Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
37 Cards in this Set
- Front
- Back
|
Introduction |
A commercial entity comprises of a structured organisation with management and employees. Together they perform various roles and undertake a multitude of processes to ensure that:• goods and seices are delivered to customers of an expected standard • profits are generated from these activities.The chain of activity and price can be long and complex. The implementation of controls are e eentalto ensure that operations function efficiently and resources are protected from misappropriation. |
|
|
The principles of internal control |
Internal control is a process designed and effected by those charged with governance, management and other personnel, to help the organisation accomplish its goals and objectives. |
|
|
Internal control gives management comfort and plays an important role in ensuring: |
• Adherence to management policies for all aspects of the business.• Safeguarding of assets against theft/damage. • The accuracy and completeness of accounting records.• The prevention and detection of fraud and error.• The timely preparation of reliable financial and other information necessary to run the business.• The effectiveness and efficiency of operations. • Compliance with laws and regulation. |
|
|
Internal control has five elements: |
• The control environment • The entity's risk assessment process • Financial reporting information systems • Control activities• Monitoring of controls |
|
|
Control environment |
The control environment is the framework in which internal controls operate and is principally determined by the management of the business. |
|
|
Control environment refers to the overall attitude, awareness and actions of those charged with governance regarding the internal control system and its importance to the entity. It is characterised by: |
• Management style •Corporate culture • Values• Philosophy and operating style • Organisational structure • Human resources and proceduresA strong control environment promotes the effectiveness of the overall internal control system. Controls are more likely to operate well in an environment where they are considered to be important. |
|
|
The entity's risk assessment processAn entity should have a process for: |
• identifying risks which threaten the achievement of business objectives;• estimating how significant the risks are (impact); • estimating the likelihood that the risks will occur (probability); and• deciding on mechanisms (controls) to mitigate these risks. |
|
|
Financial reporting information systems |
Financial reporting information systems are the procedures and records established to initiate, process and report transactions, and to maintain accountability for related assets, liabilities and equity. Establishing the financial reporting system objectives entails establishing:• the classes of transactions in entity operations significant to financial reporting; • the procedures by which transactions are initiated, recorded, processed, corrected and transferred to the general ledger, and reported in financial statements; • the related accounting records, supporting information and specific accounts in the financial statements; • how the system records non-transactional events and conditions significant to financial statements; • the financial reporting process used to prepare an entity's financial statements, including significant accounting estimates and disclosures; and • controls over journal entries. |
|
|
Control activities |
Control activities are policies and procedures which help ensure that management directives are carried out. |
|
|
Control activities include those designed to prevent, detect and correct errors. It includes activities Relating to: |
• Segregation of duties.• Custody of assets (physical controls). • Recording (information processing). • Authorisation.• Management review. |
|
|
Examples of control activities: |
• Approval and control of documents.• Checking arithmetic accuracy of records. • Maintaining and reviewing control accounts and trial balances.• Reconciliations.• Comparing the results of cash, security and inventory counts with accounting records. • Comparing internal data with external sources. |
|
|
Segregation of duties |
Segregation implies that a number of people are involved in the accounting process, which:• limits the risk of fraud being perpetrated (for fraud to be committed, collusion of many people is needed); and • limits the extent of accidental errors being processed (more people involved means more checking).Key functions that should be segregated are the carrying out of a transaction, recording the transaction in the accounting records and maintaining custody of the asset arising from the transaction.Achieving 100% segregation within an organisation may not always be possible. Generally, the smaller a business is, and the smaller the staff complement, the lower the extent segregation can be achieved. Functions with weak segregation should be identified and become the focus of a more rigorous audit. |
|
|
Custody of assets |
Assets of a company must be secured against misappropriation. This involves:• physical protection of assets; and • maintenance of proper accounting records for all assets. |
|
|
Recording |
Recording of transactions needs to be efficient and effective. This will ensure that management information is accurate and timely, and minimises the extent and impact of errors. |
|
|
Authorisation |
Every transaction in a company must be authorised. This does not necessarily imply a signature on every document for each transaction, but requires that the individual initiating a transaction, has the authority to do so. |
|
|
Management review |
Management assumes the full responsibility of the firm's operations, including the development, implementation and ongoing effectiveness of the firm's internal controls and adherence to them by all employees. Reporting lines within an organisation should be clearly defined and reporting responsibilities assigned to appropriate staff members. By undertaking periodic reviews of key control activities, management ensures that the management and supervisory functions are performed by qualified and experienced individuals. |
|
|
Monitoring of controls |
Monitoring of controls is a process to assess the effectiveness of internal control performance over time. The process involves assessing the design and timely operation of controls, and taking necessary corrective actions. |
|
|
The principles of auditing |
An audit is a type of assurance engagement carried out by an auditor to provide an independent opinion on a person/system/organisation under evaluation, based on work done on a test basis.An auditor must collect sufficient and appropriate audit evidence to support his or her opinion on whether the assertions of the directors, embodied in the annual financial statements, are fairly presented. Audit evidence can be in the form of tests of controls or substantive procedures.Auditors are not expected to look at all the information that might exist, and often select samples to perform their testing. |
|
|
Sufficient appropriate audit evidence |
Sufficiency is a measure of the quantity of audit evidence. Appropriateness is a measure of the quality or reliability of audit evidence.The quantity of audit evidence required is influenced by the level of risk in the area being audited and by the quality of evidence obtained. Obtaining a high quantity of poor quality evidence will not cancel out its poor quality. |
|
|
Financial statement assertions |
Audit tests are designed to obtain evidence about the financial statement assertions. Assertions relate to classes of transactions and events, account balances at period end, and presentation and disclosure. |
|
|
Assertions apply to either: |
• assets and liabilities: • to transactions/events; or • both. |
|
|
Audit procedures to obtain audit evidence |
An auditor collects audit evidence by undertaking audit procedures to:• obtain an understanding of the entity and its environment, to assess the risks of material misstatement at financial statement and assertion level (risk assessment procedures);• test the operational effectiveness of controls in preventing, detecting and correcting material misstatements at assertion level (tests of control); and • detect material misstatements at assertion level (substantive procedures). The audit procedures can be used as risk assessment, tests of control or substantive procedures. |
|
|
Tests of controls |
Tests of control are used to test whether the control procedures relating to the accounting system have been complied with. Tests of control are performed to obtain evidence of whether:• controls are suitably designed to prevent, detect and correct material misstatements: and • the controls have operated effectively throughout the accounting period. It is not possible to only perform tests of control, as:• all internal control systems have inherent limitations which make them less than 100 % efficient: • the internal control system might have been excellent only at the time the auditor was undertaking tests; and • inherent risk is still a consideration Successful tests of control will reduce the nature, timing and extent of substantive testing, but will not completely eliminate the need to perform substantive testing. |
|
|
Substantive procedures |
Substantive procedures are used to verify (substantiate) transactions and balances and should always be carried out for material classes of transactions, account balances and disclosures. There are two pes of substantive testing procedures:• Substantive analytical procedures. • Tests of detail of classes of transactions, account balances and disclosures. |
|
|
Audit risk |
Audit risk is the risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated.It is represented by the following equation (audit risk model): Audit risk (AR) = Inherent risk (IR) x Control risk (CR) x Detection risk (DR) Inherent risk is the susceptibility of an assertion to misstatement that can be material individually or when aggregated with other misstatements, assuming there were no related internal controls.Control risk is the susceptibility of an assertion to misstatement (individually or collectively material) that will not be prevented, detected and corrected on a timely basis by an entity's internal controls. Detection risk is the risk that the auditor will not detect material misstatements in the financial statements. |
|
|
Sampling |
Audit sampling involves the application of audit procedures to less than 100% of items within an account balance or class of transaction such that all sampling units have a chance of selection. This will enable the auditor to draw a conclusion on the entire population by evaluating the results of the audit sample.Audit sampling can be either statistical or non-statistical. Statistical sampling involves a random selection of items and uses probability theory to evaluate sample results.Non-statistical sampling does not involve the use of statistical sampling and the auditor draws a judgemental opinion about the population. |
|
|
Materiality |
Materiality describes the relative significance or importance of a particular matter on the financial statements as a whole. A matter is material if its omission or misstatement influences the economic decisions of users taken on the basis of the financial statements.Materiality should be calculated at the planning stages of all audits, and reviewed throughout the audit, and revised if necessary. The estimation of materiality is typically based on experience and judgement. |
|
|
Controls in a computerised environment |
There are relatively few companies who do not use Information Technology to improve the accuracy,efficiency and security of accounting. Accounting software packages range from:• stand alone general ledger, to• an integrated revenue, purchase, inventory, trade receivables, trade payables and fixed fleviblstem. An integrated system facilitates report generation due to the availability of a large and flexible database. |
|
|
Planning an audit |
An efficient and effective audit depends on the performance of proper planning procedures. The premise of audit planning is to:• help the auditor focus attention on important areas;• help the auditor identify and resolve problems in a timely manner; • help the auditor effectively and efficiently manage the audit;• assist in the selection of an appropriate audit team and work assignment; and• enable the direction, supervision and review of work. |
|
|
The audit strategy |
The audit strategy sets the scope, timing and audit direction, guiding the development of a detailed audit plan. |
|
|
Audit plan |
The audit plan converts the audit strategy into a more detailed plan. The audit plan will include the nature, timing and extent of audit procedures to obtain sufficient appropriate audit evidence to reduce audit risk to an acceptably low level. |
|
|
Audit reports - internal and external |
Internal audit reportsInternal audit reports can take any form as, unlike oxternal audit reports, they have no formal reporting requirements. These internal business reports are produced for directors and management and an unlikely to be shared with third parties.Standard report format - internal audit reportHeadingTerms of referenceExecutive summary Body of the reportAppendices for any additional information(Source: EDGE Learning Media (Pty) Ltd, 2008)Figure 4.1: Standard format for an internal audit reportThe report should be dated, marked as draft or final, and have a distribution list attached. |
|
|
Heading |
Details the area audited and by whom. |
|
|
Terms of reference |
Highlights which areas were examined and why. |
|
|
Executive summary |
Should contain:• Background to the assignment. • Objectives of the assignment. • Major outcomes of work. • Key risks identified.• Key action points. |
|
|
Main body |
The main body of the report will contain information about:• Audit tests carried out and their findings. • Action points, including who has responsibility for carrying them out. • Future timescale and costs. |
|
|
External audit reports |
The external audit report is a highly stylised document and is substantially the same for any external audit. At the end of an external audit, the auditor is required to produce an audit report in which he/she expresses an opinion on the fair presentation of the financial statements. |
