Question

18 (a)

ISA 315 Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment requires auditors to obtain an understanding of control activities relevant to the audit.

Control activities are the policies and procedures which help ensure that management directives are carried out.

Required:

Describe FOUR different types of control activities and, for each type, provide an example control a company

may implement.

Equestrian Co manufactures smartphones and tablets. Its main customers are retailers who then sell to the general public. The company’s manufacturing is spread across five sites and goods are stored in its nine warehouses located across the country. You are an audit supervisor of Baseball & Co and in preparation for the forthcoming audit for the year ending 30 June 20X7, you are reviewing the following notes your audit manager has provided you with in relation to the company’s internal controls.

Equestrian Co has a small internal audit (IA) department. During the year, IA started a programme of physically verifying the company’s assets and comparing the results to the non-current assets register, as this type of reconciliation had not occurred for some time. To date only 15% of assets have had their existence confirmed as IA has experienced significant staff shortages and several members of the current IA team are new to Equestrian Co.

During the year, Equestrian Co conducted an extensive reorganisation of its manufacturing process to improve efficiency. Due to the significant number of employee changes required, the human resources department (HR) has been very busy and to ease their workload during this period, the payroll department has assisted by setting up any new employees who have joined the company. In January 20X7, the wage rate paid to employees was increased by the HR director and he notified payroll by emailing the payroll supervisor.

A new sales ledger system was introduced in May 20X6 and will continue to be run in parallel with the old system until IA has completed its checks between the two systems. New customers obtained by the sales team are required to undergo a full credit check; on the basis of this, a credit limit is proposed by sales staff and approved by the sales director and these credit limits remain static in the sales system.

Monthly perpetual inventory counts are undertaken at each of the nine warehouses, as a full year-end inventory count is too disruptive for the company. High value items are stored in a secure area in each warehouse. Access is via a four digit code, which for convenience is the same across all sites. Due to the company’s reorganisation programme, some of the monthly inventory counts were not performed.

Bank reconciliations are undertaken monthly by an accounts clerk and details of all reconciling items are included. Where the sum of the reconciling items is significant, the reconciliation is sent to the financial controller for review. In order to maximise cash balances, the finance director approves all purchase invoices for payment 75 days after receipt of the invoice.

Required:

(b) Identify and explain EIGHT deficiencies in Equestrian Co’s internal controls and provide a recommendation to address each of these deficiencies.

Note: Prepare your answer using two columns headed Control deficiency and Control recommendation

respectively.

Answer 1

Four types of control activities are as follows:

1. Segregation of duties: Duties should be assigned in such manner that authorisation and recording of transactions and maintaining physical custody of assets are carried out by different people. Eg: person recording purchase entries should not be the person who authorises payment for such purchases.
2. Information processing: General IT and application controls that ensure the completeness and accuracy of data, along with proper authorisation. Eg: use of batch control totals when entering transaction into the system.
3. Authorisation: Ensure that a proper official is responsible for authorising transactions so that transactions are genuine. Eg: Proper authorisation for recording bad debts to ensure only genuine bad debts are recorded, to check employees entering bad debts into the system while transferring the actual amount received from the customer to their own bank account.
4. Physical controls: Proper physical controls to ensure only authorised person have access to assets to reduce risk of thefts. Eg: ensure only limited persons have access to cash locker.

Equestrian Co deficiencies and controls: