty) Ltd has operated successfully for a number of years. Joe
Masters is responsible for producing the monthly payroll report. Every month, Joe Masters or
one of his clerks, enters the necessary amendments per the memorandums received from the
division secretaries, prior to processing the payroll for the month. The resulting monthly
payroll report details:
 Each employee’s gross salary, deductions and net salary;
 Monthly totals of gross salaries, deductions and net salaries; and
 Cumulative year-to-date totals of gross salaries, deductions and net salaries.
Joe Masters is concerned that his clerks are not performing the task of processing payroll
amendments conscientiously enough as it is rare for a month to go by without someone raising
a payroll query that ends up relating to errors or omissions in the processing of recent payroll
amendments. Unfortunately, he has not, as yet, managed to pinpoint the clerk or clerks who
are at fault, as they all claim not to remember having personally processed the amendments
he has queried.
Joe Masters prints every month only one copy of the payroll (he is the only person that is
allowed to print the payroll and the application profile has been set up that he is the only person
that can print a payroll from his terminal).
3. The monthly payroll is handed to Clare Mini, the cash book clerk.
3.1 Clare Mini loads all the payments to staff and other parties onto the Electronic Funds
Transfer (EFT) payments system (like SARS, Medical Aid and Pension Fund). Once
she has loaded all the EFT’s she prints an EFT list of all payments to be made, and
compares it to the monthly payroll and signs as having done the test.
3.2 Clare Mini requests Joe Masters to be first approver to authorize the EFT’s. Before Joe
Masters authorises the EFT’s on the only designated terminal for payroll payments, he
compares the EFT list to the monthly payroll and signs the list as having done so.
Page 5 of 5 pages
3.3 Finally, Bo Kamula, the CEO, approves the EFT’s for payment by also comparing the
EFT list to the monthly payroll and signing the list. Once satisfied that all the EFT’s
agree to the monthly payroll, Bo Kamula releases the EFT’s for payment.
3.4 All the necessary logical access controls are in place for EFT’s and operate effectively.
3.5 Sound controls are in place over the preparation, loading and execution of EFT’s and
operate effectively.
4. Joe Masters prints all the salary slips for each employee and the employees sign a monthly
salary slip register as having received the salary slip.
5. Every month Joe Masters transfers the exact amount of the payroll to a separate salaries
bank account. Joe Masters reconciles the salaries bank account every month.
YOU ARE REQUIRED TO identify the weaknesses in the salaries system of Food Distributors
(Pty) Ltd and recommend appropriate improvements.
AUDITING 3
RO302/RO352
TEST 2
14 OCTOBER 2011
SUGGESTED SOLUTION
Page 1 of 7 pages
a) Invoicing application controls
Validity
1. At the entrance of each depot, security guards should ensure that only persons with
store cards are provided access to the warehouse. (1)
2. Access to the computer terminals from which invoices are generated should be
accessible only to the sales clerks responsible for invoicing, e.g. in secured cubicles to
which customers do not have unrestrained access. (1)
3. Access to the sales invoicing module should be restricted to only sales clerks, through
the use of usernames and passwords. (1)
3.1 Sound password controls should be in place, e.g. minimum six digits,
alphanumeric, changed regularly, kept confidential, user logged-out if incorrectly
entered 3 times, logs of access violations monitored, etc. (½ per valid example (2)
– max 2)
Max physical and logical access controls: (5)
4. Merchants should show their store cards to the sales clerk upon submission of a
warehouse slip and the store card details should be used to access the merchant’s (1)
profile on screen.
4.1 Further authentication of the merchant should take place by means of the clerk
asking the merchant to provide pertinent details of his/her account as per the
masterfile information. (1)
5. On entry of the merchant’s number, the system should search the merchant masterfile
to establish the existence of the account (valid number check). (1)
5.1 Sales order clerks should not have write-access to the merchant, pricelist or
inventory masterfiles, but read access only as needed. (1)
6. The warehouse slip on which the invoice is based, should be stamped and signed by
the store man (to ensure order clerks capture only authorized warehouse slips). (1)
7. Upon entering the items as per the warehouse slip, the system should check the validity
of the product codes against the inventory masterfile. (valid code check) (1)
8. The system should also check the credit availability of the merchant after the current
invoice details have been entered. (1)
8.1 If the credit limit of the merchant has already been reached even before the
invoice is generated, the system should warn the sales clerk when the
merchant’s profile is initially called up. (1)
8.2 If the credit limit is exceeded, or if there is a “hold/restriction” on the account, the
order should not be accepted and the merchant should be informed. (1)
8.3 Credit overrides should be restricted to the credit controller either via his/her
computer terminal and/or username and password. (1)
8.4 All overrides should be printed on an audit trail, including the “reason codes”, for
regular review by a senior staff member. (1)
9. Accuracy
To enhance accuracy, there should be a range of programmed edit checks when the
sales clerk enters an order, such as: (½)
9.1 alphanumeric checks on all fields (½)
9.2 echo check on product codes and merchant number (user confirms correctness) (½)
9.3 field size check on product codes and merchant number (½)
9.4 sign check on inventory quantity field (½)
9.5 minimum keying of data to minimize errors (½)
Max 2 programme edit checks (2)
10. The use of screen dialogue, e.g., error messages should be displayed when errors are
detected after performing the above-mentioned edit checks (1)
Page 2 of 7 pages
11. The system should automatically price the products invoiced based upon product price
rules stored in the pricing masterfile. (1)
11.1 Price overrides should be restricted to a managerial staff member/supervisor via
his/her terminal or username. (1)
11.2 All price overrides should be reported on a price override audit trail which should
be reviewed by the financial controller. (1)
12. Once the invoice details have been captured, a “confirmation screen” should appear
containing pertinent details of the invoice particulars as entered. (1)
12.1 The sales clerk should request the merchant to first check all information on the
invoice and both persons should sign a printout as confirmation of acceptance. (1)
Completeness
13. The sales clerk’s terminal screen used for generating invoices should be formatted in a
manner that will facilitate the capturing of all the invoice details from the warehouse slip.
(This control also contributes towards the accuracy of input – mark can be awarded
under accuracy as well). (1)
14. Appropriate use should be made of screen prompts to ensure that all data is captured. (1)
15. Missing data checks should be in place to ensure that invoices are not accepted until all
fields have been completed. (1)
16. A daily exception report of long outstanding collections in a “pending collection” file
should be generated for review and follow up by a designated staff member of all items
reserved by merchants, but not yet collected. (1)
17. A security guard should check all goods leaving the warehouse or premises, by
comparing the receipt(s) of the customer with the actual goods being taken (to ensure
no goods are removed for which no sales invoice has been raised). (1)
Possible: (29)
Max: (20)
b) Subsequent issue of items to merchants: validity

1. When a merchant has paid the 50% deposit for reserved items, the corresponding Item
Reservation (IR) document should be flagged on the system module used by the store
man, as confirmation for release of the items from the holding area to a safe storage (1)
room.
2. A copy of the flagged IR document should be generated by the store man for sequential
filing per IR number in a pending file. (1)
3. When a merchant arrives at the warehouse for subsequent collection of previously

invoiced items, the merchant should provide the store man with a copy of both receipts (1)
(for the deposit and payment of the balance) and IR document, for comparison with the
store man’s sequentially filed copy of the IR document. (1)
4. After receiving the items, the merchant should be requested to sign an issue note
(document to release items) as proof of collection and having checked that the items
are those initially invoiced. (1)
4.1 Once the items have been issued, the store man should cancel the Item
Reservation document on the system (to avoid duplicating the issue of items / to (1)
avoid disputes with merchants).
4.2 The signed issue note should be attached to the cancelled Item Reservation
document and filed in order of the Item Reservation document. (1)
Possible: (7)
Max: (4)
Presentation Question 1: (1)
Page 3 of 7 pages

AUDITORS LETTERHEAD
John Player
Famous Toys (Pty) Ltd
P O Box 555
PORT ELIZABETH
6000
(1)
Dear Mr Player
Comments as requested on the memorandum detailing inventory count instructions
Thank you for giving me the opportunity to detail the matters which need to be brought to your
attention to ensure a successful inventory count. I hope that my comments, which follow, will (1)
be of assistance when finalising your instructions to staff involved in the count:
Preparing the Warehouse

1. 1.1 Prepare the warehouse so that all toy categories are placed in the correct section.
The problems caused by the installation of the new sprinkler system must be (1)
resolved between now and the count date.
1.2 Mark any damaged boxes clearly so that their details can be recorded on the (1)
inventory count sheets.
1.3 Identify any boxes which may have been opened. (1)
1.4 Draft a plan of the warehouse to which your planning memorandum can be
referenced (Maxima should number all the rows within each section as well). (1)
Inventory Count Sheet Design

2. I suggest that as the inventory sheets are very important, Christa Maxima compile
printed, pre-numbered inventory sheets which
2.1 Reflect the item inventory number, the toy category and the quantity of items per (1)
box.
2.2 Contain columns to record the first and second counts and differences between (1)
counts.
Control of Inventory Count Sheets

3. Staff should be required to sign a register (which should remain in Maxima’s custody)
when collecting and returning their inventory sheets from Maxima. (1)
4. Sequence checks on all count sheets should be conducted by Maxima, both before
issued and after they have all been returned, to ensure that they are all accounted for. (1)
5. The counters responsible for the count sheets should:
5.1 Draw lines through the blank spaces on all inventory sheets, and (½)
5.2 Sign each count sheet and all alterations. (½)
6. There is no need for you to use carbon paper as we will make photocopies of the final
inventory count sheets before we leave your premises, after the inventory count. (1)
Count Teams and Method of Counting

7. Each count team should consist of two members of staff. Toy Smal, Jack Legos, Ray
Macano and Mia Dolls should each be assigned one of the five warehouse staff (1)
members.
8 All teams should be given a plan of the warehouse which should clearly demarcate the
rows of shelving for which they are to be held accountable. (1)
Page 4 of 7 pages
9. Where count teams identify damaged inventory or inventory in an area of the warehouse
which appears unused/ excessively dusty, these inventory items must be marked as
such on the inventory sheets. (1)
9.1 The contents of boxes where the packaging appears to have been tampered
with, should be counted and the details noted on the inventory sheet. (1)
9.2 A few boxes should be selected at random in each section and the contents
compared with the description on the label to confirm that the contents have not
been changed/ removed and the seal replaced. (1)
10. Leslie Maxima should:
10.1 Walk through the warehouse once the count is complete and make sure all the
boxes have been marked twice. (1)
10.2 Examine the inventory sheets to make sure that first and second counts are the (1)
same.
10.3 Instruct the count teams responsible for sections where discrepancies are
identified, to recount the inventory items in question. (1)
11. It should be made clear to all count teams that they will only be formally dismissed once
the count is complete and all queries have been attended to. (1)
12. Any inventory received after the count has begun, should be stored separately until the
count is complete and must not be put into the shelves. (1)
 This inventory must be counted and added to the inventory sheets after the
(1)
count is complete.
Supervision
13. You have stated that the memorandum is your last official communication. However, it
is essential that you schedule a planning meeting prior to the count to ensure that count
parties and support staff are clear on their roles. (1)
I trust that the above comments will assist you in compiling a comprehensive memorandum to
staff members that will leave no doubt in their minds as to what is required of them at the
inventory count.
(1)
Should you require any further assistance please do not hesitate to contact me.
Yours faithfully
Auditor’s signature.
Available 25
Max. 20
Page 5 of 7 pages

WEAKNESSES RECOMMENDATIONS
PERSONNEL FUNCTION
1. The personnel function is not 1.1 A properly staffed, specialized
centralized into an autonomous, personnel division should be
adequately staffed division. (1) established, as human resources in a
- Managers are solely responsible company of this magnitude (250
for appointments, dismissals and employees), cannot be adequately (1)
remuneration packages. (1) 1.2 managed otherwise.
- The managers concerned are The personnel division should be
unlikely to have expert knowledge responsible for:
of the legal and administrative - The implementation of all
complexities of human resource (1) engagements, dismissals and (1)
management. salary packages.
- The secretaries maintain personnel (1) - Maintenance of all personnel (1)
records. 1.3 records, e.g. employment
contract.
Staffing requirements and salary
packages should be planned and
budgeted by the personnel division in (1)
1.4 consultation with the managers of
each division.
Final approval for staffing plans and (1)
budgets should be obtained from Bo
Kamula prior to their implementation.
PAYROLL PREPARATION AND

ACCOUNTING
Masterfile Amendments
The weaknesses indicated in (2) – (4)
below, result in invalid, inaccurate and
incomplete mastefile amendments.
2. Unnumbered internal memorandum 2.1 Pre-numbered payroll amendment
forms are used to advise of forms should be used for all payroll
engagements, dismissals or other masterfile amendments. (1)
masterfile amendments (1)
(completeness).
3. These masterfile amendments are 3.1 Payroll amendment forms should
generated by the secretaries and do always be authorized by the
not appear to be authorized by the (1) manager of the division concerned
managers. (validity). and the personnel manager. (1)
4. Payroll amendments are processed by 4.1 Access to the payroll amendment
Joe Masters or one of his clerks and function should be restricted to Joe
not subject to any checks that the Masters only, through use of user
masterfile amendments have been (1) ID’s, strict password controls and
captured correctly. (completeness, appropriate access control (1)
accuracy and validity). tables/user profiles.
4.2 Automatic program checks should be
carried out on payroll amendments
as they are entered , e.g.
- Range/ limit checks on salary
scales for different grades of (1)
employee
- Sequence checks on amendment
form numbers to identify (1)
duplications and omissions.
4.3 Payroll amendments should
automatically be logged by the (1)
system.
4.4 The log of payroll amendments
should be subject to strict access
control: (1)
- It should be a read-only file
- It should be accessible only to
Bo Kamula and only from her
terminal, using the access (1)
control techniques referred to in
4.1 above.
Page 6 of 7 pages
SUGGESTED SOLUTION OF QUESTION 3 (CONTINUED)
4.5 Bo Kamula should regularly review

the log of payroll amendments and
reconcile it with the relevant
authorized payroll amendment forms (1)
to ensure:
- Only authorized (½)
amendments have been
made (validity) (½)
- All authorized amendments
have been made (½)
(completeness)
- All amendment details have
been accurately captured
(accuracy).
PAYROLL PAYMENTS AND

RECORDING
5. No review system prior to approving 5.1 The payroll should be split into the
the payroll. (1) three divisions and each of these
should be handed to the relevant (1)
division managers.
5.2 Each manager should sign his/her
section of the payroll after scrutiny
and reperformance to ensure: (1)
- All names are those of bona fide
employees in the division (½)
- Payroll computations and
amounts appear to be correct. (½)
- Payroll details reconcile with
personnel records. (½)
5.3 All sections of the payroll should
then be passed on to Bo Kamula
who should authorize each after:
- reviewing it for evidence of the
manager’s checks (see 5.2 (1)
above)
- Comparing the total payroll (1)
amount to the budgeted
amount.
- reconciling the total to that of the
previous month, after taking into
account relevant payroll (1)
amendment forms for the current
month (identified from the log
– sec 4.3).
6.1 Secretaries 6.1 The introduction of a personnel

- distribute salary slips function and implementation of
- have access to payroll masterfile amendment controls
amendment forms would resolve the lack of (1)
- which amounts to poor (1) segregation of duties.
segregation of duties.
Page 7 of 7 pages
PAYROLL DEDUCTIONS, PAYMENTS

AND RECORDING
7. No procedures appear to be in place 7. An accounting clerk who is
to control the validity, accuracy and (1) independent of other payroll (1)
completeness of payroll deductions. functions, should carry out random
checks on deductions calculations to
assist in ensuring:
- that calculations appear to be (1)
correct e.g. PAYE
- that deductions are authorized
e.g. in terms of PAYE tables,
medical aid or pension fund (1)
requirements or garnishee
orders.
Reviews and Reconciliations

8. No reviews or reconciliations appear 8.1 The “Salaries bank account” should
to take place after salaries have been (1) be reconciled to the relevant bank
paid. statements each month by Joe (1)
Masters.
8.2 Bo Kamula should perform monthly
reviews to ensure
- that the “salaries bank a/c” is
reduced to nil soon after month (1)
end.
- bank reconciliations are
satisfactorily performed and that (1)
there are no unusual reconciling
items.
Available: 40
Max: 24
Presentation: 1

4 SEPTEMBER 2010

Mr G Penning
Ms C Green
possible.
ANSWER BOOK
1 18 23 Book A
2 52 67 Book B
70 90
Page 1 of 4 pages
PART A (6 Marks)
level.
implementation.
e) Describe the implementation methods available to MiSpares (Pty) Ltd. (4)
f) Choose the implementation method that you believe to be the most suitable and provide
PART B (5 Marks)
MiSpares (Pty) Ltd maintains an Access Database which stores accounting information for 5 years. The
CEO is concerned that sales of one particular product has declined over the past 2 to 3 years and has
requested information regarding the sales of this product.
d) Which Access tool would you use to GRAPHICALLY show this decline? (1)
e) Name the information you would include on the axes. (2 x ½ = 1)
f) Examine the REA diagram below. Describe/explain the business rules the relationship
represents. (3)
Page 2 of 4 pages
PART C (7 Marks)
The CEO of MiSpares (Pty) Ltd is concerned about the development of the new re-ordering system and
has the following questions:
(c) Name two techniques that are available for scheduling and monitoring to ensure that a project is
completed on time. (2 x ½ = 1)
(d) Briefly describe the role the accountant can play in the successful development and implementation
of information systems. (3)
(c) State what can be done to overcome the behavioural problems of employees not being in favour of
the change. (6 x ½ = 3)
Page 3 of 4 pages
PART A (23 Marks)
(Pty) Ltd’s computerized financial system. The company’s main shareholder and managing director is
Sarah Snow. You have determined the following:
company’s information and communication technology (ICT) matters and has given responsibility for
ICT to the ICT supervisor, Wally Winter. Wally decides what ICT equipment to buy and who to appoint
in the event of vacancies in the ICT department. Sarah has also authorized Wally to make corrections
to financial information on the system in the event of an emergency when she is out of the country
(since Wally is very knowledgeable of computer-related matters).
6. Sarah has given her financial manager her username and password in the event that he needs to
urgently approve transactions in her absence. Sarah’s user ID provides super-user access to the
financial system.
7. Wally Winter has been tasked with issuing user names (user IDs) to all new employees, as well as
setting up and maintaining the staff’s user profiles on the financial system. After a profile has been
set up, changes can only be made if the employee requests the change from Wally, in writing. All
passwords must be at least 6 digits long and be changed on 30 June each year. When an employee
wants to change his/her password, the new proposed password must first be submitted to Wally or an
ICT assistant for verification.
through a local area network (LAN). You have obtained reliable internal audit reports from the
company’s internal auditors in which you noted that disaster recovery controls (including procedures
over backups) operate efficiently. You have also noted no concerns over the security and physical
environment of the mainframe computer room.
YOU ARE REQUIRED TO identify and explain the weaknesses in the general controls at Arctica (Pty)
Ltd based on the information provided. For each weakness you have identified, explain the
consequence(s) of the weaknesses identified. Ignore the information in Part B, C and D for the purpose
of answering Part A. (23)
Page 4 of 4 pages
PART B (14 Marks)
Wally Winter contracted PC Power (Pty) Ltd to install and maintain Arctica (Pty) Ltd’s network and
computer hardware equipment, including terminals and the mainframe computer (server). PC Power (Pty)
Ltd is a small company recently established by Wally Winter’s brother, Chilly Winter. PC Power (Pty) Ltd
also installed the necessary system software as well as a number of off-the-shelf applications (including
the financial package) for Arctica (Pty) Ltd. An informal arrangement between the two companies makes
PC Power (Pty) Ltd responsible to carry out all general program maintenance.
Chilly Winter, not having many other clients, spends a lot of time in Wally’s office and keeps himself busy
by experimenting with enhanced program features on Arctica (Pty) Ltd’s financial package. Chilly knows
where to obtain programming code and add-on modules from the internet and downloads many program
features accordingly. As Chilly charges by the hour, he installs the new features directly on the live system
in order to reduce the costs to Arctica (Pty) Ltd.
YOU ARE REQUIRED TO identify and explain the concerns that arise resulting from the information
provided above. (14)
PART C (12 Marks)
During your visit to determine the general controls of Arctica (Pty) Ltd you bumped into Purco Purchases,
the newly appointed buying officer. He informed you that one of his duties is to evaluate potential
suppliers and negotiate contracts with the suppliers, which he enjoys. But he added that he also has the
responsibility to maintain Arctica (Pty) Ltd’s suppliers masterfile, and he has no idea how it should be
done. On further enquiry he informed you that he must use Dick Buy, the buying clerk, to capture
amendments to the suppliers masterfile and that Joe Finance must review all amendments to the
suppliers masterfile. He further informed you that he has no idea what controls to implement to ensure
that amendments to the suppliers masterfile are valid, accurate and complete.
YOU ARE REQUIRED TO advise Purco Purchases on which controls should be in place over the
amendments to the suppliers masterfile. (12)
PART D (3 Marks)
The following controls have been implemented at Arctic (Pty) Ltd.

8. The monthly supplier’s age analysis is compared to the supplier’s ledger by the financial manager.
controls. (3)
AUDITING 3
RO302/RO352
TEST 1
4 SEPTEMBER 2010
SUGGESTED SOLUTION
Page 1 of 5 pages

PART A

system.

Max. 2
PART B
2. (a) PivotChart tool (1)
(b)  Time (½)

 Total/Quantity of sales (½)
Each employee can be a member of only 1 work area at any time.

(c) No employee can have a work area that is not in the WorkArea table. (1)
Each employee has to have a valid work area. (1)
A WorkArea can exist and be valid without having ANY employees. (1)
Max. (1)
(3)
PART C
3. (a)  Pert charts (½)

 Gant charts (½)
(b) – Determine information needs of MiSpares (Pty) Ltd. (1)

– To be members of the project development team. (1)
– To play an active role in designing system controls. (1)

(½)
(½)
– Make sure users understand the system
Max. 3
Page 2 of 5 pages
PART A
1. Control environment and security policy

ICT matters, indicating poor leadership over the company’s operations and (1)
internal control.
the company.
operational and financial strategy of the company, leading to possible operational
inefficiently and/or financial losses. (1)
control over the section won’t be exercised.

* the managing director and financial manager share user IDs and have super- (1)
user access to the system.
it authority and to assist in promoting a clear organizational structure within the (1)
company.
Explanation: This may result in unsuitable staff being employed (e.g. friends, (1)
family).
since he can make corrections to financial information. (1)
works.
Page 3 of 5 pages
3. Access Controls
3.1 Weakness: Granting of access to the managing director and financial manager
to all parts of the system through the use of a super-user ID i.e. failure to
implement the least privilege principle (insufficient logical access controls). (1)
Explanation: Allowing the managing director and financial manager full access:
* substantially increases the risk of unauthorized entry to the system / (1)
manipulation of data and
* leads to inadequate isolation of responsibility on the system. (1)

 not changed regularly enough (it is only changed once a year); (1)
 known by ICT staff (since it must be “verified” by ICT staff first); (1)
 not kept confidential (Sarah shares her password with her financial (1)
manager).
Explanation:
passwords that have been deliberately or accidentally distributed, being
used for unauthorized purposes. (1)
(ii) * Having passwords authorized by the computer section compromises the
basic (1)
requirement that passwords remain private and
* leads to the possibility of ICT staff using the access right to “masquerade” (1)
as
(iii) The same concern (passwords not kept confidential) arises with the
financial manager who has access to the managing director’s password. (1)
3.3 Weakness:
Explanation:
(i) Allowing employees to decide what access they should have (and not their
supervisors/the financial manager) undermines sound segregation of (1)
duties.
exactly who should have access to each part of the system without input
from the financial manager. (1)
Presentation (1)
Possible (29)
Max Part A (23)
Page 4 of 5 pages
PART B
Risks resulting from the relationship between Arctica (Pty) Ltd and PC Power (Pty) Ltd
1. Organisational structure access control
1.1 Weakness: The lack of independence (family relationship between the Winter
brothers) increases the chance of: (1)
Explanation:
(i) Collusion between the Winter brothers (increased fraud risk). (1)
(ii) Retaliatory reaction by Chilly should Wally Winter be disciplined/ (1)
dismissed.
(iii) The service provider not in fact being sufficiently competent to perform ICT (1)
services.
2.1 Weakness: Arctica (Pty) Ltd is very / overly dependent on PC Power (Pty) Ltd
since the latter: (½)
2.1.1 supplied and installed the hardware systems. (½)
2.1.2 supplied and service the application software. (½)
2.1.3 is responsible for all programme maintenance and development. (½)
Explanation: Should PC Power (Pty) Ltd go out of business (common among (1)
small computer companies) Arctica (Pty) Ltd may face great difficulties in
continuing their normal operations.
2.2 Weakness: No formal agreement of service exists between Arctica (Pty) Ltd and
PC Power (Pty) Ltd. (1)
Explanation: It will be unclear what the responsibilities of the service provider are
and when the latter can be held accountable for damages suffered (if no formal (1)
agreement).
3. Program changes
3.1 Weakness:
(i) Chilly Winter keeps himself busy by “experimenting with enhanced (1)
programme features” which he downloads from the internet.
(ii) Chilly is able to make unscheduled programme changes without specific (1)
authorization.
(iii) Chilly makes the changes without formal requests from users or (1)
management.
Explanation: Uncontrolled programme changes can result in the implementation

of:
3.1.1 Programmes which may not suit user requirements properly; (½)
3.1.2 Programmes which contain errors and bugs; (½)
3.1.3 Programmes which no-one knows how to use. (½)
3.1.4 Programmes which is unnecessary for which the company is charged. (½)
3.1.5 The risk of viruses, spyware and other illegal software being loaded onto
the system increases as Chilly makes elaborate use of internet downloads. (1)
3.2 Weakness: Programme changes are not made in a test environment first, but
directly on the live system. (1)
Explanation: Corruption or loss of information can result if programme changes

are not tested first on a test system. (1)
Presentation (1)
Possible (17)
Max Part B (14)
Page 5 of 5 pages
PART C
1. Sequentially numbered masterfile amendment forms (MAF’s) should be used to record

each amendment to the suppliers masterfile. (1)
2. Unused MAF’s should be subject to strict stationery control and responsibility for these
MAF’s should be isolated to Purco Purchases. (1)
3. MAF’s should be signed by Wally Winter to indicate authorization for amendments to the
suppliers masterfile. (1)
4. MAF’s should be cross-referenced to relevant documentation to provide evidence of

satisfactory investigation and negotiations by Purco Purchases, such as correspondence
with suppliers/ contracts signed/ quotes. (1)
5. Proper physical and logical access controls should be strictly applied to masterfile
amendments and logs of masterfile amendments so that only Dick Buy is allocated to (1)
capture MAF’s.
Additional controls: (1)
5.1 A specific terminal (Dick Buy’s) must be identified for the capture of MAF’s. (1)
5.2 Use should be made of unique user IDs and passwords.
6. All masterfile amendments should be automatically logged by the system, showing

information such as date, time, terminal, user ID, sequential MAF no’s and amendment (1)
details.
7. MAF logs should be reviewed by Joe Finance.

7.1 Only Joe Finance should have access to MAF logs, enforced through the use of
user IDs and passwords. (1)
7.2 Sequence of MAF logs and MAF’s should be complete (no missing or duplicate (1)
MAF’s).
7.3 He should reconcile the details on the log to the relevant MAF’s for accuracy and (1)
validity.
8. Programmed check should be carried out on data input by Dick Buy:

8.1 Alpha-numerical checks on supplier’s codes. (1)
8.2 Blank field checks for missing data. (1)
8.3 Range checks for discount terms and prices. (1)
Max (3)
9. Screen prompts
9.1 Careful design of MAF for new suppliers and changes to supplier’s details. (1)
9.2 Screen prompts for entry of information / Appropriate screen layout. (1)
Possible (16)
Max Part C (12)
PART D
1. General (½)
2. Application (½)
3. General (½)
4. General (½)
5. General (½)
6. Application (½)
Max Part D (3)
3 SEPTEMBER 2011

Mr G Penning
Ms C Fourie
Mr L Feyt

possible.
ANSWER BOOK
1 35 45 Book A
2 35 45 Book B
70 90
Page 1 of 2 pages
You are a manager at Comp Dec CC, a corporation that provides a range of information
technology services.
The management accountant of one of your newly acquired clients has contacted you to assist
him by explaining and providing reasons for the need to constantly improve information systems
at his company. He specifically requested that you provide answers to the following:
(d) Explain why you would survey his company’s existing systems during a systems study.
(5)
(e) Describe the general activities and techniques that are commonly used during a systems
analysis. (15)
(f) List and describe the activities that are commonly used during the systems
implementation phase. Please do not provide information on systems conversion
(including conversion approaches) and post implementation review as I have already
obtained details of these controls. (15)
Page 2 of 2 pages
consulting department. The following information concerns one of your clients.
event:
saw. Earlier a passer-by heard a loud crash and alerted the security guards. It would appear
full in giving out instructions. What’s worse is that the finance department didn’t perform its
monthly backups and have probably lost four weeks’ of financial data.
Because of a cost savings drive the company undertook recently, Dairy Delights (Pty) Ltd had
to dismiss its ICT staff and are still in the process of searching for an external ICT service
provider. There was also a cut-back on insurance cover for ICT equipment as the company
never had any claims before and no-one foresaw this event at all.”
g) Describe the general controls that Dairy Delights (Pty) Ltd should put in place in order to
provided above. Ignore controls relating to logical access and controls over masterfile data.
(20)
Presentation (1)
h) Describe the controls you would expect to find at Dairy Delights (Pty), which would ensure that
changes to its debtors’ masterfile are valid, accurate and complete. Ignore any controls relating
to physical and logical access. (12)
i) Briefly explain the term “principle of least privilege” in a computerized environment. (2)
AUDITING 3
RO302/RO352
TEST 1
3 SEPTEMBER 2011
SUGGESTED SOLUTION
Page 1 of 4 pages
a. The purposes and reasons for analyzing an organization’s existing system include:
 To gain an understanding of the existing system and how it functions. (1)
 To determine the constraints of the current system (1)
 To assess the strengths and weaknesses of the existing system and to identify
problems (1)
that need to be resolved.
 To provide a source for design ideas for the new system and to identify the (1)
resources (1)
which are available.
 To provide information about the information needs of the users.
Max. (5)
b. General activities and techniques which are commonly used during systems analysis
include:
Initial Investigation (1)
 Verify the nature of the problem and the needs of the users. (1)
 Gather the information needed to evaluate the feasibility of the request. (1)
Systems Survey (1)
 Study and review the existing organizational structure to determine how it (1)
functions.
 Review and collect internal documents and reports to determine design, content,
use, frequency of preparation etc. (1)
 Develop and use questionnaire forms to determine processing frequencies,
input/output volumes, and other information useful to the systems study. (1)
 Conduct personal interviews with operating personnel to confirm and expand
upon data gathered from the questionnaire. (1)
 Develop flowcharts and data flow diagrams to document the existing system. (1)
 Study external sources of data which include companies who have developed or
who market similar systems, consultants specializing in such systems, customers,
industry trade associations, and government agencies. (1)
 Observe activities of the system to determine how the system actually works,
rather than what people or the documentation say should be done. (1)
Feasibility Study (1)
 Conduct a study to determine whether or not to continue with the project. (1)
Information Needs and System Requirements (1)
 Define and document the information needs of the users. (1)
 Define and document the requirements of the new system. (1)
Systems Analysis Report (1)
 Summarizes and documents the findings of the analysis activities. (1)
Possible (18)
Max. (15)
c.
1. Implementation planning consist of
1.1 List of implementation tasks to be completed. (1)
1.2 List of specific staff that is responsible for each section of the tasks in 1.1 (1)
above.
1.3 Expected completion date for each task. (1)
1.4 A detailed budget for the implementation detailing each task. (1)
1.5 Identification of risk areas of the implementation plan. (1)
1.6 Prepare a new organizational chart. (1)
2. Site Preparation (1)

2.1 Physical preparation of offices where equipment will be placed. (1)
2.2 Security measures (1)
2.3 Electricity supply (1)
3. Select and Train Personnel (1)

3.1 Determine the additional employees (including skills levels) that need to be (1)
employed.
3.2 Determine training needs of current staff. (1)
3.3 User procedure manuals updated and clearly defined job descriptions. (1)
Page 2 of 4 pages
4. Complete Documentation (1)

Three types of documentation must be prepared for new systems:
4.1 Development documentation describes the new system. It includes a system
description, copies of output, input, and file and database layouts; programme
flowcharts; test results; and user acceptance forms. (1)
4.2 Operations documentation includes operating schedules; files and databases
accessed; and equipment, security, and file-retention requirements. (1)
4.3 User documentation teaches users how to operate the system. It includes a
procedures manual and training materials. (1)
5. Test the System (1)

5.1 Program tests and string tests (walk-throughs) are step-by-step reviews of
procedures or program logic. The development team and system users attend (1)
walk-throughs early in system design. The focus is on the input, files, outputs,
and data flows of the organization. Subsequent walk-throughs, attended by
programmers, address logical and structural aspects of programme code.
5.2 Processing test transactions (systems test) determines if a program operates
as designed. Valid and erroneous data are processed to determine if
transactions are handled properly and errors are detected and dealt with
appropriately. To evaluate test results, the correct system response for each
tests transaction must be specified in advance. (1)
5.3 User acceptance tests use copies of real transactions and files rather than
hypothetical ones. Users develop the acceptance criteria and make the final
decision whether to accept the system. (1)
Available (22)
Max. (15)
Page 3 of 4 pages
QUESTION 2 SUGGESTED SOLUTION TO QUESTION 2
a) General controls
purpose of business continuity, is insufficient. The following controls should be implemented:

1.1.1 Computer facilities (especially the server) should not be situated below obvious water
hazards such as geysers and piping, but at sufficient distance away therefrom. (1)
1.1.2 The facilities should be located within a secure area within the building, preferably a
room with no outside wall or windows. (1)
1.1.3 The facilities should further not be situated on ground level or low lying areas in order
to minimize the risk of flooding. (1)
1.2 The physical security environment is currently inadequate within Dairy Delights (Pty) Ltd. The
following physical access controls should be implemented:
1.2.1 Security or authorized staff members should accompany all authorized visitors to the
computer facilities after confirming the reason for their visit. (1)
1.2.2 The area leading to the computer facilities and accounting offices should be made
secure through the use of lockable doors or security key pads etc. (1)
2.1 The existence of a disaster recovery plan, in writing, would have enabled the company to
minimize disruption to its business activities. Such a plan would need to have the following (1)
characteristics. The plan should:
2.1.5 detail alternative processing arrangements agreed upon, e.g. using service providers
to assist with recovery. (1)
2.2 Responsibility for disaster recovery should not fall onto only one person (Kate Perry). All staff
should be trained in the execution thereof and be aware of the course of action to take. (1)
2.3 Dairy Delights (Pty) Ltd did not have a service arrangement with a computer and network
service provider yet.
2.3.1 The company should as soon as possible appoint a service provider who can service
its computer and networking facilities and be contacted in the event of ICT-related
operational failures. (1)
2.4 It would further appear that there were no backup electricity facilities. The company should
install uninterrupted /dual power supplies to enable processing to continue in the event of a
power outage. (1)
2.5 The fact that the company never had to make use of its insurance thus far is not sufficient
grounds for cutting back thereon. Proper insurance needs to be re-established over ICT
equipment as soon as possible. (1)
3.1 The company only performs backups on a monthly basis. The following backup strategies
should be implemented by Dairy Delights (Pty) Ltd going forward:
3.1.4 All back up data should be maintained in a fireproof safe and be stored away from the
computer facilities. (1)
Page 4 of 4 pages
3.1.5 Critical data and programs can be copied in real time to a “mirror site” server, in order
to continue processing on the unaffected server in the event of a disaster. (1)
4. Control environment
4.1 The company’s management should portray an operating style to its staff which
communicates and enforces the importance of good controls. (1)
(From the matters described by Kate Perry (e.g. little security over the computer server,
inadequate insurance) , this control measure does not currently seem to be in place).
4.1.1 Management should lead by example as their attitudes, control awareness and
actions will set the tone for all other staff to follow. (1)
4.2 Although relying on an external service provider for ICT is acceptable, there should still be an
ICT steering committee made up of knowledgeable persons who report to the board of
directors on ICT-related matters. (1)
Possible: (24)
Max: (20)
Presentation (1)

numbered. (1)
1.2 Unused MAFs should be subject to strict stationery control and responsibility for these
MAFs should be isolated to specific persons within the accounting function. (1)
1.3 MAFs should be cross-referenced / attached to the relevant supporting documentation
relating to the change required, e.g. application forms for all new debtors accounts. (1)
1.5 MAFs should be authorized by a senior accounting official prior to processing, through
a signature on the MAFs form after the person checked it to the above supporting
documentation. (1)
1.7 All details captured into the masterfile application should be subject to programmed
edit checks for example:
 Range checks on the credit limit field. (1)
 Alpha numeric checks on the debtor’s code. (1)
 Other valid points. (1)
Max. (2)
1.9 To limit errors, only information to be changed should be captured (minimum keying in
of information) i.e. by entering the debtors’ number and all related standing data
appear. (1)
 Reconciled to authorized Masterfile Amendment Forms; (1)
 Sequence checked to ensure that all MAF forms have been captured. (1)
accounting official on a regular basis to ensure that the data is up to date and relevant. (1)
Possible: (13)
Max: (12)
c) The principle of least privilege is that users should be given access to only those aspects of (1)
On the most basic level, an employee who does not need access to the computer system to
perform his function, should not be given any access at all. Where an employee
needs only to read a file, she should be given “read only” privileges not “read/write privileges” (1)
Total: (2)

7 SEPTEMBER 2012
Prof G Radder Prof FE Prinsloo

Mr G Penning
Ms C Fourie
Mr C Burger

possible.
communication skills (language, layout and logic of answer) have been allocated for this
very reason.
ANSWER BOOK
1 20 26 Book A
2 50 64 Book B
70 90
Page 1 of 3 pages
QUESTION 1 (20 Marks: 26 Minutes)
You have recently been appointed as information and communication technology (ICT) consultant to
assist Big and Better Manufacturing (Pty) Ltd in updating all the ICT systems at the company. You met
the newly appointed CEO, Ms Ann Katzah, who is a qualified civil engineer. The CEO made the following
comments during the meeting:
1. “I have read that all companies go through systems development life cycles. Please explain in detail
to me what the different processes are in the system development life cycle.”
2. “Once the systems have been developed, what are the conversion methods available to Big and
Better Manufacturing (Pty) Ltd to implement the new systems”.
a) List and discuss the different elements of a systems development life cycle (see comment 1 of the
CEO). (15)
b) List and discuss the system conversion methods available to the company to implement the new
systems once developed (see comment 2 of the CEO). (5)
Page 2 of 3 pages
QUESTION 2 (50 Marks: 64
Minutes)
You are a senior on the audit of Wild Coast DIY (Pty) Ltd for its financial year ended 30 June 2012.
The company sells power tools and other “do-it-yourself” hardware to walk-in customers from a large
retail store in Mthatha. The general manager of the store, Mr David Dalumzi, has voiced concerns
about several security incidences that took place during the financial year, which gave rise to integrity
concerns around electronic data on the company’s computerised information system. The following
information applies:
PART A (29 Marks)
You established that Coast DIY (Pty) Ltd’s information technology (IT) department is headed by
Kevin Starr, who reluctantly accepted the position of IT manager after pressure from his father who
is one of the owners of the company. Kevin reports to Mr Dalumzi. The most recent IT report
(containing information on the IT department’s activities and IT security concerns etc.) was dated
November 2011. Reporting to Kevin Starr in turn are two recently appointed IT technicians, each
with their own username and password for gaining access to the system. It came to your attention
that their usernames are “andreas.holmes” and “buhle.buzani”, although this came as a surprise to
you because both Andreas and Buhle last worked for the company as IT technicians in 2011. When
you asked the IT technicians why they were using these usernames, they replied that Kevin told
them to use it, as Kevin thinks “issuing new usernames are unnecessary red tape”.
From observation and enquiry, you noted that there are a number of computer terminals used by
sales clerks, linked to a mainframe computer housed at the company’s premises. The mainframe
stores masterfile information and updates the debtors masterfile and sales journal in real-time as a
clerk enters sales data on the terminals. All sales clerks log into the company’s financial application
by using a username called “clerk000”, which provides them with write-enabled access to all modules
in the financial application. The financial application includes the sales-, purchases-, inventory-,
payroll- and general ledger modules. The password associated with this username is changed on
a monthly basis by Mr David Dalumzi and is sent by email from Mr Dalumzi to all other staff. A sales
clerk forwarded you the most recent “password email” and you saw that the current month’s
password is “imwatchingyou”.
A fellow audit team member has noted that some computer logs relating to the correction of financial
errors on the sales module had the above-mentioned IT technicians’ usernames printed next to the
corrections. You have also observed, on occasion, IT technicians assisting sales clerks with sales
during peak business hours.
While walking to the general manager’s office, you noticed that one of the other offices contained a
sign on the door reading “Starr’s office – Keep out!” The door was wide open and inside sat a man
who identified himself as a friend of Kevin Starr. A large computer stood on the floor and you realised
that the computer is in fact the mainframe server used for central processing of the business’s
finances and other operations. Later on Kevin told you that the current location of the mainframe is
only a temporary arrangement, as a “brand new data centre” is being built.
YOU ARE REQUIRED TO using only the information provided, describe the weaknesses in the
general computer controls of Wild Coast DIY (Pty) Ltd and explain the consequence(s)/risk(s)
associated with each weakness.
(28)
Communication skills (1)
Ignore the information in Part B for the purpose of answering Part A.
Page 3 of 3 pages
PART B (21 Marks)
David Dalumzi, Wild Coast DIY (Pty) Ltd’s general manager, informed you that the company is
considering the implementation of a new sales module for its computerised financial application during
the next financial year. The reasons for implementing the new module include:
 complaints by the sales clerks about the lack of “user friendliness” of the current sales module;
 many of the errors that occur during especially peak hours, when the clerks are under pressure
to input a high volume of data, could be avoided if the software was programmed more effectively.
The following pertinent information will continue to apply to the new sales module:
 Credit customers must supply their account number (contained on a plastic customer store card)
before a sale can be captured by a sales clerk at one of the point-of-sales computer terminals.
Customer codes are entered manually by the sales clerk.
 Customer codes are 6 digits long and Mr Dalumzi has indicated that the codes will need to remain
the same regardless of the new module. The first three digits represent the first three characters
of the customer’s surname and the last three digits are sequentially generated starting with 001
per alphabetic sub-set, e.g. Dal001, Dal002 etc.
 Purchased items are scanned by the sales clerk using a barcode scanner connected to the
terminal. For the quantity field only, if more than 1 of the same item is purchased by a customer,
the clerk needs to count the items and manually enter the total quantity being purchased, to avoid
accidental duplicate/missed scanning.
 Inventory items are numbered anywhere within the digit range of “00001” to “10000”.
 Processing of sales data to the central server takes place in “real-time”.
The company has a dedicated data capturer, Ms Andiswa Bika, responsible for capturing (amongst
others) information about new credit customers to the debtors masterfile. The company uses pre-printed
“debtor change forms” (DCFs) to record additions and changes to the debtors masterfile. Potential credit
customers must complete an application form and are referred to the credit controller, Ms Ann Moody, for
any queries. The company’s financial manager is Mr Garth Emerson.
a) Based on the information provided, describe the detailed computerised control techniques that you
would expect the software of the new sales module to incorporate in order to ensure the validity,
accuracy and completeness of input of sales data on the sales module. Ignore access controls.
(12)
b) Describe the controls that you would expect to find over additions of new credit customers to the
debtors masterfile. Do not concern yourself with:
 any access controls to the computer system;
 screen aids or programmed input checks; and
 controls over the granting of credit before the amendment takes place. (8)

AUDITING 3
RO302/RO352
TEST 1
7 SEPTEMBER 2012
SUGGESTED SOLUTION
SUGGESTED SOLUTION FOR QUESTION 1
1 Page only
a) Elements of a Systems Development Life Cycle
1. Systems analysis (1)

1.1 Initial investigation of current system to identify strengths and weaknesses. (1)
1.2 Systems survey to determine the proposed systems feasibility. (1)
1.3 Determine information needs and systems requirements. (1)
1.4 Systems analysis report prepared and submitted to the steering committee. (1)
2. Conceptual design (1)

2.1 Identify and evaluate design alternatives. (1)
2.2 Develop design specifications. (1)
2.3 Report on conceptual design requirements. (1)
3. Physical design (1)

3.1 Detailed specifications to code and test computer programs. (1)
3.2 Documents are designed for input and output. (1)
3.3 Develop procedures and controls (1)
4. Implementation and conversion (1)

4.1 Development and implementation of the conversion plan. (1)
4.2 Install and test hardware and software. (1)
4.3 Provide training for employees on the new system. (1)
4.4 Systems documentation, including standards and controls need to be completed. (1)
5. Operations and maintenance

5.1 Systems periodically reviewed during its lifetime. (1)
5.2 Modificatyions are made as and when required. (1)
Available (21)
Max. (15)
2. Four major forms of system conversion include:
development team and end user management agree to switch completely over to the new
system. It is during this time that the operations and results of both systems are compared
and evaluated. Errors can be identified and corrected, and the operating problems can be
solved before the old system is abandoned. (2)
converted. A phased conversion allows a gradual implementation process to take place within
an organization. (2)
Pilot Conversion: - Where one site serves as a test site. A new system can be tried out at
this site until developers feel it can be implemented throughout the organization. (2)
Plunge/Direct Cutover: - Use the system immediately, and totally abandon the old system. (1)
Max. (5)

Page 1 of 3 pages
1.1 Weakness: The information technology control environment seems to be poor due to a
lacklustre attitude towards controls by the IT manager and the general manager. (1)
* In addition, it would appear that the IT Manager does not have the necessary skills and
competency to manage an IT department. (1)
 Kevin Starr is purported to have a negative attitude towards his job and responsibilities, (1)
which also brings into question his commitment to competence.
 Kevin Starr, the IT manager, is alleged to have ignored sound access controls by not (1)
having the usernames of ex-employees’ cancelled upon dismissal.
 Kevin Starr appears to allow non-IT staff (i.e. a “friend”) to be alone in the “server room” (1)
and leaves the server room’s door open for any person to enter. (1)
 Mr David Dalumzi allows the utilisation of a generic password amongst sales staff.
1.2 Explanation:
1.2.1 Management not leading by example may result in other staff members, especially IT
staff, not taking controls seriously, opening possibilities for error and
misappropriation of company assets. (1)
1.2.2 IT management not having the necessary skills and competency may lead to
ineffective computerised controls and processes and the resultant possibility of
errors or irregularities occurring in the computer system. (1)
2.1 Weakness: There does not seem to be any IT steering committee or IT representation on
the board of directors. (Alt: the IT manager does not report to an IT steering committee). (1)
2.2 Explanation:
2.2.1 Without representation on the highest levels in the company, the company’s IT
functions might not achieve, sustain and/or enhance the company’s strategic
objectives (the business might “work against itself”). (1)
 In addition, without representation, the IT department may have inadequate
authority to assist it in promoting a strong control environment. (1)
3.1 Weakness: Reporting on IT- and security related matters takes place on a too infrequent
basis, leaving excessive control over IT matters in the hands of the IT department. (1)
3.2 Explanation: Infrequent reporting on IT matters/security issues may lead to incorrect or
uninformed IT/business decisions being taken by the IT manager and the effects of the
decisions/issues going unnoticed for too long. (1)
4.1 Weakness: All sales clerks log into the company’s financial application using the same
common username. (1)
4.2 Explanation: Inability to isolate responsibility to transactions captured on the system as
the system will allocate the general username to all transactions and not a specific username
of the staff member who was responsible for the transaction. (1)
5.1 Weakness: All sales clerks have logical write access to all modules on the system. (1)
(Alt: sales clerks have write access to the debtors masterfile).
5.2 Explanation:
5.2.1 Inability to enforce the “least privilege” principle through access tables/user profiles,
as the clerks have the ability to access information which they don’t necessarily
require for the performance of their duties. (1)
5.2.2 The risk exists that data might be changed or deleted without authorisation
(unauthorised access due to the write-enabled username). (1)
5.2.3 With access to all data, clerks might obtain confidential data on the financial
application (such as payroll information) which they aren’t privileged to see. (1)
6.1 Weakness:
 Passwords are generic (used by all sales clerks); (1)
 The password is not kept confidential (circulated through email); (1)
 Passwords might not be strong/secure enough. (1)
6.2 Explanation:
6.2.1 A generic password fails to individually authenticate users, resulting in an inability to
effectively enforce logical segregation of duties. (1)
Page 2 of 3 pages
6.2.2 Any unauthorised person (including IT staff) who gets access to the “password
email” (it appears to be easy to do so) would be able to gain unauthorised access
to the system should the person also carry knowledge of the common username. (1)
6.2.3 There is a risk that unauthorised people or automated hacking software may be able
to “guess” the password if the monthly passwords do not comply with strong
password controls. (Passwords are changed based on “staff member’s liking”). (1)
7.1 Weakness: usernames and passwords of ex-employees (including ex-IT staff) who have left
the employ of the company do not appear to be removed from the system. (1)
7.2 Explanation: The risk of access to the system by unauthorised persons is increased,
which may lead to manipulation or loss of data. (1)
8.1 Weakness: There is insufficient segregation of duties between the IT department and user
department, with IT staff having the ability to: (1)
* correct financial errors on the system (usernames appear on correction logs) and (1)
* executing financial transactions (by standing in for sales clerks). (1)
8.2 Explanation: The risk of unauthorised changes to financial data is increased as IT staff
may have the ability to more easily “hide their tracks” due to other system-level access
usually afforded to IT staff for the performance of their IT duties. (1)
9.1 Weakness:
There are weak physical access controls to the server room (“data centre”) as:
*The door to the server room stood open without any IT staff being present inside. (1)
* Non-IT staff is allowed to visit the data centre, seemingly for unwarranted social reasons. (1)
9.2 Explanation: The risk of destruction or theft of hardware/electronically stored information
is significantly increased, because it is easier for hardware to be stolen or access to be
gained to data via the mainframe in an unprotected data centre. (1)
10.1 Weakness:
* The IT manager’s office inappropriately doubles as the central processing facility (a
weakness regardless of the fact that a new data centre is being built). (1)
* The mainframe computer is situated on the floor and is not elevated. (1)
10.2 Explanation:
* Proper environmental protection and heat/humidity controls are unlikely to be effective
in a standard office. (1)
* In case of flooding, damage can result to the mainframe hardware/stored data if the
computer is not elevated. (1)
Available (38)
Max (28)
Part B a)
1. Screen Aids
1.1 The software of the sales module should enable the application of the “minimum keying in
of information” principle: (½)
 The clerk should only key in the customer number on the card supplied by the customer
and the quantities of items purchased should more than 1 item apply. (1)
 The sales module should be linked to the respective masterfiles in order to automatically
call up the standing debtor information, inventory code/description, and sales price. (1)
1.2 Extensive use of screen dialogue and prompts should be in place, i.e. the clerk should be
guided along the input process by means of warnings or confirmation messages. (½)
 The computer can for instance, prompt the clerk after input of all information to confirm
the accuracy of the information on the screen before proceeding. (1)
1.3 The software should enable the indication of mandatory (required) fields on-screen, e.g. (½)
 input cannot continue if the customer number has not been furnished by the clerk. (1)
1.4 The software can enable the “shading of fields” control, which will visually show a
restriction on the changing/adding of information to certain fields. (1)
Page 3 of 3 pages
2. Programme checks: Input

2.1 Validation/matching check should be in place where the input data is validated with pre-
existing, standing data in the masterfiles, (½)
 e.g. a customer code is validated against the masterfile to check whether the code (1)
belongs to an account registered on the system.
2.2 Limit checks should be in place to ensure that sales only take place within approved
quantitative limits, e.g. (½)
 credit sales cannot exceed the masterfile’s credit limit previously assigned to the
debtor’s account by the credit controller; (1)
 customers may not purchase more items than a pre-specified maximum should there be
a buy-limit on specific items, etc. (2 marks max for two or more examples). (1)
2.3 Reasonableness checks on the order quantity entered, e.g. (½)
 if the average historical order quantity of a stock item is 100, the computer will warn the
user if the quantity entered is e.g. ten times as high (1000). (1)
2.4 Format checks:
2.4.1 Alphanumeric check, to prevent the input of alphabetical characters where only (½)
quantities are allowed, e.g.
* First three characters of the account code are alphabetical; the last 3 are numeric. (1)
* Inventory quantities are only numeric. (½)
2.4.2 Size/range check, e.g. (½)
will detect if a debtor code does not contain at least 6 characters (only valid (1)
example).
2.4.3 Mandatory field/missing data check, e.g. (½)
to ensure that a zero quantity is not accepted for any items. (1)
2.4.4 Valid character/sign check, e.g. (½)
to ensure that negative order (stock) quantities are not accepted by the computer. (1)
Note: The controls of “screen formatted like hard copy”, “data approval check”,
“dependency check”, “check digit” and “sequence check” are not applicable to the scenario.
Available 18½
Max (12)
b) Amendments to the masterfile

1. All debtor change forms (DCFs) must be supported by a customer application (1)
(1)
form, pre-numbered, sequenced and cross-referenced to the DCF.
 All customer application forms as well as DCFs must be approved by Ann Moody (1)
(credit controller) with a signature before being sent for capturing to Ms Andiswa Bika.
2. All masterfile amendments must be automatically logged (on sequenced electronic logs) by
the computer. (1)
3. On a regular basis, Mr Emerson should review the logs to ensure that logged additions are
supported by suitable evidence i.e. application forms and a signed DCF. (1)
 Upon review, Mr Emerson should check the accuracy of the amendment against the
source documentation, paying particular attention to fields such as the debtor account
number. (1)
 He should check the numerical sequence of the logs themselves to ensure that the log
he is reviewing follows on the previous log he inspected. (1)
 He should manually sequence test the entries on the log in terms of the DCF numbers
to identify any gaps/cancelled DCFs (for follow up); (1)
 He should also note and follow up any unusual entries on the logs. (1)
4. Stationery controls should be in place over the issue of blank DCFs, e.g. the person
requesting the DCF should sign a stationary registers upon sign-out. (1)
5. On a regular basis, Mr Emerson should review the standing data on the debtors masterfile
to ensure the continued integrity of the data. (1)
Available (11)
Max (8)
RO301/RGO301 - Feedback on Test 1: Question 2 (Computerised controls)

Part A
1. The following are not considered control weaknesses
 Control environment
1.1 “The IT manager is the son of a shareholder of the company”.
- This arrangement is quite normal for many private companies, even family businesses.
In fact, it might even encourage a stronger control environment due to the cooperation that
may exist amongst family members in business.
- The fact that the IT manager is the son of the shareholder is not the control weakness.
The fact that he has a relaxed/casual, even lacklustre attitude towards controls is the control
weakness!
1.2 “The IT manager is not ‘independent’ as his father is a shareholder”.
There was mostly likely confusion here with the SAICA Code of Ethics on auditor
independence. It cannot be expected of an employee of the company to be “independent”
(from what?), even if the person’s family member(s) is a shareholder. A company where
management is not independent from shareholders are called “owner managed businesses”,
i.e. the managers and owners are the same people. Independence here is irrelevant!
1.3 “The IT manager will provide sensitive/confidential information to his father because
his father is a shareholder of the company.”
If anything, the father will give sensitive information to his son! (even this is irrelevant: what
can the son do with “sensitive information”? It’s a private company: shares cannot be traded
as with a public/ publically listed company). The shareholder will be privy to strategic
decisions rather than the son, the son who isn’t even a director.
Answers must be given in terms of the requirement: identify control weaknesses in the
general controls. An identification of “Business risks” was not required.
 Access controls
1.4 “Usernames are not changed regularly enough”

- How regularly do you change your Facebook login name? Your email address? As long
as you are authorised to use a username, usernames don’t get changed!
1.5 “Usernames/User IDs are not kept confidential” / “Usernames consist of names and
surnames”.
- Only passwords need to be kept confidential. We even give out our email addresses to
others!
- In most cases, people’s names and surnames are used to create their logical user IDs…
It becomes more complex to isolate responsibility if people’s names and surnames are
NOT used as their IDs!
1.6 “Passwords are not changed regularly”

- Please read the scenario: passwords are changed on a monthly basis. Some
companies even allow 90 days before a change is requested by the system.
1.7 “There are too many terminals connected to the mainframe”.

- In a retail setup it is quite normal for there to be many cash registers (terminals)
connected to a mainframe: terminals that are even accessible by customers (think
Shoprite, Spar, PnP etc.)
1.8 “There is a sign on the IT manager’s office reading “Keep Out”, which may lead to
the IT manager not being approachable for staff”.
- This is not a control weakness in itself, which goes against the Required of the
question. To make such a statement will require comprehensive, detailed explanations
in terms of general controls, to justify your answer.
1.9 (Consequence of the IT staff assisting with sales): “The sales clerks and IT staff will
collude”.
- The reality is that collusion is more likely where there IS segregation of duties and not in
an internal control system where segregation of duties are weak (such as in the
scenario). Why do IT staff need to collude with sales staff, if the IT staff can just as well
post sales themselves?
 Logging
1.10 “Staff member’s names appear on logs”

- This is in fact a crucial control, necessary for logging of user activity (including isolation
of responsibility)
1.11 “Follow up of logs by management doesn’t take place”

- There is insufficient indication in the scenario to justify such a statement, i.e. too
assumptive.
2. Technical matters
2.1 If employees share usernames: consequence is “cannot isolate responsibility on the
computer”.
2.2 If employees share passwords:
- Think of an electronic keypad protecting physical access to a shared office space, used by many
people. They all have access to the same “password”: but they keep it confidential amongst them as a
group nevertheless. What are the consequences?
- Technically there is no weakness if people use the same password and that password gives them
access to only those areas on the system that they need for their duties: as long as they keep the
password confidential to outsiders (as with the keypad above).
- However, where usernames are also used (and remember: usernames within an organisation are not
as a general rule kept confidential), it is possible for employees to log in on each other’s user IDs,
which means the weakness is in fact “inability by the system to authenticate users”: the system won’t
know if the person logging in is in fact the person to whom the user ID belongs: it is detrimental to
isolation of responsibility.
- With group passwords, it becomes more difficult to regulate password confidentiality: the password
can “slip out” more easily, which may lead to outsiders gaining unauthorised access to the system.
2.3 All sales clerks have write-access to all modules on the system:
- The weakness is not in fact “employees have unauthorised access to the system”. If
management allows all-write access to their employees, they are in fact authorised to
access all information.
- However, segregation of duties cannot/are not enforced and confidential data can be
accessed.
- Unauthorised changes can be made to data if there are policies in place which state that,
for instance, changes to debtors masterfile information must be authorised. If however,
staff has write-access to the debtors masterfile, they may go ahead with the changes
without authorisation as the system (access tables) allows it (i.e. loophole in controls).
Furthermore, the least privilege principle cannot be enforced.
3. Answer technique and reading

The following weaknesses are not in sufficient detail
3.1 “There are insufficient physical access controls to the server room”. The question
required you to “identify control weaknesses”. Saying “there are insufficient access
controls to the server room” is in fact repeating the “Required” and not answering the
question.
3.2 “There are no HR policies in place”. This is not a detailed statement, but was
nevertheless too assumptive to the scenario to deserve marks. There was insufficient
information in the scenario to come to such a “blatant” conclusion that the company has
NO HR policies in place. In a real-life corporate situation, making such a statement
without sufficient evidenced may represent making false allegations against your client.
3.3 What is the difference between a statement such as “Employees WILL commit fraud”
vs “An opportunity for fraud is created, which may lead to employees circumventing
controls”?
Misreading of information in the scenario occurred, which lead to incorrect or (mostly) irrelevant
answers.
Part B
a) Screen Aids and Programme input checks: issues noted during
marking
1. The required specifically excluded Access controls, but many students gave access controls
nevertheless.
2. A few students included processing controls (which were not applicable to the Required).
3. A few students addressed batch input controls in a real-time capturing environment.
4. Programme change controls were not applicable to the required.
5. Some students did not provide examples, and simply gave a “laundry list” of controls.
6. Sequential testing of customer codes were not applicable to input controls.
7. Some students mixed up range, reasonableness and limit checks.
b) Masterfile amendments
1. Segregation of duties and especially those related to hierarchy of positions in the company
were badly addressed in the question.
2. Inadequate understanding of the principle of “logging” and how logs work (and subsequently,
how controls should be applied to logs, e.g. sequential testing on logs).
3. Confusion between manual masterfile amendment controls and computerised controls.
4. No use of the staff members’ names as per the scenario, but only their positions.
5. Using “Masterfile amendment form” rather than “Debtor change form” (RO).
7 SEPTEMBER 2012
Prof G Radder Prof FE Prinsloo

Mr G Penning
Ms C Fourie
Mr C Burger

possible.
communication skills (language, layout and logic of answer) have been allocated for this
very reason.
ANSWER BOOK
1 20 26 Book A
2 50 64 Book B
70 90
Page 1 of 3 pages
QUESTION 1 (20 Marks: 26 Minutes)
You have recently been appointed as information and communication technology (ICT) consultant to
assist Big and Better Manufacturing (Pty) Ltd in updating all the ICT systems at the company. You met
the newly appointed CEO, Ms Ann Katzah, who is a qualified civil engineer. The CEO made the following
comments during the meeting:
3. “I have read that all companies go through systems development life cycles. Please explain in detail
to me what the different processes are in the system development life cycle.”
4. “Once the systems have been developed, what are the conversion methods available to Big and
Better Manufacturing (Pty) Ltd to implement the new systems”.
c) List and discuss the different elements of a systems development life cycle (see comment 1 of the
CEO). (15)
d) List and discuss the system conversion methods available to the company to implement the new
systems once developed (see comment 2 of the CEO). (5)
Page 2 of 3 pages
QUESTION 2 (50 Marks: 64
Minutes)
You are a senior on the audit of Wild Coast DIY (Pty) Ltd for its financial year ended 30 June 2012.
The company sells power tools and other “do-it-yourself” hardware to walk-in customers from a large
retail store in Mthatha. The general manager of the store, Mr David Dalumzi, has voiced concerns
about several security incidences that took place during the financial year, which gave rise to integrity
concerns around electronic data on the company’s computerised information system. The following
information applies:
PART A (29 Marks)
You established that Coast DIY (Pty) Ltd’s information technology (IT) department is headed by
Kevin Starr, who reluctantly accepted the position of IT manager after pressure from his father who
is one of the owners of the company. Kevin reports to Mr Dalumzi. The most recent IT report
(containing information on the IT department’s activities and IT security concerns etc.) was dated
November 2011. Reporting to Kevin Starr in turn are two recently appointed IT technicians, each
with their own username and password for gaining access to the system. It came to your attention
that their usernames are “andreas.holmes” and “buhle.buzani”, although this came as a surprise to
you because both Andreas and Buhle last worked for the company as IT technicians in 2011. When
you asked the IT technicians why they were using these usernames, they replied that Kevin told
them to use it, as Kevin thinks “issuing new usernames are unnecessary red tape”.
From observation and enquiry, you noted that there are a number of computer terminals used by
sales clerks, linked to a mainframe computer housed at the company’s premises. The mainframe
stores masterfile information and updates the debtors masterfile and sales journal in real-time as a
clerk enters sales data on the terminals. All sales clerks log into the company’s financial application
by using a username called “clerk000”, which provides them with write-enabled access to all modules
in the financial application. The financial application includes the sales-, purchases-, inventory-,
payroll- and general ledger modules. The password associated with this username is changed on
a monthly basis by Mr David Dalumzi and is sent by email from Mr Dalumzi to all other staff. A sales
clerk forwarded you the most recent “password email” and you saw that the current month’s
password is “imwatchingyou”.
A fellow audit team member has noted that some computer logs relating to the correction of financial
errors on the sales module had the above-mentioned IT technicians’ usernames printed next to the
corrections. You have also observed, on occasion, IT technicians assisting sales clerks with sales
during peak business hours.
While walking to the general manager’s office, you noticed that one of the other offices contained a
sign on the door reading “Starr’s office – Keep out!” The door was wide open and inside sat a man
who identified himself as a friend of Kevin Starr. A large computer stood on the floor and you realised
that the computer is in fact the mainframe server used for central processing of the business’s
finances and other operations. Later on Kevin told you that the current location of the mainframe is
only a temporary arrangement, as a “brand new data centre” is being built.
YOU ARE REQUIRED TO using only the information provided, describe the weaknesses in the
general computer controls of Wild Coast DIY (Pty) Ltd and explain the consequence(s)/risk(s)
associated with each weakness.
(28)
Ignore the information in Part B for the purpose of answering Part A.
Page 3 of 3 pages
PART B (21 Marks)
David Dalumzi, Wild Coast DIY (Pty) Ltd’s general manager, informed you that the company is
considering the implementation of a new sales module for its computerised financial application during
the next financial year. The reasons for implementing the new module include:
 complaints by the sales clerks about the lack of “user friendliness” of the current sales module;
 many of the errors that occur during especially peak hours, when the clerks are under pressure
to input a high volume of data, could be avoided if the software was programmed more effectively.
The following pertinent information will continue to apply to the new sales module:
 Credit customers must supply their account number (contained on a plastic customer store card)
before a sale can be captured by a sales clerk at one of the point-of-sales computer terminals.
Customer codes are entered manually by the sales clerk.
 Customer codes are 6 digits long and Mr Dalumzi has indicated that the codes will need to remain
the same regardless of the new module. The first three digits represent the first three characters
of the customer’s surname and the last three digits are sequentially generated starting with 001
per alphabetic sub-set, e.g. Dal001, Dal002 etc.
 Purchased items are scanned by the sales clerk using a barcode scanner connected to the
terminal. For the quantity field only, if more than 1 of the same item is purchased by a customer,
the clerk needs to count the items and manually enter the total quantity being purchased, to avoid
accidental duplicate/missed scanning.
 Inventory items are numbered anywhere within the digit range of “00001” to “10000”.
 Processing of sales data to the central server takes place in “real-time”.
The company has a dedicated data capturer, Ms Andiswa Bika, responsible for capturing (amongst
others) information about new credit customers to the debtors masterfile. The company uses pre-printed
“debtor change forms” (DCFs) to record additions and changes to the debtors masterfile. Potential credit
customers must complete an application form and are referred to the credit controller, Ms Ann Moody, for
any queries. The company’s financial manager is Mr Garth Emerson.
c) Based on the information provided, describe the detailed computerised control techniques that you
would expect the software of the new sales module to incorporate in order to ensure the validity,
accuracy and completeness of input of sales data on the sales module. Ignore access controls.
(12)
d) Describe the controls that you would expect to find over additions of new credit customers to the
debtors masterfile. Do not concern yourself with:
 any access controls to the computer system;
 screen aids or programmed input checks; and
 controls over the granting of credit before the amendment takes place. (8)

AUDITING 3
RO302/RO352
TEST 1
7 SEPTEMBER 2012
SUGGESTED SOLUTION

1 Page only
a) Elements of a Systems Development Life Cycle

1. Systems analysis (1)
1.1 Initial investigation of current system to identify strengths and weaknesses. (1)
1.2 Systems survey to determine the proposed systems feasibility. (1)
1.3 Determine information needs and systems requirements. (1)
1.4 Systems analysis report prepared and submitted to the steering committee. (1)
2. Conceptual design (1)

2.1 Identify and evaluate design alternatives. (1)
2.2 Develop design specifications. (1)
2.3 Report on conceptual design requirements. (1)
3. Physical design (1)

3.1 Detailed specifications to code and test computer programs. (1)
3.2 Documents are designed for input and output. (1)
3.3 Develop procedures and controls (1)
4. Implementation and conversion (1)

4.1 Development and implementation of the conversion plan. (1)
4.2 Install and test hardware and software. (1)
4.3 Provide training for employees on the new system. (1)
4.4 Systems documentation, including standards and controls need to be completed. (1)
5. Operations and maintenance

5.1 Systems periodically reviewed during its lifetime. (1)
5.2 Modificatyions are made as and when required. (1)
Available (21)
Max. (15)
2. Four major forms of system conversion include:
development team and end user management agree to switch completely over to the new
system. It is during this time that the operations and results of both systems are compared
and evaluated. Errors can be identified and corrected, and the operating problems can be
solved before the old system is abandoned. (2)
converted. A phased conversion allows a gradual implementation process to take place within
an organization. (2)
Pilot Conversion: - Where one site serves as a test site. A new system can be tried out at
this site until developers feel it can be implemented throughout the organization. (2)
Plunge/Direct Cutover: - Use the system immediately, and totally abandon the old system. (1)
Max. (5)
Page 1 of 3 pages
1.1 Weakness: The information technology control environment seems to be poor due to a
lacklustre attitude towards controls by the IT manager and the general manager. (1)
* In addition, it would appear that the IT Manager does not have the necessary skills and
competency to manage an IT department. (1)
 Kevin Starr is purported to have a negative attitude towards his job and responsibilities,
which also brings into question his commitment to competence. (1)
 Kevin Starr, the IT manager, is alleged to have ignored sound access controls by not
having the usernames of ex-employees’ cancelled upon dismissal. (1)
 Kevin Starr appears to allow non-IT staff (i.e. a “friend”) to be alone in the “server room”
and leaves the server room’s door open for any person to enter. (1)
(1)
 Mr David Dalumzi allows the utilisation of a generic password amongst sales staff.
1.2 Explanation:
1.2.1 Management not leading by example may result in other staff members, especially IT
staff, not taking controls seriously, opening possibilities for error and
misappropriation of company assets. (1)
1.2.2 IT management not having the necessary skills and competency may lead to
ineffective computerised controls and processes and the resultant possibility of
errors or irregularities occurring in the computer system. (1)
2.1 Weakness: There does not seem to be any IT steering committee or IT representation on
the board of directors. (Alt: the IT manager does not report to an IT steering committee). (1)
2.2 Explanation:
2.2.1 Without representation on the highest levels in the company, the company’s IT
functions might not achieve, sustain and/or enhance the company’s strategic
objectives (the business might “work against itself”). (1)
 In addition, without representation, the IT department may have inadequate
authority to assist it in promoting a strong control environment. (1)
3.1 Weakness: Reporting on IT- and security related matters takes place on a too infrequent
basis, leaving excessive control over IT matters in the hands of the IT department. (1)
3.2 Explanation: Infrequent reporting on IT matters/security issues may lead to incorrect or
uninformed IT/business decisions being taken by the IT manager and the effects of the
decisions/issues going unnoticed for too long. (1)
4.1 Weakness: All sales clerks log into the company’s financial application using the same
common username. (1)
4.2 Explanation: Inability to isolate responsibility to transactions captured on the system as
the system will allocate the general username to all transactions and not a specific username
of the staff member who was responsible for the transaction. (1)
5.1 Weakness: All sales clerks have logical write access to all modules on the system. (1)
(Alt: sales clerks have write access to the debtors masterfile).
5.2 Explanation:
5.2.1 Inability to enforce the “least privilege” principle through access tables/user profiles,
as the clerks have the ability to access information which they don’t necessarily
require for the performance of their duties. (1)
5.2.2 The risk exists that data might be changed or deleted without authorisation
(unauthorised access due to the write-enabled username). (1)
5.2.3 With access to all data, clerks might obtain confidential data on the financial
application (such as payroll information) which they aren’t privileged to see. (1)
6.1 Weakness:
 Passwords are generic (used by all sales clerks); (1)
 The password is not kept confidential (circulated through email); (1)
 Passwords might not be strong/secure enough. (1)
6.2 Explanation:
6.2.1 A generic password fails to individually authenticate users, resulting in an inability to
effectively enforce logical segregation of duties. (1)
Page 2 of 3 pages
6.2.2 Any unauthorised person (including IT staff) who gets access to the “password
email” (it appears to be easy to do so) would be able to gain unauthorised access
to the system should the person also carry knowledge of the common username. (1)
6.2.3 There is a risk that unauthorised people or automated hacking software may be able
to “guess” the password if the monthly passwords do not comply with strong
password controls. (Passwords are changed based on “staff member’s liking”). (1)
7.1 Weakness: usernames and passwords of ex-employees (including ex-IT staff) who have left
the employ of the company do not appear to be removed from the system. (1)
7.2 Explanation: The risk of access to the system by unauthorised persons is increased,
which may lead to manipulation or loss of data. (1)
8.1 Weakness: There is insufficient segregation of duties between the IT department and user
department, with IT staff having the ability to: (1)
* correct financial errors on the system (usernames appear on correction logs) and (1)
* executing financial transactions (by standing in for sales clerks). (1)
8.2 Explanation: The risk of unauthorised changes to financial data is increased as IT staff
may have the ability to more easily “hide their tracks” due to other system-level access
usually afforded to IT staff for the performance of their IT duties. (1)
9.1 Weakness:
There are weak physical access controls to the server room (“data centre”) as:
*The door to the server room stood open without any IT staff being present inside. (1)
* Non-IT staff is allowed to visit the data centre, seemingly for unwarranted social reasons. (1)
9.2 Explanation: The risk of destruction or theft of hardware/electronically stored information
is significantly increased, because it is easier for hardware to be stolen or access to be
gained to data via the mainframe in an unprotected data centre. (1)
10.1 Weakness:
* The IT manager’s office inappropriately doubles as the central processing facility (a
weakness regardless of the fact that a new data centre is being built). (1)
* The mainframe computer is situated on the floor and is not elevated. (1)
10.2 Explanation:
* Proper environmental protection and heat/humidity controls are unlikely to be effective
in a standard office. (1)
* In case of flooding, damage can result to the mainframe hardware/stored data if the
computer is not elevated. (1)
Available (38)
Max (28)
Part B a)
1. Screen Aids
1.1 The software of the sales module should enable the application of the “minimum keying in
of information” principle: (½)
 The clerk should only key in the customer number on the card supplied by the customer
and the quantities of items purchased should more than 1 item apply. (1)
 The sales module should be linked to the respective masterfiles in order to automatically
call up the standing debtor information, inventory code/description, and sales price. (1)
1.2 Extensive use of screen dialogue and prompts should be in place, i.e. the clerk should be
guided along the input process by means of warnings or confirmation messages. (½)
 The computer can for instance, prompt the clerk after input of all information to confirm
the accuracy of the information on the screen before proceeding. (1)
1.3 The software should enable the indication of mandatory (required) fields on-screen, e.g. (½)
 input cannot continue if the customer number has not been furnished by the clerk. (1)
1.4 The software can enable the “shading of fields” control, which will visually show a
restriction on the changing/adding of information to certain fields. (1)
Page 3 of 3 pages
2. Programme checks: Input

2.1 Validation/matching check should be in place where the input data is validated with pre-
existing, standing data in the masterfiles, (½)
 e.g. a customer code is validated against the masterfile to check whether the code
belongs to an account registered on the system. (1)
2.2 Limit checks should be in place to ensure that sales only take place within approved
quantitative limits, e.g. (½)
 credit sales cannot exceed the masterfile’s credit limit previously assigned to the
debtor’s account by the credit controller; (1)
 customers may not purchase more items than a pre-specified maximum should there be (1)
a buy-limit on specific items, etc. (2 marks max for two or more examples).
2.3 Reasonableness checks on the order quantity entered, e.g. (½)
 if the average historical order quantity of a stock item is 100, the computer will warn the
user if the quantity entered is e.g. ten times as high (1000). (1)
2.4 Format checks:
2.4.1 Alphanumeric check, to prevent the input of alphabetical characters where only (½)
quantities are allowed, e.g.
* First three characters of the account code are alphabetical; the last 3 are numeric. (1)
* Inventory quantities are only numeric. (½)
2.4.2 Size/range check, e.g. (½)
will detect if a debtor code does not contain at least 6 characters (only valid (1)
example).
2.4.3 Mandatory field/missing data check, e.g. (½)
to ensure that a zero quantity is not accepted for any items. (1)
2.4.4 Valid character/sign check, e.g. (½)
to ensure that negative order (stock) quantities are not accepted by the computer. (1)
Note: The controls of “screen formatted like hard copy”, “data approval check”,
“dependency check”, “check digit” and “sequence check” are not applicable to the scenario.
Available 18½
Max (12)
b) Amendments to the masterfile

1. All debtor change forms (DCFs) must be supported by a customer application (1)
(1)
form, pre-numbered, sequenced and cross-referenced to the DCF.
 All customer application forms as well as DCFs must be approved by Ann Moody (1)
(credit controller) with a signature before being sent for capturing to Ms Andiswa Bika.
2. All masterfile amendments must be automatically logged (on sequenced electronic logs) by
the computer. (1)
3. On a regular basis, Mr Emerson should review the logs to ensure that logged additions are
supported by suitable evidence i.e. application forms and a signed DCF. (1)
 Upon review, Mr Emerson should check the accuracy of the amendment against the
source documentation, paying particular attention to fields such as the debtor account
number. (1)
 He should check the numerical sequence of the logs themselves to ensure that the log
he is reviewing follows on the previous log he inspected. (1)
 He should manually sequence test the entries on the log in terms of the DCF numbers
to identify any gaps/cancelled DCFs (for follow up); (1)
 He should also note and follow up any unusual entries on the logs. (1)
4. Stationery controls should be in place over the issue of blank DCFs, e.g. the person
requesting the DCF should sign a stationary registers upon sign-out. (1)
5. On a regular basis, Mr Emerson should review the standing data on the debtors masterfile
to ensure the continued integrity of the data. (1)
Available (11)
Max (8)

17 SEPTEMBER 2010


Mr G Penning
Ms C Fourie

possible.
ANSWER BOOK
1 35 45 Book A
2 35 45 Book B
70 90
Page 1 of 5 pages
PART A (27
Marks)
You are a member of the audit team engaged in the 30 June 2010 year-end audit of Cool Candles (Pty)
Ltd, a manufacturer and wholesaler of glow-in-the-dark candles and other wax products. The company
operates from a warehouse located in Port Elizabeth and serves the whole of South Africa. Both retail
stores and curio shops frequently submit orders to Cool Candles (Pty) Ltd due to consumer’s high demand
for the company’s products.
For its debtors function, the company employees an order clerk, a data capture clerk and a credit
controller. All staff reports to the company’s financial manager. All sales are on credit.
You are presently evaluating the controls over the sales system and have obtained the following
information:
6. Debtor applications are reviewed by the credit controller, who allocates a credit limit to each customer
after performing a thorough background check. After approval by the financial manager, the debtors
are loaded onto the debtors masterfile on the company’s computerized financial system. Existing
credit limits on the masterfile are reviewed by the credit controller on a daily basis and a list is printed
of those debtors who have exceeded their credit limits.
7. The pricelist masterfile is updated by the financial manager on a daily basis. The latest prices of
each product sold can be viewed by customers on the website of Cool Candles (Pty) Ltd, which is
automatically updated from the pricelist masterfile in real-time.
8. All debtors who have successfully applied as registered customers are provided with the ability to
download order forms from the company’s website. Order forms contain a list of all available types
of products (with corresponding product codes). To place an order, a customer must fill in the desired
product quantities and fax the order form to Cool Candles (Pty) Ltd. Since products are manufactured
based on quantities demanded, it is not necessary for the company to run a back-order system.
9. At the commencement of each business day, the order clerk collects the faxed orders from the fax
machine and stamps them as “Received”. The company receives on average about 70 orders per
day. After writing a sequential order number on the orders, the clerk makes a photocopy of each
order. (Note that the faxed sales order serves the purpose of an internal sales order as well). The
faxed copy is filed and the photocopy is batched. Review of orders takes place by the sales order
clerk and credit controller before batching.
10. Batches are sent to the data capture clerk by midday, who then captures all orders onto the sales
ordering module by means of a computer terminal in her office. Captured orders are initially written
to a transaction file on the system and are then automatically updated to the debtors masterfile at
midnight.
YOU ARE REQUIRED TO describe the application controls which you would expect to find in respect
of the input of sales orders onto the sales ordering module (refer points 3 to 5 above).
Note: You are to ignore controls relating to amendments and additions to the debtors-, inventory-
and pricelist masterfiles.
(26)
Presentation:
(1)
Page 2 of 5 pages
QUESTION 1 continued
PART B (8 marks)
As part of your planning for the audit of accounts receivable of Cool Candles (Pty) Ltd, you have decided
to perform substantive audit procedures on the existence of trade debtors at 30 June 2010, by means of
a positive circularization on a sample of debtor accounts. The gross trade receivables balance in the
balance sheet at 30 June 2010 has been valued at R560 540, consisting of 243 debtors. The largest of
these debtors consist of retail chain stores, making up about 40% of the total monetary value of debtors.
Two types of debtors exist on the system, namely “chain stores” and “other customers”.
As you are knowledgeable in the use of “computer assisted audit techniques” (CAATS), you have
obtained permission from the management of Cool Candles (Pty) Ltd to extract its debtors age analysis
from the financial system for the purpose of your tests.
Data fields available on the debtor’s age analysis are:

 Debtor code
 Debtor name
 Type of debtor
 Address
 Outstanding balance split into ageing of balance (current, 30 days, 60 days, 90 days and over)
 Credit limit.
Debtor statements are printed on the 10th of each month and you have agreed with management that the
debtor statements for the 10th of July can be sent out with your confirmations.
YOU ARE REQUIRED TO describe how you would use your audit firm’s “generalised audit software” to
perform the year-end debtors circularization for the audit of Cool Candles (Pty) Ltd.
(8)
Page 3 of 5 pages
You are the senior-in-charge assigned to the audit of PE Agri Supplies (Pty) Ltd for the
financial year ended 30 September 2010 and you have obtained the following information
to date:
14. The inventory ranges from agricultural fertilizers to chemicals used in farming. A
perpetual inventory system is used to maintain records of all inventory movements.
15. The company has a large central warehouse in Port Elizabeth and two new
warehouses were opened since 1 January 2010.
16. The inventory value per warehouse is as follows:
30/9/2010 30/9/2009
LOCATION Estimate Actual
R R
Port Elizabeth 3 900 000 1 935 801

Kareedouw 500 000 -
Alice 50 000 -
R4 450 000 R1 935 801
17. During January 2010 it was decided to establish an internal audit department from
1 March 2010.
The company appointed Joe Farmer as the internal auditor of the company. He
reports to George Priest, the financial manager. Prior to his appointment as
internal auditor, Joe Farmer had been an administration clerk in the creditors
section. However, due to a restructuring of the creditors section his position had
become redundant, and his options were either to leave the company or accept the
newly created post of internal auditor. Although he has no formal training in
auditing, Joe Farmer is regarded as a competent and enthusiastic staff member who
could develop into a satisfactory internal auditor.
It has also been decided that, as internal auditor, Joe’s time would be optimally used
if he performs the duties of staff members in the accounting department who are
absent on annual or sick leave.
As a result of the newly created internal audit department, a final decision is yet to
be made on whether reliance can be placed on the work done by Joe Farmer.
Page 4 of 5 pages
18. In planning for this year’s inventory count the financial manager provided you with a
document on how the inventory count was performed for the 30 September 2009
year end.
TO: SENIOR-IN-CHARGE of PE AGRI SUPPLIES (PTY) LTD’S AUDIT

FROM: G PRIEST - FINANCIAL MANAGER
RE: INVENTORY COUNT PROCEDURES FOR THE YEAR ENDED
30 SEPTEMBER 2009.
DATE: 14 SEPTEMBER 2010
I don’t know if you are aware of the following:

- Last year’s inventory was kept in a single warehouse in Port Elizabeth;
- some inventory items are packaged in sealed boxes or cartons; and have an
expiry date printed on the side of the bag.
The procedures followed at the 2009 inventory count were as follows:
6. The count took place on the afternoons of 29 and 30 September 2009 (between 14:00
and 16:00) due to the availability of counting staff. This worked out well because we
could continue with business as usual in the mornings.
7. The inventory count was conducted by the warehouse employees who are usually
responsible for the picking of goods to fill orders. A week before the count, I had a
quick meeting with them to explain the areas that they were responsible for.
8. The accountant, Peter Makaba, printed numerically sequenced inventory sheets from
the perpetual inventory system. He was responsible for handing the sheets to the
counters and also receiving them back after the count. He made sure that all the
sheets were signed by the count team and were returned at the end of the count.
9. Peter then compared the quantities per the count sheets (as counted by the count
team) to the quantities per the perpetual inventory system. If a difference arose, he
sent a team to count the goods for a second time. Any remaining discrepancies were
captured onto an inventory adjustment form. Peter processed a journal entry for the
total value of these items to write off the inventory losses.
10. I was on leave at the time and therefore I could not attend the inventory count. I
did however review the inventory reconciliation and the journal related to the inventory
losses when I got back the next week. The losses amounted to R300,000 which was
quite significant in relation to the value of our closing inventory at that stage.
Kind regards.
G Priest
Page 5 of 5 pages
(c) Identify weaknesses in the inventory count procedures performed in the 2009
financial year and explain the consequences thereof to the financial manager.
Answer in tabular format as follows:
(20)
(d) Explain fully with respect to the information provided whether reliance on the work of
the internal audit department would be justified for the 2010 external audit of PE Agri
Supplies (Pty) Ltd. (15)
AUDITING 3
RO302/RO352
TEST 2
17 SEPTEMBER 2010
SUGGESTED SOLUTION
Page 1 of 6 pages

PART A
PREPARATION OF SOURCE DOCUMENTS (SALES ORDERS)
1. Access to order forms on the company’s website should be strictly controlled through the
use of logical access controls, by providing each customer with a unique user ID and (1)
password.
2. All order forms available to customers on the company’s website should be in a standard (½)
format in order to support its authenticity. (validity)
2.1 The order forms downloaded by each debtor from the company’s website should be
pre-populated with the debtor’s code and name. (validity) (1)
2.2 Upon collection of the orders, the order clerk should ensure that the order is based
on an acceptable (valid) company order form. (validity) (1)
3. Prior to batching the orders, the sales order clerk should ensure that no debtors have
exceeded their credit limits by referring to the list of debtors who have exceeded their credit (1)
terms. (validity)
3.1 Any debtor appearing on this list should be referred to the credit controller. (½)
(validity)
4. In the event that there are any discrepancies on the order form with regards to product
codes and descriptions (i.e. manual changes made by customer), the debtor should be (1)
phoned for follow-up.
5. To isolate responsibility, the sales order clerk should sign each sales order before it is (1)
photocopied. (validity)
6. The credit controller should review each order and approve it through a signature on the
order (before being photocopied and batched). (validity) (1)
BATCHING OF SOURCE DOCUMENTS (SALES ORDERS)
7. The order clerk should batch the sales orders for the day by:
7.1 grouping the orders into workable batches of e.g., 35 each (½)
7.2 checking the sequence on the orders for completeness (½)
7.3 create (practical) control totals per batch, e.g. a record count and hash total, e.g.
total of items ordered. (completeness) (1)
7.4 completing a batch control form (batch control sheet) which reflects (½)
 a unique batch number, (½)
 the date of the orders, (½)
 batch control totals, (½)
 transaction type: sales orders, (½)
 signatures of preparer /reviewer. (½)
7.5 perform a test on the accuracy of manual sequence-numbering by subtracting the
total orders in the batch from the last order number allocated and comparing the
answer with the last order number of the previous day. (1)
8. All batches should be entered into a batch register which should accompany the batches
to the data capturer. (completeness) (1)
9. On receipt of the batch register and batches, the capturing clerk should check the
batches against the register and sign the register to acknowledge receipt. (1)
(completeness and accuracy)
Page 2 of 6 pages
CAPTURING OF BATCHED SOURCED DOCUMENTS (SALES ORDERS)
10. On commencing the keying in of batches, the capturing clerk should enter the details of
the batch from the batch control form, e.g. batch number, hash total (if applicable) and
record count, in order to create a batch header label. (completeness) (1)
11. Access to the function for keying in orders on the computerized financial system should
be: (validity)
11.1 restricted to the capture clerk’s terminal, by terminal identification and
authentication controls and (1)
11.2 to the capturer herself, by the use of user IDs and passwords. (write-access) (1)
11.3 Passwords should be:
 at least 6 characters long,
(½)
 be changed regularly, (½)
 consist of alphanumeric characters. (½)
12. To enhance the accuracy and completeness of data of the ISO, there should be a number
of screen aids in place:
12.1 minimum keying in of data e.g. the capturing clerk should not have to capture all of
the customer’s details or a description of the goods; the keying in of the customer’s
account number and product code should call up all related detail from the (2)
masterfile;
12.2 the screen should be formatted to look like a sales order; (1)
12.3 there should be screen dialogue and prompts; (1)
12.4 there should be mandatory fields, e.g. processing cannot continue unless a
customer order number is keyed in. (1)
13. To enhance accuracy, completeness and validity, there should be a range of programmed
checks:
13.1 validation of customer account number and product codes against the masterfiles; (1)
13.2 alphanumeric checks on, for example, the quantity field; (1)
13.3 missing data on customer order (can be detected by mandatory field check); (1)
13.4 sequence test on sales orders by batch (and to previous batch). (1)
14. After each batch has been keyed in, the computer will calculate the applicable control
totals from the ISOs entered and will compare them to the control totals on the batch
header label. Where the totals do not agree, the batch will be rejected for checking,
correction and re-entry. (accuracy and completeness)
(2)
Available: (32)
Max: (26)
Presentation: (1)
Page 3 of 6 pages

PART B
PERFORMANCE OF DEBTORS CIRCULARISATION BY USING GAS
1. On the 10th of July 2010, I would take control of all debtors’ statements immediately after
they have been printed and:
1.1 use generalized audit software (GAS) to extract a debtors listing/age analysis from
the debtors ledger. (1)
1.2 use GAS to cast the age analysis (in order to agree the total to the balance in the
debtors control account in the general ledger and trial balance). (1)
2. Using GAS, I would stratify debtors by: (1)

2.1 type of store (“chain” and “other”) (½)
2.2 ageing (½)
2.4 value (½)
3. I would then use GAS to select a representative sample of debtors for circularization,
taking into account the above stratification so as to ensure adequate coverage of: (1)
3.1 all chain stores and a smaller sample of “other customers”; (½)
3.2 long outstanding debts; (½)
3.4 larger balances, particularly those of the retail chain stores. (½)
4. For the sample selected for circulation, I would:
4.1 Use GAS mail merge facilities to print a letter to each debtor, requesting that the
debtor confirm his/her outstanding balance directly with my audit firm. (1)
5. GAS should then be used to record errors identified through the circularization and project
them over the entire population of debtors, to establish the extent of possible misstatement
of the overall debtors balance. (1)
Available: (10)
Max.: (8)
Page 4 of 6 pages
a)
Preparation and planning of the
count was not adequate
1. Having the count over two afternoons (1) Due to receiving and dispatch activities (1)
(with normal operations in the morning) taking place in the mornings, problems
is not sensible due to the movement of can be encountered with the count as
inventory. counters are unsure of whether items
should be included in the count
quantities or not (if delivered after the
cut-off) or whether the discrepancies
identified during the count relate to
actual sales that occurred after the
count sheets were printed etc.
2. Composition of the counting teams is (1) If pickers have been involved in (1)
inadequate (done by the pickers). misappropriating inventory they are now
Whilst knowledge of the product is in a position to hide any shortages by
important, counting should be done in having the perpetual inventory records
teams, one of whom should be amended (amendments were done
independent of the warehouse function. without authority or investigation).
Count instructions
3. No written instructions were prepared Count teams may forget some of the (1)
for the count, therefore the count teams instructions given to them especially if
might not know how to deal with: (1) taking into account the fact that the
 expired/damaged items identified meeting took place a week before the
during the count; (½) count.
 problems encountered during the
count and how these should be (½)
resolved.
The count itself was inadequately

conducted
4. Inventory was counted only once, no Errors in count totals not detected.
recount by another counter when a (1) Therefore there may be errors in the (1)
discrepancy identified. final quantities updated into the
accounting records and also the journal
related to the inventory losses.
5. There is no method of identifying (1) Inventory items may be (1)

inventory items which have been  double counted
counted, e.g. the sticker, tag or chalk  omitted from the inventory count.
system.
6. No identification and recording of (1) Errors in the value and quantities of (1)
expired or damaged inventory. stock in the accounting records if items
are not adjusted to the net realizable
value.
7. Peter – acting as the count controller – (1) There is no way of ensuring that all
did not walk through the warehouse inventory items on the floor have been (1)
once the count was complete. counted.
8. No procedures were conducted to (1) Items that were received after the cut- (1)
ensure that goods received or off time could have been included in the
dispatched during the count were count totals and vice versa, resulting in
properly accounted for. the overstatement of inventory and
profits.
9. The inventory count was inadequately (1) As the financial manager was on leave (1)
supervised. The financial manager there was nobody to ensure the
was unavailable during the inventory inventory count instructions were
count. followed, which could lead to an
inaccurate inventory count.
10. No test was performed by opening (1) Inventory quantities may be incorrect (1)
some of the boxed items to ensure that (because it might be based on
the content matched the description on description per the packaging).
the box.
Page 5 of 6 pages
11. Peter did not record the “cut-off” (1) Items that were received after the cut-off (1)
numbers of documents (particularly numbers could have been included in
important in view of the movement of the count totals and vice versa.
inventory during the count).
12. Peter captured the inventory losses (1) Incorrect items could be updated into the (1)
without authorization from an accounting r ecords, items written off
independent senior person e.g. the without authorization, items written off
financial manager. without investigating the reasons or
supporting documentation.
Possible: 25
Max. 19
Presentation 1
Page 6 of 6 pages
(b) 1. Objectivity, including organizational status (½)

1.1 Status of the internal audit function
 the department consist of a single individual whose qualification is
questionable for an internal auditor as his background is that of a (1)
creditors clerk.
 It is preferred that the internal audit department report directly to those
charged with governance, like the board of directors or the audit (1)
committee or somebody not linked to the financial function. (1)
 Joe Farmer reports to the financial manager, which is not
acceptable (1)
 The financial manager is likely to instruct Joe Farmer on exactly
what he must do (remember Joe Farmer is in effect a creditors (1)
clerk).
 The financial manager has the power to block/control any adverse (1)
findings by Joe Farmer.
 The internal auditor should be free of any conflicting interests (1)
- Joe Farmer assists with operational matters when staff is absent,
which is a conflict of interest
Scope of function (½)
1.2  An internal department should have its own terms of reference. (1)
- None of this appears to be present in this internal audit department (1)
 No indication of any risk assessment performed by the internal audit (1)
department.
Technical competence (½)
1.3 Joe Farmer does not have the necessary technical skill and competence
for us to rely on his work at this stage. (1)
 He has no formal training in or theoretical knowledge of auditing and (1)
 has no experience as an auditor of any kind. (1)
 Although regarded as competent (and enthusiastic) with regard to his
creditors responsibilities, this is no substitute for auditing knowledge
and the capability to carry out and understand routine or sophisticated (1)
audit techniques.
Due professional care (½)

1.4 Whilst there is nothing to suggest that Joe Farmer will be “careless” in his
work, his general lack of knowledge and experience is likely to result in
assignments which do not reflect the necessary level of due professional (1)
care in planning and execution.
Communication (½)
1.5 In order for the internal audit department to be of any value to the external
auditor the internal auditor should be able to freely communicate with the (1)
external auditor.
 As Joe Farmer is not properly qualified to be an internal auditor and
reports to the financial manager, it is highly unlikely that Joe Farmer (1)
will be able to freely communicate with the external auditor.
In Conclusion
1.6 It will not be possible to rely on the work of the internal audit department
as indicated in the discussion above. (1)
Available: (20½)
Max: (15)

14 OCTOBER 2011

Mr G Penning
Ms C Fourie
possible.
ANSWER BOOK
MARKS MINUTES
QUESTION 3 25 32 Book C
70 90
Page 1 of 5 pages
You are an internal auditor employed by WoolMart Ltd, a large retailer of clothing apparel. As part
of WoolMart Ltd’s corporate social responsibility program, it has recently started a project called
“The Clothing Factory”. The project aims to stimulate entrepreneurship whereby small business
owners (“merchants”) can buy apparel from The Clothing Factory at wholesale prices for distribution
to retail
customers.
You have been tasked with the responsibility to establish the internal controls in the Revenue and
Receipts cycle of The Clothing Factory. The following system has been proposed:
7. Business owners wishing to register as merchants with The Clothing Factory must complete an
application form in the presence of a project representative trained in the National Credit Act
and in dealing with start-up and small business owners. Background checks are performed to
establish the legitimacy of a merchant’s business intentions. If successful, a merchant is issued
with a store card containing his/her personal and business details.
8. Merchants are allowed to purchase clothing apparel only in store, from one of The Clothing
Factory’s depots. Items are selected by the merchant from the warehouse floor and then taken
to a special holding area first. The store man at the holding area issues the merchant with a
warehouse slip, indicating all items selected. The items are retained in the holding area and not
issued until the merchant returns with an invoice and corresponding receipt. To obtain an
invoice, the merchant must proceed to a sales clerk who will issue the invoice.
9. The sales clerk calls up the merchant’s details from the company’s fully computerized financial
system on screen. Using the warehouse slip, the clerk then enters all items selected by the
merchant onto the sales invoicing module of the system, where after a customer invoice is
generated.
10. Merchants must proceed with their invoice to a cashier for payment. Merchants can
choose whether they want to pay for all items in full for immediate collection from the warehouse
or pay a 50% deposit for collection within 30 days. The latter allows for the reservation of items
for which merchants typically do not have immediate storage space at their own stalls or
premises.
11. Should a merchant choose to only pay a 50% deposit for future collection of invoiced
items, an “Item reservation” (IR) document and a receipt for the payment of the deposit is
generated by the cashier. When the merchant returns to The Clothing Factory for subsequent
collection of the items, the balance of the outstanding amount first needs to be paid before the
reserved items can be removed from the warehouse.
12. No back-order facility exists due to the nature of the project.
YOU ARE REQUIRED TO describe the controls that should be implemented in The Clothing
Factory project to ensure the following objectives are met:
c) Invoice details captured onto the computerized system by the sales clerk are valid, accurate
and complete. (20)
d) Clothing apparel subject to “item reservation” are appropriately identified and issued to
merchants. Do not deal with physical access controls to the holding area or warehouse.
(4)
Presentation: (1)
Page 2 of 5 pages

MINUTES)
You are the senior in charge of the audit of Famous Toys (Pty) Ltd. The company’s financial year
is on 31 October 2011. The company is required by its Memorandum of Incorporation to have its
financial statements audited. You are currently busy planning the audit for the inventory and
production cycle.
You have obtained the following information regarding inventory:
8. Famous Toys (Pty) Ltd has a large warehouse.
9. All toys are stored in boxes which are arranged in parallel rows. All the boxes are sealed with
the label visible which contains details of the manufacturer and type of toy.
10. The company accounts for inventory on a periodic basis.
11. Christa Maxima, the warehouse manager, has a staff of five warehouse clerks reporting to her.
12. During September 2011 all inventory in the warehouse had to be moved due to the installation
and testing of a new fire extinguisher sprinkler system. Unfortunately when the inventory was
put back on the shelves, many boxes were returned to the incorrect sections.
13. The previous senior in charge of the audit informed you that a properly organised and
conducted inventory count should be completed in about eight hours and that the “tag system”
is not necessary or recommended.
14. The financial director has instructed that no orders be despatched on the day of the inventory
count, but that all deliveries from suppliers be accepted.
You have also received the following internal memorandum from the client’s financial manager, John
Player, regarding the inventory count to be conducted, for your comment.
MEMORANDUM
To: All staff involved in the inventory count

From: John Player - Financial Manager
Date: 10 October 2011
Subject: Inventory count
7. The inventory count will take place on Monday 31 October 2011 from 08:00 to 17:00.
8. Miss A Leslie, the Accountant, will be in charge of the inventory count. Chris Maxima, the
warehouse manager, will be available to assist the inventory counters during the count.
9. The following staff members from the accounting department should count the inventory
in the identified section of the warehouse:
Toy Smal North store

Jack Legos West store
Ray Macano South store
Mila Dolls East store
Page 3 of 5 pages
10. Christa Maxima, please do not forget to record last document numbers for all source
documents (including goods received notes, invoice and delivery notes) on Monday 31
October 2011 before the count commences.
11. Iris Crusher, (the financial director’s secretary) will you please order four examination
pads from stationery to use as inventory sheets. Also purchase some carbon paper so
that we can give the auditors a copy of the inventory sheets once the count is complete.
12. Will those responsible for counting inventory (see 3 above) do so in the following
manner:
6.1 Write down the details from the labels on the box and the quantity of identical
boxes.
12.2 Sign your inventory sheets on completion of the count.
12.3 All inventories should be counted twice. One member of a team counts and the
other records, swopping roles thereafter and performing a second count in the
same section to which they were assigned.
12.4 As boxes are counted they should be neatly marked by the counters. Second
counters should use a different coloured marker.
I know that the warehouse is still in a bit of a mess due to the installation of the new
sprinkler system, but the inventory is roughly in its correct location by style category.
Just move through your section systematically when you are counting.
This memorandum will be my last official communication concerning the inventory count but if
you wish to discuss any aspect of the count, please contact me.
Signed:
John Player
Write a letter to John Player detailing those additional control procedures which should be
addressed in the inventory count instructions to ensure a successful inventory count. (20)
Page 4 of 5 pages

MINUTES)
You are the senior in charge of the audit of Food Distributors (Pty) Ltd for the year ending 30
November 2011. The audit manager has requested you to document the payroll system as the
salaries expense has been steadily increasing during the 2011 financial year, but management
cannot explain why.
You have documented the following payroll system from your discussions with the client’s
management and staff:
6. The company has three divisions, namely, buying, sales and financial administration. In total,
about 250 staff are employed.
6.1 Each division has a manager which reports directly to the CEO, Bo Kamula.
6.2 Authority for appointments and dismissals and remuneration packages rests with the
manager of each division.
6.3 Each division has a secretary who reports directly to the divisional manager. The
secretaries maintain the personnel records for their division and advise Joe Masters,
the salary administrator, of any changes (new employees, dismissals, incentives,
bonuses and salary increases) which effect the monthly salaries, using the division’s,
unnumbered internal memos.
7. Computerised payroll records are maintained using a reliable purchased software package
which Food Distributors (Pty) Ltd has operated successfully for a number of years. Joe
Masters is responsible for producing the monthly payroll report. Every month, Joe Masters or
one of his clerks, enters the necessary amendments per the memorandums received from the
division secretaries, prior to processing the payroll for the month. The resulting monthly
payroll report details:
 Each employee’s gross salary, deductions and net salary;
 Monthly totals of gross salaries, deductions and net salaries; and
 Cumulative year-to-date totals of gross salaries, deductions and net salaries.
Joe Masters is concerned that his clerks are not performing the task of processing payroll
amendments conscientiously enough as it is rare for a month to go by without someone raising
a payroll query that ends up relating to errors or omissions in the processing of recent payroll
amendments. Unfortunately, he has not, as yet, managed to pinpoint the clerk or clerks who
are at fault, as they all claim not to remember having personally processed the amendments
he has queried.
Joe Masters prints every month only one copy of the payroll (he is the only person that is
allowed to print the payroll and the application profile has been set up that he is the only person
that can print a payroll from his terminal).
8. The monthly payroll is handed to Clare Mini, the cash book clerk.
8.1 Clare Mini loads all the payments to staff and other parties onto the Electronic Funds
Transfer (EFT) payments system (like SARS, Medical Aid and Pension Fund). Once
she has loaded all the EFT’s she prints an EFT list of all payments to be made, and
compares it to the monthly payroll and signs as having done the test.
8.2 Clare Mini requests Joe Masters to be first approver to authorize the EFT’s. Before Joe
Masters authorises the EFT’s on the only designated terminal for payroll payments, he
compares the EFT list to the monthly payroll and signs the list as having done so.
Page 5 of 5 pages
8.3 Finally, Bo Kamula, the CEO, approves the EFT’s for payment by also comparing the
EFT list to the monthly payroll and signing the list. Once satisfied that all the EFT’s
agree to the monthly payroll, Bo Kamula releases the EFT’s for payment.
8.4 All the necessary logical access controls are in place for EFT’s and operate effectively.
3.5 Sound controls are in place over the preparation, loading and execution of EFT’s and
operate effectively.
9. Joe Masters prints all the salary slips for each employee and the employees sign a monthly
salary slip register as having received the salary slip.
10. Every month Joe Masters transfers the exact amount of the payroll to a separate salaries
bank account. Joe Masters reconciles the salaries bank account every month.
YOU ARE REQUIRED TO identify the weaknesses in the salaries system of Food Distributors
(Pty) Ltd and recommend appropriate improvements.
AUDITING 3
RO302/RO352
TEST 2
14 OCTOBER 2011
SUGGESTED SOLUTION
Page 1 of 7 pages
a) Invoicing application controls
Validity
1. At the entrance of each depot, security guards should ensure that only persons with
store cards are provided access to the warehouse. (1)
2. Access to the computer terminals from which invoices are generated should be
accessible only to the sales clerks responsible for invoicing, e.g. in secured cubicles to
which customers do not have unrestrained access. (1)
3. Access to the sales invoicing module should be restricted to only sales clerks, through
the use of usernames and passwords. (1)
3.1 Sound password controls should be in place, e.g. minimum six digits,
alphanumeric, changed regularly, kept confidential, user logged-out if incorrectly
entered 3 times, logs of access violations monitored, etc. (½ per valid example (2)
– max 2)
Max physical and logical access controls: (5)
4. Merchants should show their store cards to the sales clerk upon submission of a
warehouse slip and the store card details should be used to access the merchant’s (1)
profile on screen.
4.1 Further authentication of the merchant should take place by means of the clerk
asking the merchant to provide pertinent details of his/her account as per the
masterfile information. (1)
5. On entry of the merchant’s number, the system should search the merchant masterfile
to establish the existence of the account (valid number check). (1)
5.1 Sales order clerks should not have write-access to the merchant, pricelist or
inventory masterfiles, but read access only as needed. (1)
6. The warehouse slip on which the invoice is based, should be stamped and signed by
the store man (to ensure order clerks capture only authorized warehouse slips). (1)
7. Upon entering the items as per the warehouse slip, the system should check the validity
of the product codes against the inventory masterfile. (valid code check) (1)
8. The system should also check the credit availability of the merchant after the current
invoice details have been entered. (1)
8.1 If the credit limit of the merchant has already been reached even before the
invoice is generated, the system should warn the sales clerk when the
merchant’s profile is initially called up. (1)
8.2 If the credit limit is exceeded, or if there is a “hold/restriction” on the account, the
order should not be accepted and the merchant should be informed. (1)
8.3 Credit overrides should be restricted to the credit controller either via his/her
computer terminal and/or username and password. (1)
8.4 All overrides should be printed on an audit trail, including the “reason codes”, for
regular review by a senior staff member. (1)
9. Accuracy
To enhance accuracy, there should be a range of programmed edit checks when the
sales clerk enters an order, such as: (½)
9.1 alphanumeric checks on all fields (½)
9.2 echo check on product codes and merchant number (user confirms correctness) (½)
9.3 field size check on product codes and merchant number (½)
9.4 sign check on inventory quantity field (½)
9.5 minimum keying of data to minimize errors (½)
Max 2 programme edit checks (2)
10. The use of screen dialogue, e.g., error messages should be displayed when errors are
detected after performing the above-mentioned edit checks (1)
Page 2 of 7 pages
11. The system should automatically price the products invoiced based upon product price
rules stored in the pricing masterfile. (1)
11.1 Price overrides should be restricted to a managerial staff member/supervisor via
his/her terminal or username. (1)
11.2 All price overrides should be reported on a price override audit trail which should
be reviewed by the financial controller. (1)
12. Once the invoice details have been captured, a “confirmation screen” should appear
containing pertinent details of the invoice particulars as entered. (1)
12.1 The sales clerk should request the merchant to first check all information on the
invoice and both persons should sign a printout as confirmation of acceptance. (1)
Completeness
13. The sales clerk’s terminal screen used for generating invoices should be formatted in a
manner that will facilitate the capturing of all the invoice details from the warehouse slip.
(This control also contributes towards the accuracy of input – mark can be awarded
under accuracy as well). (1)
14. Appropriate use should be made of screen prompts to ensure that all data is captured. (1)
15. Missing data checks should be in place to ensure that invoices are not accepted until all
fields have been completed. (1)
16. A daily exception report of long outstanding collections in a “pending collection” file
should be generated for review and follow up by a designated staff member of all items
reserved by merchants, but not yet collected. (1)
17. A security guard should check all goods leaving the warehouse or premises, by
comparing the receipt(s) of the customer with the actual goods being taken (to ensure
no goods are removed for which no sales invoice has been raised). (1)
Possible: (29)
Max: (20)
b) Subsequent issue of items to merchants: validity

1. When a merchant has paid the 50% deposit for reserved items, the corresponding Item
Reservation (IR) document should be flagged on the system module used by the store
man, as confirmation for release of the items from the holding area to a safe storage (1)
room.
2. A copy of the flagged IR document should be generated by the store man for sequential
filing per IR number in a pending file. (1)
3. When a merchant arrives at the warehouse for subsequent collection of previously

invoiced items, the merchant should provide the store man with a copy of both receipts (1)
(for the deposit and payment of the balance) and IR document, for comparison with the
store man’s sequentially filed copy of the IR document. (1)
4. After receiving the items, the merchant should be requested to sign an issue note
(document to release items) as proof of collection and having checked that the items
are those initially invoiced. (1)
4.1 Once the items have been issued, the store man should cancel the Item
Reservation document on the system (to avoid duplicating the issue of items / to (1)
avoid disputes with merchants).
4.2 The signed issue note should be attached to the cancelled Item Reservation
document and filed in order of the Item Reservation document. (1)
Possible: (7)
Max: (4)
Presentation Question 1: (1)
Page 3 of 7 pages

AUDITORS LETTERHEAD
John Player
Famous Toys (Pty) Ltd
P O Box 555
PORT ELIZABETH
6000
(1)
Dear Mr Player
Comments as requested on the memorandum detailing inventory count instructions
Thank you for giving me the opportunity to detail the matters which need to be brought to your
attention to ensure a successful inventory count. I hope that my comments, which follow, will (1)
be of assistance when finalising your instructions to staff involved in the count:
Preparing the Warehouse

1. 1.1 Prepare the warehouse so that all toy categories are placed in the correct section.
The problems caused by the installation of the new sprinkler system must be (1)
resolved between now and the count date.
1.2 Mark any damaged boxes clearly so that their details can be recorded on the (1)
inventory count sheets.
1.3 Identify any boxes which may have been opened. (1)
1.4 Draft a plan of the warehouse to which your planning memorandum can be
referenced (Maxima should number all the rows within each section as well). (1)
Inventory Count Sheet Design

2. I suggest that as the inventory sheets are very important, Christa Maxima compile
printed, pre-numbered inventory sheets which
2.1 Reflect the item inventory number, the toy category and the quantity of items per (1)
box.
2.2 Contain columns to record the first and second counts and differences between (1)
counts.
Control of Inventory Count Sheets

3. Staff should be required to sign a register (which should remain in Maxima’s custody)
when collecting and returning their inventory sheets from Maxima. (1)
4. Sequence checks on all count sheets should be conducted by Maxima, both before
issued and after they have all been returned, to ensure that they are all accounted for. (1)
5. The counters responsible for the count sheets should:
5.1 Draw lines through the blank spaces on all inventory sheets, and (½)
5.2 Sign each count sheet and all alterations. (½)
6. There is no need for you to use carbon paper as we will make photocopies of the final
inventory count sheets before we leave your premises, after the inventory count. (1)
Count Teams and Method of Counting

7. Each count team should consist of two members of staff. Toy Smal, Jack Legos, Ray
Macano and Mia Dolls should each be assigned one of the five warehouse staff (1)
members.
8 All teams should be given a plan of the warehouse which should clearly demarcate the
rows of shelving for which they are to be held accountable. (1)
Page 4 of 7 pages
9. Where count teams identify damaged inventory or inventory in an area of the warehouse
which appears unused/ excessively dusty, these inventory items must be marked as
such on the inventory sheets. (1)
9.1 The contents of boxes where the packaging appears to have been tampered
with, should be counted and the details noted on the inventory sheet. (1)
9.2 A few boxes should be selected at random in each section and the contents
compared with the description on the label to confirm that the contents have not
been changed/ removed and the seal replaced. (1)
10. Leslie Maxima should:
10.1 Walk through the warehouse once the count is complete and make sure all the
boxes have been marked twice. (1)
10.2 Examine the inventory sheets to make sure that first and second counts are the (1)
same.
10.3 Instruct the count teams responsible for sections where discrepancies are
identified, to recount the inventory items in question. (1)
11. It should be made clear to all count teams that they will only be formally dismissed once
the count is complete and all queries have been attended to. (1)
12. Any inventory received after the count has begun, should be stored separately until the
count is complete and must not be put into the shelves. (1)
 This inventory must be counted and added to the inventory sheets after the
(1)
count is complete.
Supervision
13. You have stated that the memorandum is your last official communication. However, it
is essential that you schedule a planning meeting prior to the count to ensure that count
parties and support staff are clear on their roles. (1)
I trust that the above comments will assist you in compiling a comprehensive memorandum to
staff members that will leave no doubt in their minds as to what is required of them at the
inventory count.
(1)
Should you require any further assistance please do not hesitate to contact me.
Yours faithfully
Auditor’s signature.
Available 25
Max. 20
Page 5 of 7 pages

WEAKNESSES RECOMMENDATIONS
PERSONNEL FUNCTION
1. The personnel function is not 1.1 A properly staffed, specialized
centralized into an autonomous, personnel division should be
adequately staffed division. (1) established, as human resources in a
- Managers are solely responsible company of this magnitude (250
for appointments, dismissals and employees), cannot be adequately (1)
remuneration packages. (1) 1.2 managed otherwise.
The personnel division should be
- The managers concerned are responsible for:
unlikely to have expert knowledge - The implementation of all
of the legal and administrative (1) engagements, dismissals and (1)
complexities of human resource salary packages.
management. (1) - Maintenance of all personnel (1)
- The secretaries maintain personnel 1.3 records, e.g. employment
records. contract.
Staffing requirements and salary
packages should be planned and
budgeted by the personnel division in (1)
1.4 consultation with the managers of
each division.
Final approval for staffing plans and (1)
budgets should be obtained from Bo
Kamula prior to their implementation.
PAYROLL PREPARATION AND

ACCOUNTING
Masterfile Amendments
The weaknesses indicated in (2) – (4)
below, result in invalid, inaccurate and
incomplete mastefile amendments.
2. Unnumbered internal memorandum 2.1 Pre-numbered payroll amendment
forms are used to advise of forms should be used for all payroll
engagements, dismissals or other masterfile amendments. (1)
masterfile amendments (1)
(completeness).
3. These masterfile amendments are 3.1 Payroll amendment forms should
generated by the secretaries and do always be authorized by the
not appear to be authorized by the (1) manager of the division concerned
managers. (validity). and the personnel manager. (1)
4. Payroll amendments are processed by 4.1 Access to the payroll amendment
Joe Masters or one of his clerks and function should be restricted to Joe
not subject to any checks that the Masters only, through use of user
masterfile amendments have been (1) ID’s, strict password controls and
captured correctly. (completeness, appropriate access control (1)
accuracy and validity). tables/user profiles.
4.2 Automatic program checks should be
carried out on payroll amendments
as they are entered , e.g.
- Range/ limit checks on salary
scales for different grades of (1)
employee
- Sequence checks on amendment
form numbers to identify (1)
duplications and omissions.
4.3 Payroll amendments should
automatically be logged by the (1)
system.
4.4 The log of payroll amendments
should be subject to strict access
control: (1)
- It should be a read-only file
- It should be accessible only to
Bo Kamula and only from her
terminal, using the access (1)
control techniques referred to in
4.1 above.
Page 6 of 7 pages
4.5 Bo Kamula should regularly review

the log of payroll amendments and
reconcile it with the relevant
authorized payroll amendment forms (1)
to ensure:
- Only authorized (½)
amendments have been
made (validity) (½)
- All authorized amendments
have been made (½)
(completeness)
- All amendment details have
been accurately captured
(accuracy).
PAYROLL PAYMENTS AND

RECORDING
5. No review system prior to approving 5.1 The payroll should be split into the
the payroll. (1) three divisions and each of these
should be handed to the relevant (1)
division managers.
5.2 Each manager should sign his/her
section of the payroll after scrutiny
and reperformance to ensure: (1)
- All names are those of bona fide
employees in the division (½)
- Payroll computations and
amounts appear to be correct. (½)
- Payroll details reconcile with
personnel records. (½)
5.3 All sections of the payroll should
then be passed on to Bo Kamula
who should authorize each after:
- reviewing it for evidence of the
manager’s checks (see 5.2 (1)
above)
- Comparing the total payroll (1)
amount to the budgeted
amount.
- reconciling the total to that of the
previous month, after taking into
account relevant payroll (1)
amendment forms for the current
month (identified from the log
– sec 4.3).
6.1 Secretaries 6.1 The introduction of a personnel

- distribute salary slips function and implementation of
- have access to payroll masterfile amendment controls
amendment forms would resolve the lack of (1)
- which amounts to poor (1) segregation of duties.
segregation of duties.
Page 7 of 7 pages
PAYROLL DEDUCTIONS, PAYMENTS

AND RECORDING
7. No procedures appear to be in place 7. An accounting clerk who is
to control the validity, accuracy and (1) independent of other payroll (1)
completeness of payroll deductions. functions, should carry out random
checks on deductions calculations to
assist in ensuring:
- that calculations appear to be (1)
correct e.g. PAYE
- that deductions are authorized
e.g. in terms of PAYE tables,
medical aid or pension fund (1)
requirements or garnishee
orders.
Reviews and Reconciliations

8. No reviews or reconciliations appear 8.1 The “Salaries bank account” should
to take place after salaries have been (1) be reconciled to the relevant bank
paid. statements each month by Joe (1)
Masters.
8.2 Bo Kamula should perform monthly
reviews to ensure
- that the “salaries bank a/c” is
reduced to nil soon after month (1)
end.
- bank reconciliations are
satisfactorily performed and that (1)
there are no unusual reconciling
items.
Available: 40
Max: 24
Presentation: 1

13 OCTOBER 2012

Mr G Penning
Ms K Belcher
Ms C Fourie
possible.
NOTE : This paper consists 2 questions on 5 pages (excluding cover page).
MARKS MINUTES ANSWER BOOK
70 90
Page 1 of 5 pages
Your firm was appointed in July 2012 as auditors for Grogo Manufacturing (Pty) Ltd (Grogo)
for the year ended 31 August 2012. This is the first time that Grogo will be audited as during
the past financial year the company’s public interest score has increased from 210 to 425.
You have been assigned to the audit of inventory. The following pertinent information is
relevant to the audit of inventory.
1. The company manufactures fertilizer products.
2. The following raw materials are used in the manufacture of the fertilizer:
- 1 x Recycled extra strength plastic bag (the supplier of the plastic bags allows the
company only to pay for plastic bags sold by Grogo - what is not sold is held on
consignment by Grogo);
- Boegoe oil – acquired from a supplier in Port Elizabeth;

- Worm castings – acquired from a factory next door;
- Fish Pellets – acquired from a supplier in East London and collected by Grogo;
- Ban Xia – a natural oil product imported from China. This product is stored in 5
x 10 000 litre tanks on the premises.
3. During October 2010 Grogo became suspicious that the product “Ban Xia” was not the
natural oil, but a synthetic chemical which was very toxic and harmful to the environment.
Management of Grogo decided to engage a biochemical specialist, Dr Ann Schultz, to
ensure that the Ban Xia oil delivered was the correct product. Dr Schultz’s initial
engagement (in October 2010), was to determine if Ban Xia oil was the synthetic chemical.
She concluded that this indeed was the case and the company had to discard all of the oil
(in the correct manner as prescribed by environmental laws in South Africa) as a result.
The company has decided to extend the contract with her to:
 test each and every delivery of Ban Xia oil;
 test inventory of Ban Xia oil on hand for contamination and quality; and
 assist with the inventory count at year-end.
During the past year Dr Schultz has identified no contaminated oil. For the 31 August
2012 year-end she prepared a detailed report indicating the oil (and certifying it as Ban Xia
oil), the volume per tank, the cost price and the total value. Dr Schultz is also engaged
by a number of other well-known South African companies listed on the Johannesburg
Security Exchange for similar work.
4. On 31 August 2012 an inventory count was attended by the audit firm and the conclusion
was that reliance can be placed on the count. At 31 August 2012 there was no work-in-
progress as production had been completed before the inventory count. Only raw
materials and finished goods were on hand. All the adjustments to the perpetual inventory
records were verified by the firm as having been appropriately updated.
5. Inventory at 31 August 2011 was counted by another auditing firm. Grogo required an
audited inventory figure as at 31 August 2011 as it was a requirement imposed by the
company’s bankers. Inventory was the only financial statement item that was audited as
at 31 August 2011.
Page 2 of 5 pages
6. Inventory is valued at the lower of cost and net realizable value on the first-in-first-out
(FIFO) basis, The company does not provide for any allowance for obsolete inventory.
You have been given the following schedules by management in respect of the inventory
balances contained in the 2012 annual financial statements of Grogo.
FINAL INVENTORY SCHEDULE
Description Unit Cost 31 August Total

2012 Rands
Quantity
R
Raw Materials
Packaging bags 1.70 5 565 9 460.50
Boegoe Oil 84.00 1 055 88 620.00
Worm castings 5.50 0 -
Fish Pellets 105.00 2 211 232 155.00
Ban Xia 19.24 45 000 865 800.00
Total Raw Materials 1 196 035.50
Finished Goods
GroEase 987.65 413 407 899.45
PestGro 1 075.32 780 838 749.60
Total Finished Goods 1 246 649.05
Total inventory 2 442 684.55
You have also been given the following extracts from the inventory records of Grogo at 31 August
2012 to assist in your audit procedures. These quantities have been verified against the year-end
count sheets.
Boegoe Oil
Code Description Doc. Date Quantity Unit
No. Price
R
Purchase B0001 Boegoe Oil Inv. 61 28/6/2012 500 52.00
Purchase B0001 Boegoe Oil Inv.137 16/7/2012 500 60.00
Transfer B0001 Transfer TRF A11 01/8/2012 -445
Balance 31 August 2012 1055
Fish Pellets
No. Price
R
Purchase F004 Fish Pellets Inv. 43 28/6/2012 1000 105.00
Transfer F004 Transfer TRF A12 01/8/2012 -445
Page 3 of 5 pages
Ban Xia
Code Description Doc. No Date Unit Unit
Date Paid Price Price
Yuan Litres R
Balance BX002 15/6/2012 18 669.00
Transfer BX002 Transfer TRF A13 01/8/2012 -18 669.00
Purchase BX002 Ban Xia Oil Inv. 996 15/8/2012 15/9/2012 ¥25.00 45 000.00 19.24
Balance 31 August 2012 45 000.00
The Exchange rate at the date of payment was ¥ 1 = R0,7696
The Exchange rate at the date of receipt of the goods free on board was ¥ 1 = R0,7747
(a) State whether you can rely on the expertise of Dr Schultz as part of your audit of
inventory, but exclude any reference to the nature, timing and scope of her work actually
performed. Provide detailed reasons for your answer. (6)
(b) Describe the audit procedures you would perform to obtain sufficient appropriate audit
evidence regarding the opening balance of inventory as at 1 September 2011. You may
assume that you are sufficiently satisfied with the objectivity, competence and skills of the
other firm of auditors to rely on their work. (6)
(c) Identify and describe any apparent errors in logic in the final inventory schedule, read in
conjunction with the supporting documents. (5)
(d) Describe the substantive audit procedures your audit firm should carry out to audit the
valuation of raw materials as at 31 August 2012, with specific reference to the schedules
provided. (21)
YOU MUST ASSUME THAT ALL AMOUNTS ARE MATERIAL.
Communication Skills (2)

Page 4 of 5 pages
You are the newly appointed financial manager of ABC Accounting Services (Pty) Ltd. The
company specialises in providing computerised accounting services to a wide range of clients. ABC
Accounting Services (Pty) Ltd’s own accounting records are also maintained on a computerised
accounting package. You were, however, horrified to discover that the company’s salary system is
for all practical purposes still done manually, although the monthly salary summary is kept on
Microsoft Excel, and that the monthly payslips are also on Microsoft Excel. All payments at the
company were still made by cheque.
After lengthy discussions with the company’s board of directors, they agreed to:
 computerise the payroll (by acquiring a payroll software package), and
 pay all salaries via Electronic Funds Transfer (EFT), using the website of the company’s
banker, First Regional Bank.
The following information pertains to the company’s salary system:
1. There are 26 salaried employees.
2. The following staff members are employed by the company:
2.1 JJ Goodbooks is the chief executive officer (CEO) of the company and responsible for
the administration and marketing of the company.
2.2 AB Persal, the Human Resources Manager, is responsible for all matters pertaining to
staff.
2.3 CDS Wager and EF Salar are HR assistants in the Human Resources Section, reporting
to AB Persal.
2.4 GH Keeps, the bookkeeper, is responsible for all bookkeeping and reports to the
financial manager.
2.5 Twenty staff members who perform accounting services for clients.
3. Ms Persal was given the overall responsibility for the initial take-on of all the details of the 26
staff members on the newly acquired payroll package. It was agreed that this take-on would be
handled in the same way as “normal” additions of new employees to the masterfile.
3.1 All 26 employees had to complete a salary take-on form. The employees had to provide
documentary evidence for all information supplied.
3.2 Mr Wager was given custody of all the salary take-on forms. Mr Wager also had to
ensure that the employees completed the take-on forms.
3.3 Ms Persal approved the salary taken-on forms to ensure that all the relevant information
and documentation were supplied.
3.4 Mr Salar was given the responsibility to capture all the salary take-on forms on the payroll
package.
3.5 Mr Salar is also responsible for preparing the payroll on the payroll package.
Page 5 of 5 pages
4. You, as financial manager, were given the responsibility to ensure that the salary EFT payments
are paid monthly to all employees on the 25th of each month. For this purpose, all 26
beneficiaries have been loaded on the company’s online banking profile through the website of
First Regional Bank.
5. The first EFT payment for salaries took place on 25 September 2012, when all 26 employees
were paid their salaries via the First Regional Bank website.
(a) Describe the control procedures that should be put in place for the loading of all 26
employees’ initial take-on forms (including salary information) onto the newly acquired
computerised payroll package to ensure that the information is valid, accurate and complete.
Do not concern yourself with any batching controls. (16)
(b) Describe the application controls that should be in place over the EFT payments on the 25 th
of September 2012 for salaries, that would ensure all the EFT payments are valid, accurate
and complete. Exclude (from you answer) controls relating to “payroll preparation” and
masterfile amendments. (13)

AUDITING 3
RO302/RO352
TEST 2
13 OCTOBER 2012
SUGGESTED SOLUTION
Page 1 of 3 pages
a.
1. I can rely on the work of Dr. Schulz for the following reasons: (½)
1.1.1 She is engaged by Grogo (Pty) Ltd and not employed by them and therefore (1)
maintains a degree of independence and objectivity which she may not have were (½)
she employed.
1.1.2 In addition she is not totally dependent on Grogo (Pty) Ltd for her income as she has
other sources of income (“She is also engaged by other South African companies”).
This would add credence to her objectivity as she would not have reason to protect (1)
her employment.
1.2 Management does not seem to have much influence over her reports as (½)
1.2.1 Her reputation would be of paramount importance as she does other work for well (1)
renowned listed companies.
1.2.2 Management themselves seem to take her reports seriously, as in historic cases of
contamination, they did not question her but rather discarded valuable inventory (1)
1.3 She clearly seems to have the competence and capabilities as she (½)
1.3.1 Has a doctorate degree in biochemistry. (1)
1.3.2 Seems well respected in her field as she is engaged by a number of companies
listed on the JSE. (1)
1.4 Though she does not appear to be governed by any regulatory or professional
bodies, this does not appear to diminish the skills or reputation that precedes her. (1)
Available (9)
Max. (6)
b)
1. Inspect the 2011 financial statements that the accounting policy on inventory states
that inventory is valued at lower of cost and net realisable value using the FIFO (1)
basis.
2. Inspect the 31 August 2011 general ledger, trial balance and financial statements
that the inventory balance has been correctly carried forward to 1 September 2011. (1)
3. Assess the risk and materiality as at 1 September 2011 for inventory. The inventory (1)
was audited by another audit firm as at 31 August 2011.
4.1 Inspect the working papers of the other audit firm (if access is granted) and (1)
4.2 Agree the balances of inventory audited by them to the opening balance of inventory
on the 1st September 2011 in the AFS. (1)
4.3 Inspect the audit report to ensure that it stated that inventory appeared fairly (1)
presented.
5.1 Inspect the general ledger in September 2011 to determine if there were any
unusual inventory adjustments passed that may have affected the opening balance. (1)
5.2 Enquire from management regarding any unusual inventory adjustments during
September 2011 that may have affected the opening balance. (1)
5.3 Perform analytical procedures - compare (½)
 Inventory balance month to month for 2012 compared to 2011. (½)
 Inventory balance 31 August 2011 to inventory balance as at 31 August 2012. (½)
Available (9½)
Max. (6)
SUGGESTED SOLUTION TO QUESTION 1(CONTINUED)
Page 2 of 3 pages
c.
1. Packaging bags are held on consignment from a supplier. It cannot be included in
inventory as Grogo has no rights to the packaging bags at year end. (2)
2. Boegoe oil is not valued on a FIFO basis as the total quantity of 1055 is valued at (1)
R84 per unit.
FIFO value is 500 @ R84 and 500 @ R60 and 55 @ R52. (1)
3. Fish Pellets’ quantity is shown on the final inventory schedule as 2211 units, but the
inventory record shows 2555 units. (1)
4. Ban Xia is valued using the exchange rate at date of payment. The exchange rate (1)
used should be the date risks and rewards were transferred to Grogo. (1)
Available (7)
Max. 5
d. Raw Materials – valuation and allocation of appropriate amounts
1. Arithmetic accuracy
1.1 Compare the quantities of inventory items on the auditor’s copies of the inventory
sheets to the client’s priced inventory sheets (to confirm that the client has not
altered the quantities). (1)
1.2 Test the arithmetical accuracy of the inventory sheets by reperforming all extensions
(quantity x cost) and casting the extension column (total inventory value). (1)
1.3 Review inventory sheets for any negative “inventory item values” (should not be (1)
any).
1.4 Compare the total inventory value per the inventory sheets to the general ledger and
trial balance. (1)
2. Pricing inventory purchased locally
2.1 For Boegoe Oil and Fish Pellets

 agree to relevant suppliers invoices to establish whether the correct purchase
prices have been used in obtaining the cost in terms of the cost formula used by
the company (FIFO basis for Grogo). (1)
 By enquiry of the costing clerk and inspection of invoices from transporters,
establish that relevant carriage costs have been included in unit cost
calculations for Fish Pellets. (1)
3. Pricing imported inventory
3.1 For Ban Xia oil imported from China, obtain invoices/shipping contracts and costing
schedule, and reperform the unit cost calculations for the sample of imported items
and verify that: (1)
 The correct exchange rate was used to convert the foreign currency to Rands
(rate at date of transaction should be used.
 This rate should be confirmed by enquiry of a financial institution. (1)
 The appropriate import and customs duties and shipping charges were included
(usually obtained from shipping agents invoices). (1)
 The allocation of the above costs to the individual inventory items purchased is
reasonable, and accurately performed. (1)
4. Lower of cost and net realisable value
4.1 Verify the selling price of GroEase and PestGro with:

 reference to sales lists (1)
 reference to the most recent sales invoice for the particular item (1)
4.2 Compare sales prices on invoices of GroEase and PestGro of sales made from
1 September 2012 to the cost prices on the inventory sheets. This provides
evidence of the most up to date realisable value. (1)
SUGGESTED SOLLUTION TO QUESTION 1(CONTINUED)

Page 3 of 3 pages
5. Inventory obsolescence allowance
5.1 Discuss with management:

 the process used to determine that there is no obsolescence allowance and
evaluate the process for reasonableness and consistency with prior years. (1)
 any procedures in place for the approval that no allowance should be raised
e.g. is the approval of no allowance by the financial director after consultation
with the warehouse manager? (1)
5.2 For Fish Pellets and Boegoe Oil perform the following assessments
 Inspect the year-end count sheets for any indication of obsolete or damaged
inventory. (1)
 Inspect the accounting and inventory records for any write offs during the 2012
year. (1)
 Reperform the aging of the inventory with reference to supplier’s invoices (1)
noting the date of last purchase;
 inspect the creditors’ statements and enquire if there has been any recent
change of supplier that may indicate that the old supplier was delivering poor (1)
quality product.
 If there was a change in suppliers, inspect inventory records if some of the
previous supplier’s inventory is still on hand. This might be an indication of (1)
obsolete inventory.
 Enquire whether there were any issues during the year that may have (1)
damaged inventory e.g. floods/water may damage the fish pellets.
5.3 Assess indicators of obsolescence problems such as no recent sales or purchase of (½)
particular items, products which have reached their sell by dates in the post balance (½)
sheet period, or correspondence relating to inferior products supplied to customers. (½)
5.4 Compare any allowances raised in prior years to actual write offs in subsequent
years (to determine “accuracy” of management’s decision not to provide an (1)
allowance).
6. Analytical Procedures
6.1 Perform an overall analytical procedure of inventory by comparing current year

figures and ratios with the corresponding figures of prior years’ e.g: (1)
 total inventory (½)
 total inventory by category or location or source (local/imported) (½)
 Compare the percentage of each category of raw materials on hand to the
“recipe” at production as inventory on hand should be kept closely in line with
future usage. (1)
6.2 Include reference to inventory, particularly the allowance for obsolescence, in the
management representation letter. (1)
Available (27½)
Max. 21

Page 1 of 2 pages
Expected controls over the payroll system at ABC Accounting Services (Pty) Ltd
Salary take-on forms (masterfile amendments)
Validity
1. All salary take-on forms (STF’s) should be pre-numbered from 1 to 26. (1)
2 All STFs should be cross referenced to supporting documentation which should be
filed with the STF in numerical sequence.
3 All STFs should be properly authorised by Persal with respect to supporting
documents before being entered onto the masterfile to ensure that they are valid. (1)
4. There should be automatic logging of all salary take-on-forms by the system. There (½)
should be no write access to these logs. (½)
5. Access controls over the system should include the use of user ID’s and passwords (½)
so that the following access restrictions are enforced: (½)
5.1 Salary-take-on programme functions are accessible only to Salar. (1)
5.2 Read-only access to the log of masterfile amendments is provided only to (1)
Persal.
5.3 The access privileges described above should be available only to the user (1)
ID’s and terminals of Salar and Persal. (1)
6. The log of salary take on should be reviewed as follows:
6.1 Persal should ensure that each logged masterfile amendment is supported by
a properly authorised STF, and (1)
6.2 The Financial Manager should inspect the log for evidence of Persal’s review
and any suspicious or unusual amendments. (1)
Accuracy
1. Programme checks should be carried out on: (½ = check; ½ =

example)
1.1 Surname and name – alpha/numeric (1)
1.2 ID Number – field size and numeric (1)
1.3 Bank account number - numeric (1)
1.4 Gross salary – range checks (1)
2. Screen prompts, careful design of the on-screen STFs and use of bank branch codes (½)
could also be used to aid accuracy (e.g. for commonly used banks) . (½)
(½)
3. While Persal is reviewing the log of masterfile amendments for validity (see 6.1
above), she should also reconcile the accuracy of the detail on the log to the relevant (1)
STFs.
Completeness
1. Programmed sequence checks should be carried out by the system e.g. automatically
prompting for the next STF No. in sequence when the input function is carried out. (1)
2. The log of masterfile amendments should be reviewed by both Persal and the financial
manager for:
2.1 any gaps in the sequence of STF numbers and (1)
2.2 the presence of 26 amendments on the log. (1)
Available (20½
Max. 16
(b)
Effecting the EFT Salary Payment (Preventive)
1. The EFT payment should be documented on a preprinted, sequenced EFT payment

voucher. (1 voucher containing our 26 beneficiaries should suffice) (1)
2. The EFT payment voucher should be authorised by the financial manager and Ms (1)
Persal after they agreed the EFT payments to the approved payroll.
3. Two persons should be required to make the payment: the financial manager to
approve and the HR Manager to execute the EFT. (1)

Page 2 of 2 pages
4. The financial manager should log onto the bank’s website and an SMS password
should be sent to his cell phone to allow him to log in. The password to make the (1)
EFTs should not be known to him, it should only be known to the HR Manager who (1)
will execute the payment.
5. The PIN and passwords should be strictly confidential and the financial manager
should not leave his cell phone about. (1)
6. A limit on the amount which can be transferred in a single 24 hour period or in a
single EFT facility should be in place. (1)
7. The terminal should shut down after 3 unsuccessful attempts to access the bank
account (this should be agreed with the bank). (1)
8. The ability to access the internet should be restricted to the PCs of the financial
manager and Ms Persal. (1)
9. The following additional controls should also be in place:
9.1 The total amount of salaries to be paid should be transferred to a salary
clearing account from the main bank account and the employees’ payments
should be transferred from the clearing account to their individual accounts
(this protects the main bank account and increases confidentiality). (1)
9.2 As salaries are paid only on the 25th of the month, transfers from the main
bank account to the salary account could be restricted (by a programmed
control) to the 25th. (1)
9.3 Data should be encrypted (for security and confidentiality). (1)
After the payment:

1. Confirmation of all EFT payments sent by the bank should be printed out, matched
to the EFT payment voucher and attached to it. (1)
2. Security violations should be logged and followed up. (1)
3. On the 26th following the payment of salaries, the financial manager should
download a copy of the salary clearing account bank statement. (1)
Only he should have access to this account (as describe in 4 above under
preventive controls). (1)
4. He should confirm the salary payments per the bank statement to the payroll
individually, and in total (and follow up on any discrepancies). (1)
5. When the payroll is confirmed, a payslip for the month should be printed out for each
employee in “sealed envelope” format. This enables the employee to reconcile the
amount deposited in her/his bank account with the earnings for the month. (1)
Available (18)
Max. 13

13 OCTOBER 2012

Mr G Penning
Ms K Belcher
Ms C Fourie

possible.
NOTE : This paper consists 2 questions on 5 pages (excluding cover page).
MARKS MINUTES ANSWER BOOK

70 90
Page 1 of 5 pages
Your firm was appointed in July 2012 as auditors for Grogo Manufacturing (Pty) Ltd (Grogo)
for the year ended 31 August 2012. This is the first time that Grogo will be audited as during
the past financial year the company’s public interest score has increased from 210 to 425.
You have been assigned to the audit of inventory. The following pertinent information is
relevant to the audit of inventory.
1. The company manufactures fertilizer products.
2. The following raw materials are used in the manufacture of the fertilizer:
- 1 x Recycled extra strength plastic bag (the supplier of the plastic bags allows the
company only to pay for plastic bags sold by Grogo - what is not sold is held on
consignment by Grogo);
- Boegoe oil – acquired from a supplier in Port Elizabeth;

- Worm castings – acquired from a factory next door;
- Fish Pellets – acquired from a supplier in East London and collected by Grogo;
- Ban Xia – a natural oil product imported from China. This product is stored in 5
x 10 000 litre tanks on the premises.
3. During October 2010 Grogo became suspicious that the product “Ban Xia” was not the
natural oil, but a synthetic chemical which was very toxic and harmful to the environment.
Management of Grogo decided to engage a biochemical specialist, Dr Ann Schultz, to
ensure that the Ban Xia oil delivered was the correct product. Dr Schultz’s initial
engagement (in October 2010), was to determine if Ban Xia oil was the synthetic chemical.
She concluded that this indeed was the case and the company had to discard all of the oil
(in the correct manner as prescribed by environmental laws in South Africa) as a result.
The company has decided to extend the contract with her to:
 test each and every delivery of Ban Xia oil;
 test inventory of Ban Xia oil on hand for contamination and quality; and
 assist with the inventory count at year-end.
During the past year Dr Schultz has identified no contaminated oil. For the 31 August
2012 year-end she prepared a detailed report indicating the oil (and certifying it as Ban Xia
oil), the volume per tank, the cost price and the total value. Dr Schultz is also engaged
by a number of other well-known South African companies listed on the Johannesburg
Security Exchange for similar work.
4. On 31 August 2012 an inventory count was attended by the audit firm and the conclusion
was that reliance can be placed on the count. At 31 August 2012 there was no work-in-
progress as production had been completed before the inventory count. Only raw
materials and finished goods were on hand. All the adjustments to the perpetual inventory
records were verified by the firm as having been appropriately updated.
5. Inventory at 31 August 2011 was counted by another auditing firm. Grogo required an
audited inventory figure as at 31 August 2011 as it was a requirement imposed by the
company’s bankers. Inventory was the only financial statement item that was audited as
at 31 August 2011.
Page 2 of 5 pages
6. Inventory is valued at the lower of cost and net realizable value on the first-in-first-out
(FIFO) basis, The company does not provide for any allowance for obsolete inventory.
You have been given the following schedules by management in respect of the inventory
balances contained in the 2012 annual financial statements of Grogo.
FINAL INVENTORY SCHEDULE
Description Unit Cost 31 August Total

2012 Rands
Quantity
R
Raw Materials
Packaging bags 1.70 5 565 9 460.50
Boegoe Oil 84.00 1 055 88 620.00
Worm castings 5.50 0 -
Fish Pellets 105.00 2 211 232 155.00
Ban Xia 19.24 45 000 865 800.00
Total Raw Materials 1 196 035.50
Finished Goods
GroEase 987.65 413 407 899.45
PestGro 1 075.32 780 838 749.60
Total Finished Goods 1 246 649.05
Total inventory 2 442 684.55
You have also been given the following extracts from the inventory records of Grogo at 31 August
2012 to assist in your audit procedures. These quantities have been verified against the year-end
count sheets.
Boegoe Oil
No. Price
R
Purchase B0001 Boegoe Oil Inv.137 16/7/2012 500 60.00
Transfer B0001 Transfer TRF A11 01/8/2012 -445
Fish Pellets
No. Price
R
Transfer F004 Transfer TRF A12 01/8/2012 -445
Page 3 of 5 pages
Ban Xia
Code Description Doc. No Date Unit Unit
Date Paid Price Price
Yuan Litres R
Balance BX002 15/6/2012 18 669.00
Transfer BX002 Transfer TRF A13 01/8/2012 -18 669.00
Purchase BX002 Ban Xia Oil Inv. 996 15/8/2012 15/9/2012 ¥25.00 45 000.00 19.24
Balance 31 August 2012 45 000.00
The Exchange rate at the date of payment was ¥ 1 = R0,7696
The Exchange rate at the date of receipt of the goods free on board was ¥ 1 = R0,7747
(a) State whether you can rely on the expertise of Dr Schultz as part of your audit of
inventory, but exclude any reference to the nature, timing and scope of her work actually
performed. Provide detailed reasons for your answer. (6)
(b) Describe the audit procedures you would perform to obtain sufficient appropriate audit
evidence regarding the opening balance of inventory as at 1 September 2011. You may
assume that you are sufficiently satisfied with the objectivity, competence and skills of the
other firm of auditors to rely on their work. (6)
(c) Identify and describe any apparent errors in logic in the final inventory schedule, read in
conjunction with the supporting documents. (5)
(d) Describe the substantive audit procedures your audit firm should carry out to audit the
valuation of raw materials as at 31 August 2012, with specific reference to the schedules
provided. (21)
YOU MUST ASSUME THAT ALL AMOUNTS ARE MATERIAL.

Page 4 of 5 pages
You are the newly appointed financial manager of ABC Accounting Services (Pty) Ltd. The
company specialises in providing computerised accounting services to a wide range of clients. ABC
Accounting Services (Pty) Ltd’s own accounting records are also maintained on a computerised
accounting package. You were, however, horrified to discover that the company’s salary system is
for all practical purposes still done manually, although the monthly salary summary is kept on
Microsoft Excel, and that the monthly payslips are also on Microsoft Excel. All payments at the
company were still made by cheque.
After lengthy discussions with the company’s board of directors, they agreed to:
 computerise the payroll (by acquiring a payroll software package), and
 pay all salaries via Electronic Funds Transfer (EFT), using the website of the company’s
banker, First Regional Bank.
The following information pertains to the company’s salary system:

5. There are 26 salaried employees.
6. The following staff members are employed by the company:
6.1 JJ Goodbooks is the chief executive officer (CEO) of the company and responsible for
the administration and marketing of the company.
6.2 AB Persal, the Human Resources Manager, is responsible for all matters pertaining to
staff.
6.3 CDS Wager and EF Salar are HR assistants in the Human Resources Section, reporting
to AB Persal.
6.4 GH Keeps, the bookkeeper, is responsible for all bookkeeping and reports to the
financial manager.
6.5 Twenty staff members who perform accounting services for clients.
7. Ms Persal was given the overall responsibility for the initial take-on of all the details of the 26
staff members on the newly acquired payroll package. It was agreed that this take-on would be
handled in the same way as “normal” additions of new employees to the masterfile.
3.1 All 26 employees had to complete a salary take-on form. The employees had to provide
documentary evidence for all information supplied.
3.2 Mr Wager was given custody of all the salary take-on forms. Mr Wager also had to
ensure that the employees completed the take-on forms.
3.3 Ms Persal approved the salary taken-on forms to ensure that all the relevant information
and documentation were supplied.
3.4 Mr Salar was given the responsibility to capture all the salary take-on forms on the payroll
package.
3.5 Mr Salar is also responsible for preparing the payroll on the payroll package.
Page 5 of 5 pages
8. You, as financial manager, were given the responsibility to ensure that the salary EFT payments
are paid monthly to all employees on the 25th of each month. For this purpose, all 26
beneficiaries have been loaded on the company’s online banking profile through the website of
First Regional Bank.
5. The first EFT payment for salaries took place on 25 September 2012, when all 26 employees
were paid their salaries via the First Regional Bank website.
(c) Describe the control procedures that should be put in place for the loading of all 26
employees’ initial take-on forms (including salary information) onto the newly acquired
computerised payroll package to ensure that the information is valid, accurate and complete.
Do not concern yourself with any batching controls. (16)
(d) Describe the application controls that should be in place over the EFT payments on the 25 th
of September 2012 for salaries, that would ensure all the EFT payments are valid, accurate
and complete. Exclude (from you answer) controls relating to “payroll preparation” and
masterfile amendments. (13)

AUDITING 3
RO302/RO352
TEST 2
13 OCTOBER 2012
SUGGESTED SOLUTION
Page 1 of 3 pages
a.
1. I can rely on the work of Dr. Schulz for the following reasons: (½)
1.1.1 She is engaged by Grogo (Pty) Ltd and not employed by them and therefore (1)
maintains a degree of independence and objectivity which she may not have were (½)
she employed.
1.1.2 In addition she is not totally dependent on Grogo (Pty) Ltd for her income as she has
other sources of income (“She is also engaged by other South African companies”).
This would add credence to her objectivity as she would not have reason to protect (1)
her employment.
1.2 Management does not seem to have much influence over her reports as (½)
1.2.1 Her reputation would be of paramount importance as she does other work for well (1)
renowned listed companies.
1.2.2 Management themselves seem to take her reports seriously, as in historic cases of
contamination, they did not question her but rather discarded valuable inventory (1)
1.3 She clearly seems to have the competence and capabilities as she (½)
1.3.1 Has a doctorate degree in biochemistry. (1)
1.3.2 Seems well respected in her field as she is engaged by a number of companies
listed on the JSE. (1)
1.4 Though she does not appear to be governed by any regulatory or professional
bodies, this does not appear to diminish the skills or reputation that precedes her. (1)
Available (9)
Max. (6)
b)
1. Inspect the 2011 financial statements that the accounting policy on inventory states
that inventory is valued at lower of cost and net realisable value using the FIFO (1)
basis.
2. Inspect the 31 August 2011 general ledger, trial balance and financial statements
that the inventory balance has been correctly carried forward to 1 September 2011. (1)
3. Assess the risk and materiality as at 1 September 2011 for inventory. The inventory (1)
was audited by another audit firm as at 31 August 2011.
4.1 Inspect the working papers of the other audit firm (if access is granted) and (1)
4.2 Agree the balances of inventory audited by them to the opening balance of inventory
on the 1st September 2011 in the AFS. (1)
4.3 Inspect the audit report to ensure that it stated that inventory appeared fairly (1)
presented.
5.1 Inspect the general ledger in September 2011 to determine if there were any
unusual inventory adjustments passed that may have affected the opening balance. (1)
5.2 Enquire from management regarding any unusual inventory adjustments during
September 2011 that may have affected the opening balance. (1)
5.3 Perform analytical procedures - compare (½)
 Inventory balance month to month for 2012 compared to 2011. (½)
 Inventory balance 31 August 2011 to inventory balance as at 31 August 2012. (½)
Available (9½)
Max. (6)
SUGGESTED SOLUTION TO QUESTION 1(CONTINUED)
Page 2 of 3 pages
c.
1. Packaging bags are held on consignment from a supplier. It cannot be included in
inventory as Grogo has no rights to the packaging bags at year end. (2)
2. Boegoe oil is not valued on a FIFO basis as the total quantity of 1055 is valued at (1)
R84 per unit.
FIFO value is 500 @ R84 and 500 @ R60 and 55 @ R52. (1)
3. Fish Pellets’ quantity is shown on the final inventory schedule as 2211 units, but the
inventory record shows 2555 units. (1)
4. Ban Xia is valued using the exchange rate at date of payment. The exchange rate (1)
used should be the date risks and rewards were transferred to Grogo. (1)
Available (7)
Max. 5
d. Raw Materials – valuation and allocation of appropriate amounts
1. Arithmetic accuracy
1.1 Compare the quantities of inventory items on the auditor’s copies of the inventory
sheets to the client’s priced inventory sheets (to confirm that the client has not
altered the quantities). (1)
1.2 Test the arithmetical accuracy of the inventory sheets by reperforming all extensions
(quantity x cost) and casting the extension column (total inventory value). (1)
1.3 Review inventory sheets for any negative “inventory item values” (should not be (1)
any).
1.4 Compare the total inventory value per the inventory sheets to the general ledger and
trial balance. (1)
2. Pricing inventory purchased locally
2.1 For Boegoe Oil and Fish Pellets

 agree to relevant suppliers invoices to establish whether the correct purchase
prices have been used in obtaining the cost in terms of the cost formula used by
the company (FIFO basis for Grogo). (1)
 By enquiry of the costing clerk and inspection of invoices from transporters,
establish that relevant carriage costs have been included in unit cost
calculations for Fish Pellets. (1)
3. Pricing imported inventory
3.1 For Ban Xia oil imported from China, obtain invoices/shipping contracts and costing
schedule, and reperform the unit cost calculations for the sample of imported items
and verify that: (1)
 The correct exchange rate was used to convert the foreign currency to Rands
(rate at date of transaction should be used.
 This rate should be confirmed by enquiry of a financial institution. (1)
 The appropriate import and customs duties and shipping charges were included
(usually obtained from shipping agents invoices). (1)
 The allocation of the above costs to the individual inventory items purchased is
reasonable, and accurately performed. (1)
4. Lower of cost and net realisable value
4.1 Verify the selling price of GroEase and PestGro with:

 reference to sales lists (1)
 reference to the most recent sales invoice for the particular item (1)
4.2 Compare sales prices on invoices of GroEase and PestGro of sales made from
1 September 2012 to the cost prices on the inventory sheets. This provides
evidence of the most up to date realisable value. (1)
SUGGESTED SOLLUTION TO QUESTION 1(CONTINUED)

Page 3 of 3 pages
5. Inventory obsolescence allowance
5.1 Discuss with management:

 the process used to determine that there is no obsolescence allowance and
evaluate the process for reasonableness and consistency with prior years. (1)
 any procedures in place for the approval that no allowance should be raised
e.g. is the approval of no allowance by the financial director after consultation
with the warehouse manager? (1)
5.2 For Fish Pellets and Boegoe Oil perform the following assessments
 Inspect the year-end count sheets for any indication of obsolete or damaged
inventory. (1)
 Inspect the accounting and inventory records for any write offs during the 2012
year. (1)
 Reperform the aging of the inventory with reference to supplier’s invoices
noting the date of last purchase; (1)
 inspect the creditors’ statements and enquire if there has been any recent
change of supplier that may indicate that the old supplier was delivering poor
quality product. (1)
 If there was a change in suppliers, inspect inventory records if some of the
previous supplier’s inventory is still on hand. This might be an indication of
obsolete inventory. (1)
 Enquire whether there were any issues during the year that may have
damaged inventory e.g. floods/water may damage the fish pellets. (1)
5.3 Assess indicators of obsolescence problems such as no recent sales or purchase of (½)
particular items, products which have reached their sell by dates in the post balance (½)
sheet period, or correspondence relating to inferior products supplied to customers. (½)
5.4 Compare any allowances raised in prior years to actual write offs in subsequent
years (to determine “accuracy” of management’s decision not to provide an (1)
allowance).
6. Analytical Procedures
6.1 Perform an overall analytical procedure of inventory by comparing current year

figures and ratios with the corresponding figures of prior years’ e.g: (1)
 total inventory (½)
 total inventory by category or location or source (local/imported) (½)
 Compare the percentage of each category of raw materials on hand to the
“recipe” at production as inventory on hand should be kept closely in line with
future usage. (1)
6.2 Include reference to inventory, particularly the allowance for obsolescence, in the
management representation letter. (1)
Available (27½)
Max. 21

Page 1 of 2 pages
Expected controls over the payroll system at ABC Accounting Services (Pty) Ltd
Salary take-on forms (masterfile amendments)
Validity
1. All salary take-on forms (STF’s) should be pre-numbered from 1 to 26. (1)
2 All STFs should be cross referenced to supporting documentation which should be
filed with the STF in numerical sequence.
3 All STFs should be properly authorised by Persal with respect to supporting
documents before being entered onto the masterfile to ensure that they are valid. (1)
4. There should be automatic logging of all salary take-on-forms by the system. There (½)
should be no write access to these logs. (½)
5. Access controls over the system should include the use of user ID’s and passwords (½)
so that the following access restrictions are enforced: (½)
5.1 Salary-take-on programme functions are accessible only to Salar. (1)
5.2 Read-only access to the log of masterfile amendments is provided only to (1)
Persal.
5.3 The access privileges described above should be available only to the user (1)
ID’s and terminals of Salar and Persal. (1)
6. The log of salary take on should be reviewed as follows:
6.1 Persal should ensure that each logged masterfile amendment is supported by
a properly authorised STF, and (1)
6.2 The Financial Manager should inspect the log for evidence of Persal’s review
and any suspicious or unusual amendments. (1)
Accuracy
1. Programme checks should be carried out on: (½ = check; ½ =

example)
1.1 Surname and name – alpha/numeric (1)
1.2 ID Number – field size and numeric (1)
1.3 Bank account number - numeric (1)
1.4 Gross salary – range checks (1)
2. Screen prompts, careful design of the on-screen STFs and use of bank branch codes (½)
could also be used to aid accuracy (e.g. for commonly used banks) . (½)
(½)
3. While Persal is reviewing the log of masterfile amendments for validity (see 6.1
above), she should also reconcile the accuracy of the detail on the log to the relevant (1)
STFs.
Completeness
1. Programmed sequence checks should be carried out by the system e.g. automatically
prompting for the next STF No. in sequence when the input function is carried out. (1)
2. The log of masterfile amendments should be reviewed by both Persal and the financial
manager for:
2.1 any gaps in the sequence of STF numbers and (1)
2.2 the presence of 26 amendments on the log. (1)
Available (20½
Max. 16
(b)
Effecting the EFT Salary Payment (Preventive)
1. The EFT payment should be documented on a preprinted, sequenced EFT payment

voucher. (1 voucher containing our 26 beneficiaries should suffice) (1)
2. The EFT payment voucher should be authorised by the financial manager and Ms (1)
Persal after they agreed the EFT payments to the approved payroll.
3. Two persons should be required to make the payment: the financial manager to
approve and the HR Manager to execute the EFT. (1)

Page 2 of 2 pages
4. The financial manager should log onto the bank’s website and an SMS password
should be sent to his cell phone to allow him to log in. The password to make the (1)
EFTs should not be known to him, it should only be known to the HR Manager who (1)
will execute the payment.
5. The PIN and passwords should be strictly confidential and the financial manager
should not leave his cell phone about. (1)
6. A limit on the amount which can be transferred in a single 24 hour period or in a
single EFT facility should be in place. (1)
7. The terminal should shut down after 3 unsuccessful attempts to access the bank
account (this should be agreed with the bank). (1)
8. The ability to access the internet should be restricted to the PCs of the financial
manager and Ms Persal. (1)
9. The following additional controls should also be in place:
9.1 The total amount of salaries to be paid should be transferred to a salary
clearing account from the main bank account and the employees’ payments
should be transferred from the clearing account to their individual accounts
(this protects the main bank account and increases confidentiality). (1)
9.2 As salaries are paid only on the 25th of the month, transfers from the main
bank account to the salary account could be restricted (by a programmed
control) to the 25th. (1)
9.3 Data should be encrypted (for security and confidentiality). (1)
After the payment:

1. Confirmation of all EFT payments sent by the bank should be printed out, matched
to the EFT payment voucher and attached to it. (1)
2. Security violations should be logged and followed up. (1)
3. On the 26th following the payment of salaries, the financial manager should
download a copy of the salary clearing account bank statement. (1)
Only he should have access to this account (as describe in 4 above under
preventive controls). (1)
4. He should confirm the salary payments per the bank statement to the payroll
individually, and in total (and follow up on any discrepancies). (1)
5. When the payroll is confirmed, a payslip for the month should be printed out for each
employee in “sealed envelope” format. This enables the employee to reconcile the
amount deposited in her/his bank account with the earnings for the month. (1)
Available (18)
Max. 13

Merged Tests - 231016 - 111010 - 240120 - 142540

Uploaded by

Copyright:

Available Formats

You might also like

Merged Tests - 231016 - 111010 - 240120 - 142540

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Merged Tests - 231016 - 111010 - 240120 - 142540

Uploaded by

Copyright:

Available Formats

TEST 1 QUESTION PAPER

SUBJECT : GENERAL AUDITING 3 CODE: RGO302/RGO352

TIME : 90 MINUTES MARKS : 70

Prof G Radder Prof F E Prinsloo

1. All questions must be answered.

NOTE : This paper consists of 2 questions on 3 pages (excluding cover page).

QUESTION 1 (23 MARKS: 30 MINUTES)

a) Describe four implementation methods available to MiSpares (Pty) Ltd. (6)

PART C (12 Marks)

(d) What are the stages of a Systems Development Life Cycle? (4 x ½ = 2)

(e) What are the basic prototyping steps? (4 x ½ = 2)

YOU ARE REQUIRED TO answer the CEO’s questions.

QUESTION 2(47 MARKS: 60 MINUTES)

PART A (35 Marks)

YOU ARE REQUIRED TO:

1. Control environment and security policy (5)

The following controls have been implemented at Arctica (Pty) Ltd

1. Staff are frequently sent on computer training courses.

YOU ARE REQUIRED TO:

1. Batch input/batch processing (3)

SUGGESTED SOLUTION TO QUESTION 1

1.(a) Four major forms of system conversion include:

3. Pert charts and (1)

– To respond to changes in user needs or business needs. (½)

(c) – Meet needs of the users (½)

a) General Controls are those controls which:

b) 1. Control environment and security policy

Thirdly, Wally may purchase unnecessary or substandard computer equipment, and/or

2. Organizational structure and Personnel Practices

SUGGESTED SOLUTION TO QUESTION 2

3.1 Weakness: The positioning of important components of the mainframe e.g.

3.2 Weakness: Data is inadequately backed up:

4. Logical Access Controls

Explanation: Allowing the managing director and financial manager logical

SUGGESTED SOLUTION TO QUESTION 2

4.2 Weakness: User passwords are

1. Batch input/ Batch processing

3. On line/real time processing

DEPARTMENT OF AUDITING AND TAXATION

SUBJECT : AUDITING 3 CODE: RO302/RO352

TIME : 90 MINUTES MARKS : 70

Prof G Radder Prof F E Prinsloo

1. All questions must be answered.

NOTE : This paper consists of 2 questions on 4 pages (excluding cover page).

QUESTION 1 (18 MARKS: 23 MINUTES)

YOU ARE REQUIRED TO:

c) Describe the implementation methods available to MiSpares (Pty) Ltd. (4)

b) Name the information you would include on the axes. (2 x ½ = 1)

QUESTION 2 (52 MARKS: 67 MINUTES)

PART A (23 Marks)

PART B (14 Marks)

PART C (12 Marks)

The following controls have been implemented at Arctic (Pty) Ltd.

1. Staff are frequently sent on computer training courses.

SUGGESTED SOLUTION TO QUESTION 1

1.(a) Four major forms of system conversion include:

(b) Pilot Conversion: (1)