Graded Questions Solutions 2023

Graded Questions Solutions 2023
CHAPTER
2
Corporate governance, internal auditing and audit committees
SUGGESTED SOLUTION TO EXERCISE 2.1
1. 1.1 True This is the committee’s major function (Companies Act).

1.2 False Opinion shopping is to be discouraged by the audit committee, it is not an acceptable practice and has
negative connotations.
1.3 False The opposite is true. The audit committee chairman can bring valuable insights into reporting issues and
provide transparency and an independent perspective for shareholders. This does not undermine the
financial director.
1.4 True If the audit committee is to ensure the integrity of the financial reports, it will have to review this
important aspect of the report.
1.5 True This is a board responsibility, but it can justifiably be delegated to the audit committee (who in turn will
report to the board on this matter).
2. False This is in fact the task of the audit committee.
3. False Not all capitals are applicable to all companies. Large companies may interact with all capitals. However,
not all interactions may be of such a significant nature as to require their inclusion in the integrated report.
It is not required that all capitals be adopted in the integrated report, but they should rather be used as a
guideline to ensure that no relevant capitals are overlooked.
4. False Reporting in the triple context requires that companies report on the environmental, economic and social
aspects of a company’s activities, not simply on profits (financial).
5. False The audit committee should be responsible for recommending the appointment of the CAE to the board.
The board should approve the appointment (including the employment contract and the remuneration of
the CAE).
6. True The audit committee is responsible for ensuring this cooperation.
7. False The Companies Act requires all public companies and state-owned entities to appoint an audit committee.
(King IV, however, recommends that all companies who require an audit appoint an audit committee.)
8. False While it is certainly a function of internal audit to ‘provide a source of information regarding instances of
fraud, corruption, unethical behaviour and irregularities’ it is not the primary function. Internal audit
evaluates governance processes, risk management, internal control as well as business processes and its
associated controls; it does not restrict itself to fraud investigation.
9. False It is true that the board must ensure that the internal audit function is subject to an independent quality
review at least once every five years.
However, it does not stipulate that the external auditors must conduct the review. Such a review is not a
function of the external auditors and would not be an independent review, as internal and external audits
frequently work together.
10. False The CEO should not be a member of the remuneration, audit or nomination committee nor, by
implication, can he be the chair.
11. True The chairperson should be an independent non-executive director. In this case although the senior partner
would be non-executive he/she would not be independent (principle 7).
12. False While financial literacy is an advantage, it is not a requirement to be a director. Many different skills are
required to make up an effective Board, e.g. the production director may not be financially literate but
would probably be very strong technically. In terms of the recommended practices relevant to principle
7, the board should have a suitable diversity of academic qualifications, technical expertise etc. to make
it effective.
13. False All members should be non-executive directors of which the majority should be independent.
14. True This function is specifically mentioned in the Companies Act section 88.
15. False The CAE should not be a member of executive management and should function independently from
management.
1. 1.1 The size, turnover and workforce should be considered, as well as

1.2 the resources that the organisation has at its disposal in order to apply the practices.
1.3 The organisation should also consider the complexity of its strategic objectives and operations.
2. 2.1 Integrity
2.2 Competence
2.3 Responsibility
2.4 Accountability
2.5 Fairness
2.6 Transparency
3. 3.1 Being a responsible corporate citizen includes obeying the law and paying taxes, but it is far more extensive
than that.
3.2 Overall it requires that a company acknowledges that it is part of society and that it has obligations and
responsibilities to society.
3.3 Corporate citizenship involves how a company uses its resources, and how it balances its needs with those of
society, to achieve positive, lasting outcomes for the company itself, society and the environment.
3.4 So, being a responsible corporate citizen requires that companies give due consideration to the consequences
of their decisions and actions on a range of workplace, societal, economic and environmental factors, e.g. is
the outcome of the decision likely to be positive with regard to:
• the sustainable development of the company
• human rights
• the impact on the community in which the company operates
• fair labour practice
• prevention of fraud
• economic transformation.
4. Introduction
To understand the impact of these global realities, it is necessary to realise that singularly and collectively they present
companies with significant risks to their sustainability. Businesses are an integral part of society and they must be
governed in the context of economic, societal and environmental sustainability. To counter/respond to/address these
global realities companies must be governed by competent, ethical individuals operating within appropriate structures.
Global realities as identified by the King IV Report
1. Inequality within society: The growing divide between the ‘haves’ and the ‘have nots’ with regard to
resources, access to education, healthcare and living conditions contributes to growing social tension.
Business leaders need to understand that companies are an integral part of society and that to be sustainable
they should lead their companies in a way which can improve the lot of the ‘have nots’ by adopting fair trade
practices and investing in social development programmes which directly address the needs of the ‘have
nots’, e.g. running clinics, providing bursaries for education, building schools.
2. Climate change: Floods, global warming and other worsening climatic conditions worldwide are causing major
disruption to industry, e.g. placing food security at risk and agriculture. Leaders in industries such as
agriculture and fishing must fully recognise this risk and respond accordingly by securing infrastructure and
having disaster recovery protocols in place. Leaders should also ensure that they run their
companies/industries in a manner which does the least damage to the environment and which does not
contribute to climate change, e.g. controlling CO² emissions.
3. Overconsumption of natural resources: To meet growing populations, natural assets are being consumed at
a greater rate than nature can reproduce them. Industry leaders must respond to this in innovative ways as
overconsumption is simply not sustainable. Leaders must take decisions which may be unpopular with
persons who seek short-term profits. Leaders will need to address the problem by investing in research,
finding alternatives to their products and balancing the supply and demand of the natural resources their
industries consume. Conducting business in a manner that gobbles up natural resources is no longer an
option.
4. Geographical tensions: Wars, terrorism and civil unrest contribute to global tension. As business is now
global, these tensions will spill over into business. Companies who operate in regions of tension must find
ways of continuing their operations while at the same time protecting their employees and physical
infrastructure.
5. Stakeholder expectations and transparency: The ever present social-media platforms and the rise of
investigative journalism mean that companies can no longer conceal their actions and secrets. Stakeholders
(customers, employees and society in general) express their frustrations instantly and widely and a company’s
reputation can be significantly damaged in a very short period of time, e.g. a recent racial incident at a chain
of steakhouses that was all over Facebook caused much embarrassment and reputational damage to the
company involved. Similarly, an advertisement in poor taste (racial) aired by an international retailer was also
splashed all over social media and resulted in picketing of and physical destruction of some of the company’s
retail outlets. Leadership needs to recognise this reality and, by ethical and effective leadership, ensure that
the company is not placed in the firing line.
6. Rapid advancement in technology: Advances in robotics, artificial intelligence nanotechnology, the
proliferation of smart phones and ‘apps’ have placed traditional business models and ways of doing business
under serious pressure. It is essential that business leaders embrace the explosion in technology and adopt it
in the businesses they operate. Keeping up with advancements and innovation will be key to sustainability.
7. Less stable financial systems: The interlinking and interdependence of the world’s financial markets mean
that financial crises arising within a single large economy will have far reaching negative effects on numerous
other economies and the global economy. As stated previously, business is global and business leaders no
longer operate in the confines of their own restricted location. They must identify and respond to the risks of
being part of an international financial system, many aspects of which are out of their control.
8. Increased corruption: Corruption and other unethical practices undermine confidence in the business world
and discourage investment in companies that engage in such practices. On the local front think about Eskom,
Prasa, Steinhoff etc. Perceived to be corrupt or engaged in unethical practices, these companies have
destroyed their reputations and have been brought to their knees. This should be a clear message to
leadership that corruption and unethical practices must be recognised as a major risk and must be suitably
responded to.
5. 5.1 Conscience: A director should act with intellectual honesty in the best interests of the company. Conflict of
interest should be avoided, and independence should prevail.
5.2 Care: A director should devote serious attention to the affairs of the company (duty of care).
5.3 Competence: A director should have and should maintain and develop the knowledge and skills to govern the
company.
5.4 Commitment: A director should be diligent in his duties and committed to the company and to ensuring it
performs as it should.
5.5 Courage: A director should have the courage to act with integrity, even if it means ‘going against the flow’
and should have the courage necessary to take the risks associated with running the company.
6. Any 8 of the following major stakeholders:
• Suppliers
• Creditors
• Employees
• Government
• External auditors
• Consumers/customers
• Industry
• Local communities
• Media
• Regulators
• Potential investors.
1. (b) and (d)

2. (c)
3. (d)
4. (c)
5. (a), (b), (c) and (d)
6. (a), (b) and (c)
7. (a)
8. (b)
9. (c)
10. (a) and (d) – Note: For (a) consent is not required; for (d) members of board committees should be disclosed in the
integrated report.
11. (b)
12. (c)
1. Because companies are part of society, they are obliged to be (and should want to be) ‘responsible corporate citizens’. Thus,
like any other citizen, the company has rights but also obligations and responsibilities to society.
• Exploiting the public through false marketing and selling stock at inflated prices after a global pandemic is not something
a good corporate citizen would do.
2. Principle 1 of the King IV Code sets out that ‘the governing body should lead ethically and effectively’.
• The CEO and CFO of the company are not acting ethically and they are not cultivating and exhibiting characteristics of
integrity, responsibility, accountability, fairness and transparency, through their actions of inflating prices of vitamins
and falsely marketing them as 100% effective against monkey-pox, and hoping that it would remain hidden from their
auditors.
3. Furthermore, this happened after a pandemic, when vulnerable members of the public were wary of being exposed to
further illnesses.
• Thus, the company did not act as a responsible corporate citizen, as per principle 3 of the Code.
4. As part of the board, the CEO and CFO are not acting as custodians of the corporate governance in the organisation, as per
principle 6 of the Code, as they seem to have no regard for good corporate governance.
5. By boasting about the fact that MedSupplies (Pty) Ltd has an all-male board, the CEO is not promoting diversity in its
membership (principle 7).
• The CEO seems quite satisfied with the under-representation of women in the board composition (see King IV part 5.3
recommended practice 10).
6. Principle 8 of the Code states, inter alia, that the governing body should promote and assist with balance of power.
• Having the CEO as part of every committee does not achieve the goal of this principle.
• The governing body should ensure that that there is no undue reliance or dominance by any individual member, in this
case, the CEO.
7. King IV (in contrast to King III) does not prescribe the minimum number of committee meetings to be held.
• However, the CEO cannot simply decide that one meeting is sufficient, as this may prevent the committees from
properly performing their functions. (The Audit committee e.g. has many prescribed duties in terms of King IV and the
Companies Act.)
8. King IV further requires that the audit committee should meet annually with the internal and external auditors respectively,
without the presence of management (see King IV part 5.3 recommended practice 58).
• Therefore, having only one meeting, with the CEO present, is not practical.
9. King IV (part 5.3 recommended practice 79) stipulates specifically that the CEO may not form part of the remuneration,
nomination or audit committee and, as such, his being part of all committees is not good corporate governance.
10. Furthermore, the audit committee and nomination committee should, in accordance with King IV, comprise of all non-
executive directors.
• The CEO is not a non-executive director and as such he may not be a member of these committees.
11. Section 94(4) of the Companies Act also requires members of the audit committee to be independent in that a member may
not be involved in the day-to-day management of the company or be a full-time executive employee of the company, such
as the CEO.
12. Section 76 of the Companies Act requires a director, such as the CEO and CFO, to exercise powers and functions in good
faith and in the best interest of the company, and must act with a certain degree of care, diligence and skill.
• Inflating prices and partaking in false marketing are not seen as actions in the best interests of the company’s
reputation.
13. The company may also be trading recklessly in terms of section 22 of the Companies Act, which states that a company may
not carry on its business recklessly, with gross negligence, with intent to defraud any person or for any fraudulent purpose.
• The actions of the company may be seen as negligent and fraudulent – false advertising and exploiting the public.
14. The directors could also be held liable for any losses suffered by the company as a result of their actions in terms of section
77 of the Companies Act.
SUGGESTED SOLUTION EXERCISE 2.9
(a) The board should consider:

1. The collective skills, knowledge and experience needed for the board to meet its responsibilities.
2. The appropriate mix of executive, non-executive and independent non-executive directors.
3. The need to have sufficient qualified members to serve on board committees.
4. The need to secure a quorum at meetings.
5. Regulatory requirements, e.g. JSE regulations state that a listed company must appoint a financial director.
6. Diversity targets (experience, age, race and gender).
(b) 1. Integrity
2. Competence
3. Responsibility
4. Accountability
5. Fairness
6. Transparency
(c) 1. Ethical practice for directors should be non-negotiable; they should adopt and display the highest ethical standards in
their actions and behaviour.
2. Sound moral values and ethics should be propagated by the conduct of individuals throughout the company (regardless
of their position/role).
3. Business activity should be directed by people with integrity, fairness, responsibility, accountability and vision.
4. Laws and regulations should be obeyed, unfair practices should be avoided.
5. ‘Having to be ethical’ cannot be used as an excuse for poor business performance.
(d) 1. The code itself should be:
1.1 practical
1.2 fair to all
1.3 continuously reviewed
1.4 available to all, and understandable
1.5 sufficiently detailed as to guide the behaviour of all concerned
1.6 address all the key ethical risks.
2. Compliance with the code should be overseen by high level (senior) individuals within the organisation.
3. When new staff (of any level) are engaged, the ethical standards of the appointees should be explored in interviews
and referees reports.
4. When promotions take place, the ethical behaviour of the employee being promoted should have been investigated
and found to be beyond reproach.
5. All employees, both on joining the organisation and on a continuing basis, should be communicated with and trained,
regarding the values of the company and how those values are achieved.
6. The board should introduce a mechanism which provides a safe, confidential means for employees to report unethical
behaviour, e.g. ‘whistle-blowing’ phone lines.
7. The board should delegate authority for the monitoring of, and ‘punishment’ for, breaches of ethical behaviour to fair-
minded, knowledgeable and respected individuals.
8. The enforcement of discipline should be consistent and appropriate in severity.
9. All levels of management, including the board, should demonstrate their commitment to the Code by their own
behaviour, i.e. they should not simply pay lip service to the Code. This is an important part of ethical leadership.
10. Where an entity or an individual with whom the company has a relationship, does not demonstrate adequate ethical
standards, the company should, and should be seen, to end the relationship.
11. Instances where strong ethical behaviour has been demonstrated in difficult circumstances should be recognised and
‘publicised’.
(e) Personal conduct of employees
1. how to deal with bribery, commissions or favours
2. the use of confidential information
3. how conflicts of interest in the workplace, should be handled
4. the use (or misuse) of company resources
5. personal conduct outside hours of work
6. HIV/aids policy
The local community
1. the environmental policy
2. the company’s involvement in community/social activities
3. the policy on donations to the community, e.g. cash or kind
4. policy on community upliftment, e.g. clinics, education
Employment practices
1. equality of employment
2. occupational health and safety
3. education and training
4. policy regarding sexual harassment.
(a)
Company activity Justification
1. 1.1 Farming 1.1 Changes in climate affect rainfall and temperature; drought and heat can
destroy crops and make animal farming unsustainable.
1.2 Commercial fishing 1.2 Rising sea temperatures change fish populations and locations making it more
difficult to harvest the quantities of fish necessary to sustain the business.
2. 2.1 Mining – labour 2.1 Large workforce often made up of migrant labour leading to social and health
problems, e.g. prevalence of HIV/Aids.
2.2 Trucking (road haulage) 2.2 Truck crews are away from own communities for extended periods,
particularly on long-distance haulage into Africa and prostitution at truck
stops and border posts introduces serious health risks coupled with the fact
that good heavy vehicle long-haulage drivers are a scarce resource.
3. 3.1 Clothing and footwear 3.1 and 3.2 It is a reasonably simple matter for the branded products in these
3.2 Personal luxury goods sectors, e.g. Nike clothing, Gucci shoes, Rolex watches to be manufactured
locally or imported from Asia at prices (and quality) far below the cost of the
genuine article. The effect of this is felt more by companies selling ‘low’ cost
consumer items than by companies selling, say, motor cars, e.g. fake clothing
compared to fake Toyotas or BMWs.
4. 4.1 Refineries 4.1 Refining process pumps pollutants into the air.
4.2 Mining and industrial 4.2 Effluent from operations must be disposed of and can find its way into water
manufacturers systems.
4.3 Waste management 4.3 Waste of all kinds, including toxic waste, must be disposed of. Landfill sites
must be carefully monitored and designed to prevent environmental damage
particularly around sites.
4.4 Forestry 4.4 Uncontrolled harvesting and logging and a failure to properly restore areas
denuded of trees causes environmental damage.
5. 5.1 Mining 5.1 Mining companies must obtain licences to mine in a particular region or
country, e.g. the sudden withdrawal of a licence to mine in Angola or the DRC
could seriously threaten sustainability.
5.2 Public transport/road 5.2 It is a serious offence to transport members of the public without a licence; to
transportation retain the licence the company must (should) maintain their vehicles and an
acceptable safety record or be taken off the road.
6. 6.1 Music 6.1 The conventional forms of music (e.g. CD, DVD etc.) sales are under threat by
internet sites which allow consumers to purchase individual songs at
reasonable prices, quickly and efficiently.
6.2 Printing/publishing 6.2 More and more documents which used to be available only in hardcopy, are
now available as a download off the internet e.g. Acts of Parliament,
government gazettes, company financial statements, application forms. The
list is endless and represents work which has been taken away from printing
companies.
7. 7.1 Forestry, pulp and paper 7.1 Obviously if fire spreads through forests, mass destruction of timber can take
place (and does). This has a direct effect on the pulp and paper industry as
timber is an important raw material for them.
7.2 Timber product 7.2 Same would apply to saw mills, chipboard manufacturers, etc.
manufacturers 7.3 Many of these companies use and store combustible and flammable products
7.3 Chemical, petroleum and in their manufacturing or operational process, e.g. an exploding storage tank
gas at a fuel depot could cause damage from which the company may not
recover.
8. 8.1 Civil engineering 8.1 The majority of government infrastructure contracts go to large civil
contractors engineering contractors. Private-sector projects are unlikely to make up the
shortfall.
8.2 Cement and steel 8.2 These are the major raw materials for infrastructure projects so a decline in
merchants government spending will affect these industries.
9. 9.1 Medical service companies 9.1 If private medical service costs escalate beyond the reach of average
e.g. private hospitals consumers, there will be a shift to government-provided services (probably
encouraged by medical aids).
9.2 Pharmaceuticals 9.2 Pharmaceutical companies, particularly those who do not produce generics,
are likely to suffer declines in turnover/profits.
(b) 1. The high level information security principles are ensuring:

1.1 the confidentiality of information
1.2 the integrity of information
1.3 the availability of information when required (on a timely basis).
2. For a listed company operating private hospitals the ISMS is particularly important for the following reasons:
2.1 The company’s databases are going to contain medical information about patients which both morally and
legally in some cases is highly confidential. Should the information become available to unauthorised individuals
(e.g. as a result of poor access controls) there could be serious legal implications and reputational damage. Both
of these could threaten sustainability.
2.2 Ensuring the integrity of the system means ensuring the accuracy and completeness of information and
processing of information. A patient’s medical records that are inaccurate or incomplete places that patient at
risk should treatment/operations be required, e.g. a diabetic patient may be administered a drug which is
harmful to his/her condition. This may result in death, reputational damage and liability particularly if the
patient’s records were inaccurate or incomplete as a result of a lack of controls exercised by the hospital, e.g.
poor access controls, poor data-capture controls.
2.3 In the case of a medical emergency, access to a patient’s records or to other database or web-based information
may be critical for the survival of the patient. If the system is ‘down’ or does not make the required information
available when needed, the consequences for the patient and subsequently the hospital may be dire.
2.4 It must also be remembered that the hospitals are profit making businesses in themselves and like all large
businesses there will be numerous ‘transactions’ being entered every day, some seven days a week. A hospital,
particularly a private hospital, cannot be let down by its systems. Thus the security of all its systems and
databases is very important, e.g. drug inventories, debtors, salaries and wages, assets and asset maintenance.
If the hospital does not function properly it will go out of business.
CHAPTER
4
Basics: Evidence, assertions, internal control
– general computerised environments:
Introduction, general controls
(a) The control environment

The entity’s risk assessment process
The entity’s process for monitoring the system of internal control
The information system and communication
Control activities
(b)
1. Control environment
Participation by those charged with governance and communication and enforcement of ethical values: The board
(including the chairman) is actively involved in developing a strong sense of ethics in the company. The board
• sets the conditions of the ethical code
• communicates to employees the contents of the code and the consequences of breaking the code (full attendance
of the board demonstrates the importance of ethical behaviour)
• investigates all alleged violations of the code.
2. Control activity
Custody control: This control is designed to protect the company’s assets (intellectual property) – e.g. research data, formulae
for medications, etc. – from theft/misuse by research personnel.
3. The information system and communication
The cost accountant and his specialised software are part of the information system designed to produce valid (occurred and
authorised), accurate and complete information pertaining to expenditure on research.
4. Control activities
4.1 Comparison and reconciliation: This activity amounts to comparing actual research costs incurred against budgeted
research costs to identify any overspending, investigate the causes and resolve any weaknesses that gave rise to the
overspending (to prevent any similar overspending from occurring). Underspending will also be followed up when it has
occurred unexpectedly.
4.2 Performance review: A review by the directors of the performance of the research department in controlling costs.
Note: The direct involvement of two important directors is also part of creating a sound control environment.
5. Control activities
5.1 Authorisation/approval: The meeting of the two directors is an authorisation process at which the financial director
approves the write-off of a debtor(s) where necessary.
5.2 Isolation of responsibility: Requiring the directors to sign the journal entry supporting documentation isolates the
responsibility of the two directors applying the company’s bad-debt policy and shows that they acknowledge that they have
done so.
5.3 Performance review: In effect, this meeting is also a review of the credit management function.
Note: Again, the direct involvement of two important directors is also part of creating a sound control environment.
6. The entity’s risk assessment process
This meeting of a committee of the board will be part of the identification and evaluation of, and response to, the strategic risks
(new trends and potential market developments) and compliance risks (regulatory environment) facing the company.
7. Control activity
Custody control – physical: This is a control designed to prevent the physical deterioration of one of the company’s assets – e.g.
inventory.
8. The entity’s process for monitoring the system of internal control
A customer phone-in service is a means of monitoring how certain aspects of the internal control process are doing over time.
Analysis of calls from customers will help the company determine whether it is adequately addressing operational risks
such as distribution of products as well as market-related risks (pricing and product demand). Obviously, some of the
information provided by customers will not relate specifically to the internal control process.
9. Control activity
Segregation of duties and custody control: This ‘segregates’ the custody of the inventory from the record-keeping related to that
inventory, which in turn contributes to the protection (custody) of the inventory. Neither the custodians of the inventory
(the warehouse manager) nor the pickers can amend the records to cover up shortage of inventory due to theft, etc.
CHAPTER
8
The revenue and receipts cycle:
Sales, debtors, cash and cash at bank
(a) Having cash in a business is a security risk. There is a potential for theft and physical harm to employees who deal with cash.
(b) False. Revenue and receipts systems can vary considerably. A number of different products and services can be provided
by businesses, which means that there will be plenty of variation in the systems that you will encounter in practice. Goods
can be sold over the counter, internet, phone etc. Some businesses sell physical goods, while others provide services which
may take a long time to complete (e.g. a membership contract or construction contract).
(c) There is a risk that the customer will not pay and the business may suffer a loss as a result.
(d) (i) Customer order: external document sent by the customer which details the goods the customer wishes to purchase.
(ii) Delivery note: records date, description and quantity of goods despatched to the customer and is signed by the
customer to acknowledge the receipt of the goods.
(iii) Back-order note: contains details of goods that could not be supplied when ordered by a customer as there was no
invertor available; reviewed to establish whether an order has been placed with a supplier for the outstanding
goods.
(iv) Credit note: an internal document sent to the customer to acknowledge that the customer’s account has been
reduced (credited) for some reason other than for a payment received, e.g. goods have been returned by the
customer.
(v) Goods-returned voucher: document made out by the company itself that is used to record the details of goods that
have been returned by a customer.
(e) 1. To ensure that completeness testing can take place to identify missing documents;
2. To provide each document within a document type e.g. each invoice, with a unique identity; and
3. To facilitate cross-referencing.
(a) There is a risk

• of the company’s not complying with the Electronic Communications and Transactions Act which may result in the
company facing liability;
• in connecting to the internet, of unauthorised access to the company’s computer system, which could lead to service
disruption, virus contamination, data destruction or corruption and the loss of confidential information;
• that information keyed in by customers may be inaccurate or incomplete, resulting in orders that cannot be filled,
leading to customer dissatisfaction and loss of sales;
• of unauthorised disclosure of confidential customer information (by hacking/eavesdropping or loss of data integrity)
once the transmission of the transaction is underway;
• of potential customer loss or reputational damage if customers are not satisfied with the website security;
• of loss of customers or reputational damage due to any lack of availability or functioning of the online site, resulting
in loss of sales;
• of incorrect online pricing; and
• that an inadequate audit trail may hinder the company’s ability to defend itself against legitimate or fictitious claims
or queries pertaining to a transaction (e.g. customers who deny placing orders or customers that claim they have
placed orders that were not filled).
(b) These products can
• log the sites on the WWW that have been accessed by employees (which will dissuade staff form accessing illegal or
unacceptable sites from the office);
• prevent users form accessing certain websites;
• control the addresses, length and content of emails, by monitoring the email protocol (thus, emails to or from certain
specified addresses or over a certain length or containing attachments may not be allowed to pass);
• pass all incoming files through a virus scanner;
• encrypt emails that are sent to specific sites; and
• control the delivery of messages to specific PCs.
(c)
• Orders may be accepted for which payment has not been received.
• Orders may not be acted on timeously or at all, resulting in a loss of sales and customer goodwill.
• Inaccurate or incomplete order details may be recorded, that will result in incorrect deliveries, returns and customer
dissatisfaction.
• ‘Out of stock’ items may not be identified resulting in the loss of the sale and customer goodwill.
• Valid picking slips may not be acted on.
• Goods may be removed for inventory for fictitious/unauthorised sales.
• Incorrect items and quantities may be picked.
• Inaccurate and incomplete delivery notes may be made out, resulting in a loss of revenue.
• Theft may be facilitated by uncontrolled despatch.
• Incorrect goods or quantities may be despatched.
• Goods may be delivered to the wrong customer.
• Customers may deny receiving goods.
• Goods released from the warehouse may never be despatched or not despatched timeously.
(d)
• Access to the order file should be restricted (specific terminals, password controls and least privileged access).
• The order selected should automatically be transferred from the order file to the picking slip file (in effect the sales
order should ‘become’ the picking slip).
• A code should be allocated to the order indicating the status of the order and preventing the order from being selected
again for picking.
• The screen should be formatted as a picking slip.
• The goods picked should be ticked off by the picker against the quantity field on the picking slip, or a number should
be entered into a designated field.
• Should the quantity not be available, the actual quantity picked should be entered.
• The picker should electronically sign the picking slip.
• Different persons should be responsible for picking of the goods (picker) and doing the final checking of the quantity
picked against the picking slip (picking control clerk) (segregation of duties).
• The picking control clerk should check the physical goods picked against the picking slip to ensure that there are no
differences between the quantity picked and the quantity indicated as picked on the picking slip.
• The picking control clerk should be able to select the number of the picking slip from a drop-down menu.
• The picking control clerk must electronically sign the picking slip.
• Access to the picking slip should be restricted (restricting the fields which can be changed, password controls and least
privileged access).
• All quantity adjustments should be logged.
• There should be control over the use of the barcode scanners (physical control over its use and password authorisation
on the system when scanned.)
• The warehouse should have suitable physical protection controls over the goods. (e.g. physical access control, fire
extinguishers etc.).
• The despatch controller should have read-only access.
• The despatch controller should match the physical goods with the onscreen picking slip.
• If any errors exist, the despatch controller should not be able to alter the quantity. He should separately log the
difference and resolve the matter with the picking control clerk.
• The despatch controller should confirm that the picker has electronically signed off on the document.
• The despatch controller should electronically sign the document off.
• Activities and access should be logged and logs should be inspected for exceptions.
Weakness Explanation
1. There are insufficient physical access controls 1. As an additional uncontrolled ‘entry/exit’ point has been
1.1 between the finished goods store and the outlet – created to the finished goods store, the increase in the
inventory is ‘conveniently transferred’ from risk of theft (unauthorised despatches) from the factory
finished goods stores to the outlet, and employees (and the outlet itself) has been increased significantly.
can ‘come and go as they wish’;
1.2 between the outlet and the street – customers (i.e.
anyone) have ‘easy access’ to the outlet.
2. The physical layout and lack of security checks increase 2. ‘Customers’ can walk in off the street, steal goods and
the risk of theft by the general public. exit the outlet without having to pass through any
security.
3. There is no check (division of duties) in respect of the 3. Because Greta Garbo is (normally) the only person
effecting and recording of a sale by Greta Garbo, i.e. no involved in a sale, she is able to
security or ‘gate control’ on whether goods leaving the 3.1 undercharge on a particular item; or
outlet are supported by a receipt.
3.2 not charge at all (friends etc.), thereby allowing
goods (in effect) to be stolen.
4. Finished goods stores clerks assists on an ‘ad hoc’ basis. 4. This reduces the isolation of responsibilities and gives
the clerks the opportunity to sell goods (fraudulently)
from the finished goods store.
5. The receipt made out to record a sale is inadequate as it 5.1 A standardised pre-printed document would enhance
is not the accuracy and completeness of recording the sale.
5.1 a standardised pre-printed multicopy document; 5.2 Because the receipts are not sequenced, there is no
5.2 not pre-sequenced; possibility of properly reconciling receipts with cash
5.3 not checked for correctness of prices, extensions sales made. Although an ‘official’ receipt has been made
casts and VAT. out and signed by the customer Greta Garbo can simply
Note: there is also no signage telling customers to obtain destroy her copy of the ‘receipt’ and steal the equivalent
a receipt. This makes it even easier for Greta Garbo or amount of cash. (If a sequenced receipt is made out a
anyone else working in the shop to steal the proceeds of completeness of cash on hand can be carried out.)
a sale.
6. There is inadequate physical protection over cash on 6.1 To keep the day’s sales in a moveable cashbox under the
hand at the outlet. counter in an area which has direct uncontrolled
entry/exit to the street significantly increases the risk of
theft of the box/injury to employees (armed robbery).
6.2 A second key to the cashbox is available, which provides
the opportunity for cash to be stolen when Greta Garbo
is not present.
7. No independent reconciliation of the sales 7 & 8 Because of these weaknesses
recorded for the day to the cash on hand takes 7.1 there is no source total for cash sales to which
place. subsequent reconciliations can be made, e.g.
8. When the cash is transferred between different postings to the cash sales account in the ledger,
parties (e.g. Greta Garbo and Vish Naidoo there cash banked; and
is no acknowledgement of transfer isolation of 7.2 cash can be stolen by a number of parties e.g.
responsibility). Vish Naidoo, the store's clerk who sometimes
drops off the cash (would need the key – easily
obtained), Joe Phule, or anyone who has access
to the company safe. Any amount stolen
cannot be quantified (no source total) or
pinpointed (isolated) to a particular individual.
9. There appears to be no reconciliation of cash 9. If proper records were kept of the movement of
sales to inventory movements including inventory, Greta Garbo could be held accountable by
frequent counting (even daily) of inventory on the reconciliation of the movement of inventory (say
hand. This combined with the other weaknesses daily) with her cash on hand, e.g. for every item sold
means that inventory can be stolen (by a number there should be the relevant amount of cash.
of people, internal and external) and it will not
be detected.
10. Excessive amounts of cash are held at the 10. This increases the risk of armed robbery and
company and allowed to accumulate (not endangers staff.
banked timeously). Inadequate risk assessment
on the part of management.
11. Cash from cash sales is used to pay wages 11. This weakens the control over misappropriation of
(company should also insist that all employees cash by unnecessarily complicating the reconciliation
are paid by EFT). and audit trail of cash receipts and wages, by
combining a cash-generating system and a cash
expense system.
12. There appears to be no independent supervision 12. He has access to the cash from the outlet. He uses
or checking on what Joe Phule does and there is some of it for a legitimate expense (wages) and banks
an inadequate division of duties relative to his the excess cash every month. As there is no
function. independent reconciliation of what cash he received,
how much he paid in wages and how much he
banked, he could easily misappropriate some of the
excess cash (see point 13 below).
13. There is inadequate control over the 13.1 Greta Garbo can report any figure she likes for cash
authorisation and accuracy of the journal entry sales, and hence could easily cover up any
passed by Otis Redding. He does not misappropriations (she could also easily collude with
independently verify or reconcile the figures Joe Phule to perpetrate larger fraud).
presented to him. 13.2 Because there is no reconciliation of actual cash on
hand to theoretical cash on hand before the entry is
passed, theft of cash by Joe Phule will not be
detected.
14. Management does not appear to have created a 14. The failure to implement suitable controls, e.g.
strong control environment. division of duties, isolation of responsibilities, lack of
supervision, particularly in respect of cash and the
physical control of inventory and cash will result in
misappropriation of company assets. Management
appears not to be particularly control orientated.
1. There is a lack of basic division of duties as there is no 1.1 As the receptionist is not required to record all
separate order department to receive and authorise incoming orders in a register, the risk that orders are
customer orders. lost (and therefore never filled) is increased.
1.1 There is inadequate control over the receipt of 1.2 As the senior warehouse clerk does not acknowledge
customer orders: receipt of the orders from the receptionist (e.g. by
• A register is not kept of all orders received. signing for it) he cannot be held responsible if orders
are lost/not filled, e.g. he can simply deny having
• There is no acknowledgement of receipt of
received the order in the first place.
orders from the receptionist by the senior
warehouse clerk.
2. The internal documentation initiating sales transactions 2.1 If customers’ orders are not recorded on a sequenced
is inadequate: internal document, the risk of orders not being
2.1 No pre-printed, properly designed sequenced filled/lost is significantly increased, as there is no
internal sales order/picking slip is used to record method of sequence testing orders to determine
customer orders and initiate picking of goods whether they have all been executed or accounted
ordered. for.
2.2 There is a lack of audit trail. 2.2 The lack of a properly designed ISO/picking slip, e.g.
with specific blocks for the picker to sign and enter
details of ‘out of stock’ or short picked items will
increase the occurrence of incorrectly picked items
(quantity or description).
2.3 The lack of audit trail makes it more difficult to follow
up on customer queries.
3. No (initial) credit management controls are in place. 3.1 All orders that are received are filled before checking
3.1 Credit is extended to new customers without a whether the order is from an existing customer; if the
credit application being completed by the customer does not have an account, Carmen Chetty
customer and evaluated by Cold Front (Pty) Ltd’s simply opens one without any evaluation of the
management. client’s creditworthiness.
3.2 no credit terms and limits are set or authorised by 3.2 This significantly increases the risk of losses from bad
management. debts as the company will inevitably make sales to
companies that cannot pay.
3.3 The failure to ‘authenticate’ its customers before
providing them with goods also facilitates fraud being
perpetrated, e.g. anybody (including an employee)
could send through an order from a fictitious
company to obtain goods with no intention of paying
for them. This will result in losses for the company.
4. Sales authorisation procedures are inadequate in that 4. The failure to carry out checks on existing customers
no check is carried out on the credit standing of existing credit standing, considerably increases the risk of
debtors before their orders are filled, e.g. long- losses from bad debts (this problem is compounded
outstanding balance or balance too high. by the fact that no credit terms/limits are set).
5. There appears to be no method of identifying orders 5. If orders that have been faxed or emailed and sent
which have been faxed and emailed and sent through through the post are not identified, the same order
the post (duplicated). will be filled twice, resulting in problems later on in
the cycle, e.g. goods being returned, customer
dissatisfaction.
6. Controls over the picking of goods are inadequate as 6.1 Customers’ orders are not suitably designed for use as
6.1 photocopies of customers’ orders are not suitable picking slips; this increases the risk of producing
for picking items; inaccurate ‘picking slips’ which in turn will result in
the generation of incorrect delivery notes and
6.2 pickers do not sign the photocopy order they have
invoices.
picked (or initial changes they make to the
quantities); and 6.2 As pickers do not sign the picking slip it is more
difficult to isolate responsibility for errors in picking
6.3 there is no supervisory checks carried out by the
and recording.
senior warehouse clerk on the picking of the
junior warehouse clerks. 6.3 This lack of accountability, combined with the fact
that the senior warehouse clerk does not check what
has been picked, will result in a failure to identify
• quantities or items which have been incorrectly
picked (by mistake or as theft); and
• orders that have not been picked at all.
7. Customers are not promptly informed of orders that 7.1 Customers will only be aware that they are not
cannot be filled at all or can only be partially filled, receiving the goods they ordered once the delivery
because is made (or, where their entire order cannot be
7.1 no inventory availability check is carried out filled, when they phone to enquire). This may cause
when the order is received (no order serious disruption in their business and lead to
department!); and Coldfront (Pty) Ltd losing future sales.
7.2 no comparison between what the customer 7.2 Customers may receive goods they have not
ordered (per the customer order) and what was ordered resulting in customer dissatisfaction.
despatched (per the delivery note) is made.
8. There appears to be no back order system in place 8. Although the pickers (partially) identify ‘out of
whereby the buying department is notified about stock’ items on the photocopy order, nothing is
inventory shortages. done about it; this means that items will remain
‘out of stock’ until normal re-ordering takes place.
Customers will be dissatisfied, and further sales will
be lost.
9. The despatch section 9.1 Items can go missing or be stolen and the point at
9.1 does not acknowledge the transfer of the which they went missing cannot be isolated to a
picking baskets from the warehouse to specific section, e.g. a picker may claim to have sent
despatch (checking contents before signing for an item to despatch when in fact he has stolen it.
the baskets); and 9.2 Despatch does not ensure that the delivery note is
9.2 does not check the items for which it is making made out correctly in respect of the description and
out the delivery note (details are taken from quantity of goods actually despatched therefore
the photocopy order). • mistakes in picking will not be identified; and
• discrepancies between what is on the delivery
note and what is delivered will occur.
10. There is a serious lack of division of duties with 10. Carmen Chetty carries out incompatible functions.
regard to the functions performed by Carmen Chetty. E.g. she could easily defraud the company by
She • writing off amounts owed by friends or family;
• opens new debtors accounts; • manipulate payments from debtors and pass a
• deals with EFT payments/raises invoices; and fictitious credit note to cover the loss; and
• passes credit notes etc. • arranging with certain customers (other than Cold
Front (Pty) Ltd) to make EFT payments into an
additional bank account over which she has
control, withdraw the payment for herself and
then write off the debt in Cold Front (Pty) Ltd’s
records.
11. There is a poor control environment. Management 11. The lack of supervisory controls will result in all staff
do not appear to be control conscious or to lead by cutting corners, making errors (and possibly
example in that defrauding the company) which will ultimately cause
• junior staff are not supervised and checked; and losses to the company.
• Carmen Chetty is left to her own devises.
CHAPTER
10
The acquisition and payments cycle:
Purchases, creditors and accruals
1. Manual review of the automated application control.

2. General control.
3. Automated application control.
4. General control.
5. IT general control – logical access restricting user access to only authorised users.
6. IT general control.
11. IT general control – logical access restricting user access to only authorised users.
12. Manual review of the automated application control.
PART A
1. Suppliers with whom orders are placed by Shamus 1. This weakness could easily lead to fraudulent practices
Rennie and Lukas Radebbe, are selected based on in the ordering function. Shamus Rennie and Lukas
their ‘personal preference’. Radebbe could place orders with friends/relatives or
could set up their own business to supply C-Saw (Pty)
Ltd at inflated prices.
1.1 Goods of inferior quality may be acquired posing a
threat that finished goods may not meet safety
standards for children’s play equipment.
2. Before placing the orders Rennie and Radebbe do 2. Failure to carry out this procedure could easily result in
not contact the supplier to confirm/specify 2.1 C-Saw (Pty) Ltd paying more than they should for
2.1 price; and raw materials/parts; and
2.2 availability. 2.2 production delays (production is carefully
scheduled).
3. There is no independent check that 3. As there is no independent check on the order,
3.1 what has been included on the purchase order 3.1 orders which are inaccurate (quantity,
is correct in terms of the documentation description) or incomplete (items) could be placed
provided by the factory manager; and resulting in production delays; and
3.2 only items on the documentation are ordered. 3.2 the administration clerks can order whatever they
like for their own personal use (and have the
company pay) by simply adding items onto the
order.
4. There is no check by anyone that orders have been 4. As nobody checks orders placed against the
placed (sequenced) production schedules from the factory
4.1 timeously; or manager, inventory (which is required in 15 days) may
be ordered late or not at all, resulting in production
delays, lost sales etc.
4.2 for all ‘requisitions’ (production schedules)
from the factory manager.
5. Rennie and Radebbe are able to place orders 5. This weakness
without any form of authorising document (e.g. 5.1 enables the administration clerks (again) to
requisition). purchase whatever they like for their own
purposes (and have the company pay); and
5.2 can easily result in overstocking, tying up capital
in inventory unnecessarily and greater losses from
obsolescence.
6. Rennie and Radebbe do not establish whether any 6. Again, this weakness can easily result in overstocking
of the items to be ordered per the list supplied by (see point 5.2 above). Inventory should be purchased
the factory manager are already in stock (or based on the company’s needs not on the basis of its
whether items which they buy on ‘special’ are suppliers marketing strategies!
actually required).
7. There is inadequate documentation in the ordering 7. In the existing system
and receiving functions. 7.1 the ordering function and receiving functions
7.1 There are insufficient copies of the purchase have no permanent record of orders placed or
order. goods received;
7.2 There is no separate document to record the 7.2 there is no evidence of isolation or responsibility
receipt of goods ordered (goods-received and any queries pertaining to an order or a
note). receipt of goods cannot be resolved within the
function.
7.3 See point 9.2
8. There is a totally inadequate division of duties 8. This is a major weakness in the cycle as it enables
between the ordering function and the receiving Shamus Rennie and Lukas Radebbe to order whatever
function; Shamus Rennie and Lukas Radebbe are goods they like for their own purposes and take
responsible for both functions. possession of the goods. It facilitates theft from the
company.
9. Receiving controls are inadequate: 9. This lack of control will result in
9.1 No GRN is prepared (goods are simply ticked 9.1 an increase in the risk of invalid, inaccurate or
off on the pink copy of the order). incomplete receipt of goods. Making out a
9.2 No quality checks at all (and limited quantity sequenced, properly designed document (as
checks) appear to be carried out. goods are opposed to simply ticking items off on a
simply ticked off as they are off loaded. document designed for another function)
provides for a basis for proper recording of the
9.3 Whoever is receiving the goods does not
receipt of goods, supervisory checking (against
record any short deliveries/over deliveries,
orders, suppliers delivery notes)
damaged goods on the supplier’s delivery note
acknowledgement of transfer of goods to stores,
(but signs it anyway); delivery problems are
subsequent validation of invoices from suppliers
only identified at a later stage.
and follow up of unrecorded liabilities;
9.4 Whoever receives the goods does not sign
9.2 the acceptance of damaged goods and incorrect
anything to indicate that they have carried out
deliveries;
the function.
9.3 disputes with suppliers:
• by signing the supplier delivery note without
identifying problems with the delivery, the
supplier is entitled to assume that all goods
were correctly delivered and accepted; and
• the suppliers delivery personnel do not sign
anything to acknowledge delivery problems.
In effect C-Saw (Pty) Ltd has no proof of short
deliveries etc.; and
9.4 any subsequent problems/queries with a delivery
cannot be pinpointed to the administration clerk
who received the goods (isolation of
responsibility).
10. Short deliveries are not followed up with the 10. These weaknesses may result in
supplier but are immediately re-ordered; and there 10.1 C-Saw (Pty) Ltd being charged twice for the
is no indication that orders not executed are same goods (see point 9.3; the supplier has a
followed up with the supplier. signed delivery note against which it will
invoice C-Saw (Pty) Ltd and another order
against which it will supply goods and invoice
accordingly); and
10.2 production delays, especially where the
supplier cannot supply (Rennie or Radebbe
should establish reason for short or non-
supply).
11. No document is signed (by Rennie/Radebbe and 11. Problems with physical inventory (e.g. inventory
warehousing personnel) to acknowledge the shortages) cannot be isolated to their origin, e.g.
transfer of the goods from receiving into inventory could be stolen from the warehouse, but
warehousing. warehousing could claim they never received it.
12. There is inadequate control over the pink purchase 12. This is the originating document for purchases and the
order. only copy thereof:
• Copies of the document move between numerous
functions (ordering, receiving, warehouse and
accounting) in an uncontrolled manner, e.g. ‘left on
Clint Castro’s desk’, and could easily be lost,
altered, destroyed.
• There is no evidence of frequent sequence testing
and no other internal documents to check the
purchase order against.
13. There is inadequate division of duties between the 13. This fundamental weakness facilitates the covering up
keeping of the inventory records and the custody of of inventory shortages in the records. As Clint Castro is
inventory; Clint Castro is responsible for both. responsible for both custody and recording, he is able
to ensure that theoretical inventory and physical
inventory always agree, thus hiding theft etc.
14. There is a very poor control environment. 14. It is obvious from the above that members of
management do not understand the importance of
internal control in the cycle and do not make their
presence felt by supervisory checking, authorising
transactions etc. This will give rise to an environment
in which employees can do as they please.
15. Multiple staff members have access to the 15. Although the company saves a significant amount of
inventory and creditors’ master data file. time, the decision to grant all staff members in the
purchase order process access to the master data file,
brings control risk to the process.
Changes don’t seem to be reviewed or authorised ‘as
everyone can now go about completing their own
responsibilities’.
May result in human error, and exceptions not being
remediated. Could provide the opportunity for fraud
as bank details etc. can easily be changed for creditors.
Lack of segregation of duties
PART B
a) auditor
In
transaction,
termscan
of ISA
thus
account
330,
notthe
decide
balance
auditor
that
andmust
there
disclosure,
design
is no need
and
regardless
perform
for substantive
ofsome
the assessed
substantive
testing.risk
Theof
procedures
reason
material
formisstatement.
for
thiseach
is that
material
Theclass of
• risk assessment is judgemental and the auditor may not have identified all risks; and
• Internal control has inherent limitations, including management override.
b) Substantive tests consist of:
Substantive tests of details. This type of procedure has the purpose of auditing the detail of a transaction, account
balance or disclosure, e.g. ‘Obtain the invoice and recalculate the amounts and VAT calculations’.
Substantive analytical procedures. This type of procedure provides overall evidence, e.g. ‘Compare the purchases
c) for different
Observation
when
observing
number,being types
not of
ora apurchase
watched
is
negative raw
a very
by materials
order
quantity,
the
convincing
being
auditor.from
ensure
auditperiod
toprocessed,
It should
that toauditor
procedure
the period
always
the system
as and investigate
be employees
combined
may
willask
reject
the
with
are
it.
clerk any
likely
other
totounusual
insert
audit anfluctuations’.
perform
procedures,
invalid
their tasks
purchase
e.g.properly
when
order
1. The method used for determining inventory items 1. The failure to implement a more ‘scientific’ method of
and quantities to be ordered is unsatisfactory, i.e. determining what items should be ordered will result in
there are 1.1 lost sales due to items being ‘out of stock’; and
1.1 no re-order levels/re-order quantities are set; Note: Percy Garmin sometimes ends up placing orders
and for items which are already out of stock.
1.2 no indications from the sales department as to 1.2 the ordering of items which are not required
what items are selling. resulting in money being unnecessarily tied up in
inventory, liquidity problems and potential losses
from obsolete inventory.
2. The initiation of orders appears to be solely 2. Should Percy Garmin be sick, leave the company or
dependent on Percy Garmin, (and his knowledge of simply fail to carry out his weekly ordering exercise, the
the business). He is not supervised or assisted. company is likely to suffer inventory availability/loss of
sales problems.
3. Percy Garmin does not retain a copy of the 3. As Percy Garmin has no record of what he
warehouse requisition. requisitioned, he has no way of determining whether
what he requisitioned has been ordered or received.
This may result in items being requisitioned a second
time and orders being duplicated.
4. No copy of the purchase order is sent to the 4. As the receiving department has no record of what has
receiving department. been ordered, it will have no means of checking
whether goods delivered by the supplier are
4.1 in response to a valid (authorised) order; and
4.2 correctly delivered in terms of description and
quantity.
The company may well end up taking into inventory,
and paying for, goods that were never ordered, or are
incorrect resulting in losses, inventory obsolescence
etc.
5. There is no follow up to determine whether 5. As this follow up is not carried out, goods ordered may
purchase orders placed have been filled. never be received resulting in more ‘out of stock’
5.1 Arnold Image has no means of following up as situations, lost sales and dissatisfied customers.
he does not know what has been received.
5.2 The receiving department has no (pending)
copy of the purchase order to identify ‘long
outstanding orders’.
5.3 There is no check in the warehouse of goods
received against the original requisition.
6. There is no approved supplier list, i.e. no 6. As Arnold Image has total control over which suppliers
independently authorised list of suppliers who have the company purchases from, he is in a position to use
been evaluated for reliability, pricing and quality, suppliers that provide him (personally) with benefits to
from which Arnold Image can make purchases. the detriment of the company, by e.g. paying high
prices to a supplier who is a family member, taking
bribes or kickbacks for placing orders etc.
7. Arnold Image does not contact suppliers prior to 7. This may result in the company paying higher prices
placing the order to confirm availability, pricing and than they should, delivery problems etc. resulting in
delivery time. lost sales.
8. There is a lack of supervisory control over the 8. As there is no supervisory check, Arnold Image could
ordering function, i.e. nobody checks the orders quite easily be placing orders
placed by Arnold Image for 8.1 which do not appear on the warehouse requisition
8.1 accuracy and authority; and are for his own personal use, and for which
8.2 suitability of the supplier, reasonableness of the company will pay; and
price and correctness of detail; and
8.3 the nature of the goods being ordered.
8.2 which are inaccurate (quantity, description)
incorrectly priced or from inappropriate,
unreliable suppliers.
9. There is a serious breach of division of duties where 9. Allowing Arnold Image access to ‘receiving’ and the
Arnold Image is allowed to assist in ‘receiving’ and warehouse gives him access to any goods he may have
the warehouse. (fraudulently) ordered for his own personal use. (As he
is unsupervised, he can go into receiving ‘to help’
whenever he needs to).
10. The goods received clerk conducts his checks 10. The receiving clerk has no copy of the order and hence
against the suppliers delivery note, not the order can only check deliveries against the supplier delivery
placed by Streetwheels (Pty) Ltd. note.
This may result in
10.1 goods that were never ordered at all, being
accepted;
10.2 incorrect quantities being accepted (over or
under); and
10.3 items not delivered never being identified.
11. No properly designed document (usually a goods 11. A properly designed and sequenced GRN facilitates
received note) is made out to record deliveries. 11.1 the recording of every delivery on an internal
document, a copy of which can be retained in
the warehouse for reference purposes;
11.2 easy follow up of queries (by GRN reference),
sequence testing for identification of missing
GRNs, and cross-referencing to orders both at
the receiving bay and subsequently; and
11.3 a reduction in the risk of invalid payments to
creditors, i.e. the GRN is good evidence, when
matched to orders and supplier documents,
that the goods to be paid for have been
received.
12. There is a lack of division of duties/isolation of 12. The goods receiving clerk is responsible for receiving
responsibility in respect of the transfer of goods goods but also for placing them in the warehouse. This
between the receiving bay and the warehouse. means that the personnel who have custody of the
inventory (e.g. Percy Garmin) do not acknowledge
receipt of what they are required to control. Any
inventory shortages cannot be ‘isolated’ to where they
occurred.
13. The control environment is weak. The inadequate 13. A poor control environment gives rise to an increased
supervision and poor system and document design risk of fraud and theft in a cycle which is by its nature,
suggest a poor attitude to control by management. susceptible to fraud and theft.
CHAPTER
11
Inventory and production cycle
(a) 1. General control – Continuity of reconciliation.

2. IT General control – Could be regarded as part of the company’s ‘general’ access policy, i.e. need-
to-know basis.
3. General control – Systems development (program maintenance) and control environment.
4. IT General control – Access control (physical).
5. IT General control – Logical access control (custody).
6. General control – Control environment (human resource policies and practices).
(b) It is important to remember that control activities in a computerised system will be a combination of manual and
automated (programmed) controls. As the auditor, you may determine which automated application controls are
present at Santacruz (Pty) Ltd, and then test the IT general controls that support those automated application
controls. There are a number of automated application controls at Santacruz (Pty) Ltd that, as a result, will require IT
general controls tests. As a minimum, the auditor should test the access controls and the change management
controls.
(c) Test logical access control
• Select a sample of users who have access to inventory and determine whether they have been granted access in
accordance with their job profiles.
• Enquire whether any changes have been made to the user profiles during the financial year and review the modi-
fications.
• Select a sample of terminated employees and determine whether their access was revoked timeously when they
left Santacruz (Pty) Ltd.
• Select a sample of new users and determine whether they have been granted the appropriate access.
• Review segregation of duties reviews performed by Santacruz (Pty) Ltd and ascertain whether they have any
users where two or more parts of a transaction can be completed by a user.
• Review toxic combination reviews performed by Santacruz (Pty) Ltd and ascertain whether they have any toxic
combinations.
• Review the super users within Santacruz and determine whether the superuser/superusers are appropriate.
• Password controls: Review the password settings for the inventory application which includes the following:
– Systems configuration settings to retain the history of passwords, i.e. 12 months’ worth of passwords.
– Password settings enforce new passwords on a monthly basis.
– Password settings enforce incorrect password access attempts up to three times and then lock the accounts.
– Passwords are a combination of letters, numbers, special characters etc. and in line with the password policy.
– Review the password policy to confirm that users may not share their passwords.
1. Despatch from warehouse to stores

1.1 Branch managers should anticipate inventory needs timeously (Cardex see point 3.1) and should place
an order with the central warehouse on preprinted order forms which
• are sequentially numbered;
• indicate the branch;
• are signed by the branch manager; and
• describe the required shoes accurately e.g. quantity required, code, size etc.
1.2 No despatches from the warehouse should take place without such an order.
1.3 On the strength of the order a three-part despatch note should be prepared by the warehouse
administration clerk and checked and signed by the store’s controller and
• two copies must accompany the delivery (to the branch);
• one (signed) copy must remain at the branch for its records;
• the second copy must be signed and returned to head office as proof of delivery; and
• the third copy must remain ‘in the book’ as a permanent record.
1.4 On despatch, a gate controller at the warehouse should check the goods to the despatch note and should
not allow any goods to leave without a correct despatch note (two copies).
1.5 On a daily basis the stores controller at the central warehouse must confirm that all despatch notes
(permanent copy) are cross-referenced to and supported by an order by inspection thereof.
1.6 Branch managers should monitor that all orders are filled timeously, by retaining a duplicate copy of the
order and cross-referencing to despatch notes daily.
1.7 A sequence control over orders and despatch notes should be carried out to ensure that they are all
accounted for on a regular and frequent basis.
1.8 All despatches should take place at selling price (to facilitate ease of inventory and cash reconciliation).
2. Receiving of goods by stores
2.1 The branch manager should be responsible for receiving deliveries from the central warehouse.
2.2 On receipt, a careful check must be made on quality and quantity against the order and the despatch
note. Any discrepancies must be noted on both copies of the despatch document and signed by the
manager and delivery person (driver).
2.3 The manager must sign the despatch note and retain and file the top copy with the corresponding order
number.
3. Physical controls
3.1 The branch manager, should maintain a simple cardex (system where each item has its own card that
lists current quantity and is manually updated for purchases and sales) of all inventory on hand. The
cardex should be written up from
• despatch notes (see point 1.3); and
• cash sales invoices.
3.2 The manager and a salesperson/cashier should perform frequent inventory counts (on a test basis) and
the count quantities should be reconciled to the cardex quantities.
3.3 The internal auditor should conduct surprise inventory counts frequently and should agree the inventory
on hand to the inventory cardex. Managers are responsible for all shortages.
3.4 The storeroom should only be accessible through the shop itself, i.e. any outside doors and windows
should be barred off.
• Staff must have free access to the storeroom, but no other persons should be allowed in the
storeroom e.g. customers or delivery people. The manager and staff must enforce this control by
being vigilant as physical controls are inappropriate.
• The storeroom and shop must be protected against fire etc.
3.5 Inventory in the store itself should also be controlled by displaying only one of the pair of shoes.
3.6 The store should be laid out in such a way as to make it very difficult for someone to leave without passing
a till. A security guard or electronic detectors should be used to reduce shoplifting.
3.7 Staff should be checked at the end of the day to ensure that they are not removing inventory (feet as
well).
3.8 Security guards should be on duty at night.
4. Down payments
Note: There is a danger that ‘down payment’ monies could be used to hide an inventory shortfall.
4.1 The following (full) details of customers placing down payment should be kept in a ledger by the branch
manager:
• name;
• address;
• contact number;
• dates;
• code, description, size etc. of shoes;
• receipt numbers; and
• amounts.
4.2 A simple down payment contract should be drawn up (name of customer, price, date, shoe description
etc.) and signed by customer and authorised by the store manager.
4.3 A sequentially numbered down payment receipt must be completed in duplicate.
• The receipts must be signed by the customer and the manager.
• The customer must retain a copy and be advised not to lose it.
4.4 ‘Down payment’ shoes should not be released until the full purchase price has been received.
• The manager must authorise release of shoes after reconciling customer copy of down payment
receipts with the outlet’s copy and with the ledger.
• Customer copies of receipt must be cancelled (or retained) so that they cannot be used again.
• Down payment contract must be ‘cancelled’ or signed off by both parties.
4.5 The shoes being purchased must be put aside in a separately demarcated area in the storeroom for the
customer.
4.6 Cash received on down payment should be separately identified in the daily cash receipts reconciliation
and this figure should be reconciled to the day’s down-payment receipts.
4.7 Internal audit should reconcile down payment records with ‘down payment’ shoes set aside, at the same
time as conducting their surprise counts (see point 3.3 above) to ensure there is no manipulation of down
payments.
(a) 1. Preparation and planning of the count was inadequate which could contribute to an inaccurate and
incomplete count.
1.1 Holding the count over two afternoons so as to allow normal delivery and dispatch was not
sensible; a non-trading day or overtime count would have resulted in a more efficient count
(total count time only eight hours).
1.2 The method of counting was inadequate; no tag system or double count.
1.3 No count controller was appointed to direct count.
1.4 Composition of the counters was totally inadequate.
While knowledge of the product is important, counting should be done in teams, one of whom should be
independent of the warehouse function.
1.5 If pickers have been involved in misappropriating inventory, they are now in a perfect position
to hide any shortages by having the perpetual inventory records amended (amendments were
done without authority or investigation).
1.6 There is no evidence that the warehouse was prepared for the count. Although it is ‘tidy’, a
number of procedures should have taken place:
• marking damaged, slow-moving obsolete goods;
• identifying expired (nearly expired chemicals);
• preparing a secure area for deliveries to be received during the count/making sure goods
received up to the 30th have been unpacked; and
• identifying the location of Bushblaze Inc inventory (consignment inventory).
2. Count stationery was inadequately designed and incomplete
2.1 In this situation (single counter) it would have been better to have excluded the quantities from
the inventory sheets, to force the counters to count the inventory, not just tick it off.
2.2 The inventory sheets should also have columns for second count and discrepancies.
2.3 There is no document (tag or similar) to identify the count details per item, e.g. quantity.
2.4 There are no inventory adjustment forms on which count differences/adjustments/results of
investigation can be entered for authorisation before the inventory records are adjusted.
3. No written instructions were prepared for the count, which again will result in a substandard count.
3.1 No identification of who should count what – pickers decided themselves.
3.2 No method of counting conveyed to counters and count controller and auditors.
3.3 No instructions relating to matters raised in point 1.6 or how problems on the count are to be
resolved.
4. The count itself was inadequately conducted
4.1 Inventory only counted once; there was no recount by another counter when a discrepancy
was identified.
4.2 No identification and recording of slow-moving, expired, damaged or consignment inventory.
4.3 No count controller, so no walk-through of the warehouse once the count was complete, and
no method of determining whether all inventory has been counted.
4.4 No procedures conducted to ensure that goods received or dispatched during the count were
properly accounted for, e.g. quantity reduced when the dispatch of an item (say on 31 July)
which had already been counted on 30 July took place.
(b) No, I would not be satisfied.
Justification
1. Prior to the inventory count
1.1 Ted Mitton did not determine/confirm the locations at which inventory to be counted, was
stored.
1.2 He did not request a copy of the count instructions.
Had he done so, he would have identified that there were no written instructions and in doing so, pre-
empted the poor inventory account.
1.3 He did not enquire as to whether Firezone Ltd had any inventory which should not have been
included in the count and how this would be identified.
2. During the inventory count
2.1 Although the trainees observed the pickers counting, it was for short periods only, which in the
light of the poor count planning, was insufficient, e.g. counters could easily have just ticked off
items without counting them.
2.2 The trainees did not test count in both directions; as a result no items of physical inventory
were randomly selected from the warehouse, counted and quantities compared to the
perpetual inventory records (completeness).
2.3 The trainees made no effort to identify obsolete, slow-moving, damaged inventory.
2.4 They also failed to inspect the expiry dates on chemicals with limited shelf lives.
2.5 The trainees did not resolve count discrepancies, either from their own test counts or the
pickers’ counts, by recounting with the Firezone Ltd count staff.
2.6 The trainees did not compile a workpaper which recorded the movement of inventory during
the count, particularly deliveries and dispatches on the morning of the 31 July, affecting items
already counted.
2.7 The trainees did not confirm (and record) with the counters which items of inventory at the
year end belonged to Bushblaze Inc, to ensure that they had not been included in the inventory
sheets.
2.8 Ted Mitton did not test the numerical sequence of the inventory sheets, before or after the
inventory count, to confirm that the sheets were all accounted for.
3. At the conclusion of the count
3.1 Ted Mitton did not take precautions to ensure that the inventory sheets could not be amended
after the count, e.g. by taking photocopies and ensuring that all alterations were signed (by
himself or Zane); initialling each sheet does not prove anything.
3.2 He also did not retain sufficient evidence, e.g. get a copy of the inventory sheets
printed/photocopied after adjustments had been made. Inventory sheets were left with the
factory administration clerk.
3.3 Ted Mitton did not record the ‘cut-off’ numbers of documents used in the inventory and
production cycle or compile a list of goods received notes (number etc.) which had not been
matched to supplier invoices (particularly important in view of the movement of inventory
during the count).

Graded Questions Solutions 2023

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Graded Questions Solutions 2023

Uploaded by

Copyright:

Available Formats

Graded Questions Solutions 2023

1. 1.1 True This is the committee’s major function (Companies Act).

SUGGESTED SOLUTION TO EXERCISE 2.2

1. 1.1 The size, turnover and workforce should be considered, as well as

1. (b) and (d)

SUGGESTED SOLUTION TO EXERCISE 2.7

SUGGESTED SOLUTION EXERCISE 2.9

(a) The board should consider:

SUGGESTED SOLUTION TO EXERCISE 2.12

(b) 1. The high level information security principles are ensuring:

(a) The control environment

SUGGESTED SOLUTION TO EXERCISE 8.5

(a) There is a risk

1. Manual review of the automated application control.

SUGGESTED SOLUTION TO EXERCISE 10.6

(a) 1. General control – Continuity of reconciliation.

SUGGESTED SOLUTION TO EXERCISE 11.8

1. Despatch from warehouse to stores

SUGGESTED SOLUTION TO EXERCISE 11.9

You might also like