FACULTY OF COMMERCE, ADMINISTRATION AND LAW

DEPARTMENT OF ACCOUNTING AND AUDITING

2023 SEMESTER TWO

INTERNAL CONTROLS

QUESTION BANK
QUESTION 2

The International Standard on Auditing (ISA) 315 (Revised), which identifies and assesses
the risks of material misstatement through an understanding of the entity and its
environment, requires an auditor to understand an entity’s internal control. ISA 315
(Revised) defines internal control and deals with the different components thereof.

YOU ARE REQUIRED TO :

1 .Define internal control. 5

2. List the components of an entity’s internal control and give a brief 14
explanation of each component.

SUGGESTED SOLUTION

1. Internal control may be defined as: M

a. The process designed, implemented, and maintained 1
b. By those charged with governance, management, and other 1
personnel
c. Iin order to provide reasonable assurance concerning the 1
achievement of an entity’s objective with regard to:
i. The reliability of entity’s financial reporting 1
ii. The effectiveness and efficiency of its operations 1
iii. It compliance with applicable laws and regulations. 1

a) Control environment: 1
i. Includes the governance and the management functions, as well as 1
the attitudes, the awareness, and the actions of those charged with
governance and management of the entity’s internal control and its
importance in the entity
ii. Sets the tone of an entity, influencing the control consciousness of 1
its people
iii. Has elements such as communication and the enforcement of 1
integrity and ethical values, commitment to competence, the
participation of those charged with governance, management’s
philosophy and operating style, organisational structure, the
assignment of authority and responsibility, and human resource
policies and practices.
b) The entity’s risk assessment procedures: 1
 i. Include (for financial reporting purposes) how management identifies 1
business risks relevant to the preparation of financial statements in
accordance with the entity’s applicable financial reporting framework;
and 1

ii. Estimates their significance, assesses the likelihood of their

occurrence, and decides upon actions in order to respond to, and
manage, them and the results thereof.
c) The information system, including the related business processes, 1
relevant to financial reporting and communication, consists of the
procedures and records designed and established in order to initiate,
record, process and report an entity’s transactions (as well as events
and conditions) and to maintain accountability for the related assets,
liabilities, and equity.
d) Control activities: 1
i. Are the policies and procedures that help ensure that management 1
directives are carried out; and
ii. Whether within information technology or manual system, have 1
various objectives and are applied at various organisational and
functional levels.

e) The monitoring of controls: 1

i. Is a process that assesses the effectiveness of internal control 1
performance over time
ii. Involves assessing the effectiveness of controls on a timely basis 1
and taking the necessary remedial actions
iii. Is accomplished by management through ongoing activities and 1
separate evaluations, or a combination of the two
iv. Is often built into the normal recurring activities of an entity that 1
includes regular management and supervisory activities.
QUESTION 3

You were recently appointed as a partner at the audit firm of Tom, Dick, and Harry Inc.
One of your duties includes a monthly training session with the trainee accountants in order
to resolve their uncertainties regarding, among other things, aspects of internal control.

In order to identify problem areas, you distributed a questionnaire among the trainee
accountants, the results of which revealed that there are reservations about the benefits to
be derived from the implementation of a computerised system, the type of control activities
and the inherent limitations of internal control.

YOU ARE REQUIRED TO:

Prepare a guideline that could be used as a reference tool during the training
session, in which you:
1. Describe five potential benefits identified by ISA 315 (Revised) to be 5
derived from the implementation of a computerised system.

2. List the different type of control activities. 5

3. List five inherent limitations on internal control. 5

SUGGESTED SOLUTION

1. The automated system:

a. Consistently applies predefined business rules and performs complex 1
calculations in the processing of large volumes of transactions or data
b. Enhances the timeliness, the availability, and the accuracy of information 1
c. Facilitates the additional analysis of information 1
d. Enhances the ability to monitor the performance of the entity’s activities, 1
as well as its policies and procedures
e. Reduces the risk of controls being circumvented 1
f. Enhances the ability to achieve an effective segregation of duties by 1
implementing security controls in applications, databases, and operating
systems.
2. Different types of control activities
a) Authorisation 1
b) The segregation of duties 1
 c) The isolation of responsibility 1
d) The safeguarding of assets 1
e) Comparison and reconciliation 1
f) Performance reviews 1
3. Limitation of internal controls
a. The cost of implementation versus the benefit derived from internal 1
control
b. Susceptibility to human error 1
c. Internal control not designed for non-routine transactions (e.g. journals) 1

d. Collusion between employees 1

e. Procedures or controls possibly becoming inadequate over time 1
f. Staff not taking responsibility for their individual functions 1
QUESTION 4

You have recently been employed as the audit manager responsible for resolving
technical issues and overseeing trainee accountants completing their studies part-time
through Various University. One of your tasks is to assist the trainee accountants in
preparing for their upcoming examinations.

One of the areas of concern is their understanding of internal control and, more
specifically, the control objectives relating to internal control. You have been tasked
with the preparation of a presentation on control objectives in order to answer the
following unrelated questions raised by the trainee accountants.

YOU ARE REQUIRED TO:

1. List and define the generic control objectives that need to be present 9
in all accounting systems. Bearing in mind that the objectives referred
to are those of management, and should not be confused with the
assertions that management implies in the financial statements,
answer using this tabular format:

CONTROL OBJECTIVE GENERIC DEFINITION OR MEANING

Notes:

• Listing the generic control objectives requires the provision of

one word only – the control objective.
• In defining the listed items, provide a description of each – the
generic description for each of the listed control objectives.
• Whenever (as in this case) you are required to provide an
answer in a certain format, use the format throughout your
answer.

2. Explain the first step (one step only) in the design of a system of 2
internal control and the difference between risks and control
objectives.
SUGGESTED SOLUTION

1.
2. CONTROL OBJECTIVE 3. GENERIC DEFINITION OR MEANING
VALIDITY (1) All transactions and events executed:

• Are properly authorised in 1

accordance with management policy.
• Did actually occur during the period; 1
and
• Are supported by sufficient 1
documentation and evidence.

COMPLETENESS (1) • All transactions that actually occurred

1
during the period are recorded in a
timely manner.
• No transactions are omitted.
1

ACCURACY (1) All transactions are:

• Recorded at the correct amounts 1

(quantity, prices, and calculations);
• Correctly classified in terms of the 1
entity’s chart of accounts; and
• Correctly summarised and posted to
the entity’s accounting records. 1

When designing a system of internal control, the first step is to formulate

1
control objectives (what the entity wants the system to achieve or ensure) for
each class of transaction, or part of the accounting system.
Risks are things that could go wrong. 1
Control objectives relate to what management wants the system to achieve. 1
 Note: An understanding of the generic meaning of the three control objectives
is of utmost importance, as they are the foundation on which entities, business
cycles and the accompanying accounting systems are built.

QUESTION 5

List and describe briefly the five components of internal control according to ISA 315
Revised that should be present in every entity’s internal control system.

SUGGESTED SOLUTION

1. Control environment 1
a. This relates mainly to the attitude of those charged with governance 1
(management) of an entity.
b. A positive attitude where management is committed towards the
design, the implementation, and the maintenance of a system of 1
internal control is the basis for any internal control system.
2. Risk assessment procedures 1
a. Such procedures include the ways in which those charged with 1
governance (management) of an entity identify and deal with (manage)
business risks relevant to the preparation of financial statements in
accordance with the entity’s applicable financial reporting framework.

b. Certain companies (those to which the King IV™ report are applicable) 1
must include in the company’s risk assessment procedures how they
deal with the governance of risk as prescribed by the report.
3. Information system relevant to financial reporting 1
a. This relates to the financial reporting system of an entity and consists
of the procedures and records necessary to initiate, record, process
and report the transactions (as well as the events and the conditions)
of the entity, and to maintain accountability for the related assets, 1
liabilities and equity.
4. Control activities 1
 a. These are the measures that those charged with governance
(management) of the entity design and implement in order to ensure 1
that the control objectives are met.
5. Monitoring of controls 1
b. Such monitoring refers to the processes by which those charged with
governance (management) of an entity consider whether the internal
controls implemented by them are operating as intended, and that the 1
internal controls are modified as appropriate for changes in conditions
at the entity.

MOTIVATION BOX

1. “Nothing is impossible, the word itself says ‘I’m possible’!”

Audrey Hepburn

2. “I've failed over and over and over again in my life and that is why I succeed.”
Michael Jordan

3. “Success consists of going from failure to failure without loss of enthusiasm.”

Winston Churchill