INTERNAL AUDIT AND CONTROL MBA SEMESTER 3 ASSIGNMENT SET -2 Q.1) Why internal check is necessary ?

? Choose an Organization of your choice and find out how internal checks are put in place . Ans :Internal check is a system of allocation of responsibility, division of work and method of recording transactions, whereby the work of an employee or a group of employees is continuously checked by correlating it with the work of others. Internal check is absolutely necessary as it safe guards the business interest as under :a) It sees that no one has full control over one transaction or a gropu of transactions and that at least 2 or more persons are involved in routine that transaction or a group of transactions. This minimizes chances of fraud and errors. b) It pre defines the roles and responsibilities of a particular employee and avoids any confusion in handling the job responsibilities. The employee is very clear so as to what he has to handle and report about. In nut shell it properly allocates the duties and responsibilities. c) Due to well defined instructions and roles and responsibilities it results in maintenance of accurate and proper records. d) It can detect the frauds and errors committed as the work done by some one else is automatically checked by some one else. e) It distributes the work in such a way that no business transaction is left unrecorded. f) It enhances the efficiency of employees as it exercises a moral pressure over the employees. Example of a Bank to check the internal check working :In case of a bank if a account holder goes for withdrawal he shall first give the signed cheque to the clerk. The clerk will take the cheque issue token and make an entry into the system after verifying the signature from the signature card and confirming that the sufficient balance is maintained in the account. Than, the cheque will be passed on to the officer, who shall cross verify these details and insert his signature and stamp for payment. The cheque than moves to the cashier who

shall pay only when he sees the PAY stamp inserted by the officer , and he shall release the money only to the person who gives him the token which was given to the account holder. This is a classic example of a system of internal check working within a bank. Q 2) Detail the specific problems of electronic data process relating to Internal Control :Ans :- In an EDP environment the following problems arise in implementation of internal controls :a) Seperation of Duties :- In a computer based system the traditional notion of separation of duties does not always apply. In a minicomputer and microcomputer environments, separation of incompatible functions may be even more difficult to achieve. b) Delegation of authority and responsibility :- There should be clear cut clarity of authority and responsibility under both the systems ie manual and the computer based. C) Competent and trustworthy employees/staff :- The technology used today is of high complexity and hence, highly skilled personnel are needed to develop, modify, maintain and operate todays computer systems. d) System of authorizations :- The Management issues 2 types of authorizations General and Specific. General authorizations establish policies for the Organizations to follow , whereas Specific authorizations apply to individual transactions. In a manual system, auditors evaluate the adequacy of procedures for authorization by examining the work of the employees. In a computer based system, the authorization procedures are often embedded within a computer program. Thus, while evaluating the adequacy of authorization procedures, the auditors have to examine not only the work of employees but also the veracity of program processing. e) Adequate documents and records :- Under a manual based system, adequate records and documents are necessary to provide an audit trail of activities within the system. Audit trail shows the flow of transactions from beginning to its end. However, under a computer based system, the documents may not be used to support the initiation, execution and recording of some transactions. No visible trail may be available to trace the transactions. f)Physical control over assets and records :- The physical control over the records and assets is of utmost importance to both ie the manual systems or the computer

based systems. There is a lot of concentration of data under computer based systems. This concentration of data processing assets and records also increases the loss that can arise from computer abuse or a disaster. For example a fire that destroys a computer room may result in the loss of all major master files in an Organization. If an Organization does not have a suitable back up, it may be difficult to operate and continue further. g) Adequate management supervision :- In a computer based systems , the data communications may be used to enable employees to be closer to the customers they service. Thus, supervision of employees may have to be carried out remotely. Supervisory controls must be built into the computer systems to compensate for the controls that usually can be exercised through observation and inquiry. h) Comparing recorded accountability with assets :- It is of atmost importance that the data and the assets that the data purports to represent should periodically be compared to determine whether incompleteness or inaccuracies in the data exist or shortages in the assets have occurred. In a computer based systems programs are used to prepare this data. Q 3) Explain the principal considerations in internal control on :a) Purchases and Creditors :. 1) In case the purchase of the items requires the tender formalities, than the procedure for tender invitation, there opening and acceptance should be properly laid down. 2) The purchase order should be properly initiated based on the purchase indents and the tender accepted. 3) The procedure for receiving the goods as to the correct quality and quantity is of at most importance. The stores department should see that the goods are in agreement with the purchase order as to the quantity and the rate. The quality control department should see that the quality received is matching as to the quality as ordered in the purchase order. 4) Once the quantities and the quality is verified a GRN (Goods Received Note) should be prepared by the storekeeper and signed to this effect. 5) The bill than should be forwarded to the accounts department for payment and entry.

6) The accounts department will also see any entries regarding the purchase returns if any. 7) Before payments are made to the supplier the Accounts Manager should cross check the payment documents showing that the goods have been received as specified by the purchase order, GRN, quality report and see the payment terms as per the purchase order as to the regards of number of days the payment needs to be effected to the supplier. 8) Adequate procedures should be established with regard to the purchase returns, discounts on account of inferior quality of goods, and other similar adjustments.

b) Fixed Assets :The amount of investment involved in the fixed assets is normally very huge and therefore it is of atmost importance that a proper system of internal control exists for fixed assets :1) If the new asset was not planned in the capital budget, whether special permission from the Management has been obtained. 2) A purchase order should be raised for purchasing the fixed assets after inviting tenders from various suppliers. 3) On receipt of the asset a GRN needs to be prepared by the concerned department after checking the asset as per the terms of the purchase order. 4) An immediate check should be established to see that the new asset is entered in the fixed asset register showing full particulars of the asset and a identification code is given to the concerned fixed asset. 5) The GRN and the copy of the supplies bill should be sent to the accounts department to release the payment. 6) The accounts department shall cross check the invoice as per the Purchase order and cross tally with the GRN and than shall release the payment as per the terms mentioned in the purchase order. 7) The fixed assets should be periodically physically be verified by the Management. 8) Proper accounting records should be maintained for expenditure during construction period distinguishing carefully between capital and revenue expenditure. 9) Sale, scrapping or write off of the fixed assets should be allowed only under proper supervision and authorization of the top Management. The receipts from scrap disposal should be accounted for properly . The entry should be properly deleted from the fixed asset register. 10) Depreciation should be properly computed as per the schedule XIV of the Companies Act.

Q 4) Explain the steps of evaluating the internal control system using flow chart :Ans:Steps in evaluation of internal control :a) Understanding the system :- The first step is to identify the system itself as to how it works with a view to know the overall flow of transactions from top to the bottom. To understand the system, it may be useful to choose a few transactions through the system. Organization charts, flow charts, internal control manuals, are some of the tools to have an idea about internal control systems. b) Test through compliance procedures :- The auditor may select the specific controls on which he intends to rely and which needs to be tested through compliance procedures. One of the test adopted to test the compliance procedure is Auditing it Depth. The objective of the compliance procedures is to provide a fair confidence to the auditor that the internal control procedures are being effective as prescribed by the management. The purpose of preliminary evaluation is to identify the particular controls on which the auditor intends to rely and to test through compliance procedures. c) Evaluating the system :- The aforesaid study and discussion to give an overall idea of the control plan as it is and may be considered as the first step of evaluation. This is followed by a process which enables the auditor to know the specific control, its appropriateness and weakness of redundancy in the context of the specific operation. Based on his observation during the tests made by him, the auditor has to make an estimate of how far he can depend on various internal controls. Normally he should have a reasonable confidence that the system is such that the errors and fraud can be discovered automatically. He has to ascertain that the system is such that it can detect material errors or frauds. Incase he finds certain errors or weaknesses in the system, he should try to evaluate the impact of the same on various transactions. The auditors evaluation of internal control system will determine the nature, timing and extent of his substantive procedures.

Q 5) Lehman Brothers Holding filed for Chapter 11 bankruptcy protection following the massive exodus of most of its clients, drastic losses in its stock and devaluation of its assets. In context with this case, examine internal control and risk assessment system :Ans :- In Lehman Brothers case the court appointed examiner indicated that Lehman executives regularly used cosmetic accounting gimmicks at the end of each quarter to make its finances appear less shaky than they really were. This practice was a type of

repurchase agreement that temporarily removed securities from the Companies Balance sheet .These deals were described by Lehman as the outright sale of securities and created a materially misleading picture of the firms financial condition. Audit risk means the risk that the auditor gives an inappropriate audit opinion when the financial statements are materially misstated. Thus, it is the risk that the auditor may fail to express an appropriate opinion in an audit assignment. Internal control and risk assessment system :The nature and extent of the procedures performed by the auditor to obtain an understanding of the accounting and internal control systems generally depend on :Nature of policies or kind of procedures, Changes in operating environment, Size and complexity of the business, Way of documentation of business operations, Auditors assessment of inherent risk. An auditor is supposed to apply knowledge and experience and judgment to decide whether a control exists individually or in combination with other is relevant for his audit work or not. For this purpose it is of prime importance that the auditor should study the existing internal controls in relation to the business. Although almost all the controls are related to audit are relevant for financial reporting but all controls relevant for financial reporting may not be relevant for audit. The auditor normally classifies the audit risk for assessement into control risk and inherent risk. Control risk signifies that a material misstatement could occur but would not be prevented or detected by internal control system. Inherent risk signifies the chances that recording of transactions have been done either erroneously or under the influence of management fraudulent activity. Assessment of control risk :- Assessing the control risk is very important. The auditor should evaluate the effectiveness of an entitys accounting and internal control systems in preventing or detecting material mis-statements in the financial statements. Final assessment of control risk :- Before the conclusion of the audit, based on the results of the substantive procedures and other audit evidence obtained by the auditor, the auditor should consider whether the assessment of control risk is confirmed. In case of deviations from the prescribed accounting and internal control systems, the auditor would make specific inquiries to consider their implications. Where, on the basis of such inquiries the auditor concludes that the deviations are such that the preliminary

assessment of control risk is not supported, he would amend the same unless the audit evidence obtained from other tests of control supports that assessment. Where the auditor concludes that the assessed level of control risk needs to be revised, he would modify the nature, timing and extent of his planned substantive procedures.

Q6) Explain the importance of working papers :Ans :The importance of audit working papers is analyzed below :Planning, organizing, conducting, control and review of audit :- The working papers provide a means of planning, organizing, controlling, administering and review of audit work. They serve as the supporting evidence that the audit has been conducted as per the generally accepted principles and practice es and standards. Proof of evidence :- The audit working papers serve as a proof of evidence in the court of law as regards obtaining of the evidence to reach the logical conclusions. Basis of auditors opinion :- It helps the auditor to form the basis of his report and arrive at a conclusion in forming his opinion. The auditor should ensure that the working papers are conclusive and complete in every aspect, leaving no scope for unanswered questions. Division of labour :- The working papers help in devising a perfect audit programme. The progress of the audit work thus can be effectively monitored even where the audit work extends to different offices or branches. Basis for review of internal controls :- The working papers facilitate an in depth review of the internal control systems, which forms the basis of recommending suitable changes therein. Bridge between original transactions and financial transactions :- They provide an important link between original transactions and the financial transactions. This is because an auditors work mostly consists in tracing the business transactions on a sample basis from the original records to the financial statements and vice versa. Working papers also constitute the basis for making rectification and adjustment entries. Basis for evaluation and training of audit staff :- Working papers constitutes a base for knowing whether the audit staff has understood the instructions properly or not. It serves as an index to the auditors ability to plan and organize the audit, because at each stage of audit he has to take decision as to the nature of evidence to be obtained and the tests to which evidence should be subjected.

Basis for further work :- The notes and analysis made by the auditor makes it a good base for future work or for next year as most of the points will be covered in the audit working papers like the Management information, the business techniques and practises, etc.