|
|
|
|
|
|
Lesson#19
|
INTERNAL CONTROL QUESTIONNAIRE
|
|
|
|
INTERNAL CONTROL QUESTIONNAIRE
Having
ascertained, confirmed and recorded
the system, the auditor now needs to carry out a preliminary
evaluation of the system in order to make a decision as to
whether he will:
• Rely on internal
controls and adopt a systems audit approach, or,
• Perform extensive
substantive testing. Using a verification approach to the audit.
Internal Control Questionnaire
An ICQ is a formal and usually standardized document which
comprises:
3. A list of internal controls in existence and
4. Highlights any weaknesses.
Features:
• Used in large company
audit
• Used to place reliance
on internal controls
• Used to design audit
approach
Objectives:
(i) To ascertain a
clients systems of accounting and
internal control
(ii) To evaluate
the control system thus recorded, and
hence
(iii) To identify
those controls which indicate
strengths in the system upon which the auditor
will seek to place reliance, and
(iv) To identify
those areas over which there are weak
or no controls and which therefore
must be subjected to more extensive substantive testing and
reported by inclusion in the
Management Letter.
Construction of an ICQ
(I) It is good practice when designing ICQs to state, as a brief
introduction:
(a) a list of control objectives which each sub-system under
consideration should seek to achieve
(b) any business considerations specific to the enterprise under
review which should be taken into
account.
The reason for this is essentially to highlight for the audit
staff key areas for their consideration to the audit
staff.
II) The questions in an ICQ should be designed to ascertain
whether the control objectives are being
achieved and should therefore cover such aspects as:
(a) instructions given to staff in the performance of their
duties
(b) authorization procedures
(c) documents and procedures used to originate transactions
(d) recording procedures
(e) sequence of procedures
(f) custody procedures
(g) relative independence of the persons involved at each stage
of a transaction (i.e. segregation of
duties).
(III) The questions should be framed such that a Yes/No answer
is given, with a No answer usually
indicating a control weakness.
(IV) An ICQ should carry such basic information as:
(a) the name of the document (ICQ)
(b) the system to which it relates (e.g. purchasing cycle)
(c) the client to whom it relates
(d) the accounting period under review
(e) evidence of who has prepared and reviewed the document
(f) the provision of columns for:
- Yes and No answers
- comments where neither Yes or No are applicable
- indicating the significance or otherwise of apparent
weaknesses
page
69
- references to audit programs
- references to Management Letters.
Example of part of an ICQ
INTERNAL CONTROL QUESTIONNAIRE
Prepared by: ________ Date: ________
CLIENT: ___________ PERIOD: _____
Reviewed by:________ Date: ________
THE PURCHASING CYCLE
(a) Control objectives.
(b) Business considerations.
(c) The questionnaire
a) Control objectives
To ensure that:
(i) Purchased goods/services are ordered under proper
authorities and procedures
(ii) Purchased goods/services are only ordered as necessary for
the proper conduct of the business
operations and are ordered to suitable suppliers
(iii) Goods/services received are effectively inspected for
quality, quantity and condition
(iv) Invoices and related documentation are properly checked and
approved as being valid before
being entered as trade payables
(v) All transactions relating to trade payables are valid
(suppliers invoices, credit notes and
adjustments), and only those valid transactions should be
accurately recorded in the accounting
records.
b) Business considerations
Points Effect on audit procedures and on financial statements
(i) Nature of the company’s - Auditor must be aware of the
purchases. Varying nature of goods purchased.
(ii) The existence of a - As far as possible ordering should
purchasing department. be centralized.
(iii) The company’s - The fixing of minimum/maximum
purchasing policy. Inventory and re-order levels should ensure
efficient control. However,
buying in bulk, with resulting higher inventory levels may be
part of a
company policy to reduce unit costs, in which case inventory
obsolescence and storage cost problems may arise.
(iv) The selection of suppliers. - The purchasing department
should maintain a supplier’s register to
record past purchases, prices, and satisfaction received etc.
The constant
seeking of alternative sources of supply at keener prices is an
indication of
efficient management
page
70
(C) Questionnaire
Yes/ Initiation and
authorization No Comments References
• Are standard (Purchase) order
forms (SOFs) issued showing
names of suppliers, quantities
ordered and prices?
• Are copies of SOFs retained on
file?
• Who authorizes orders and
what are their authority limits?
• Are the persons in 3 above
independent of those who issue
requisitions?
• Is a record kept, of orders placed
but not executed? (If yes, specify
type of record kept and filing
sequence).
Custody
• Are goods from suppliers
inspected on arrival as to quantity
and quality?
• How is the receipt of supplies
recorded (e.g. by Goods Received
Notes)?
• Are these records prepared by a
person independent of those
responsible for:
- ordering functions?
- processing and
- recording?
Criticism on ICQs
• ICQs represent an
attempt at a formalized, systematic, approach to the audit of large complex
organizations.
• It is however
increasingly apparent that such questionnaires can become too complex, lengthy
and
detailed for meaningful evaluation of accounting systems.
• There is a danger that
ICQs can provoke too formalized an approach to an assignment; that will be
concentrating as they do
on the controls
themselves
rather than upon the fraud or
irregularity that the controls
are designed to prevent.
Internal Control Evaluation Checklists
To overcome the above discussed possible shortcomings, many
auditing practices have amended their
approach to internal control evaluation by the adoption of a
different type of document,
Internal Control
Evaluation Checklists
(ICEC).
The ICEC is designed to determine; whether desirable internal
controls are present?, using key control
questions to ascertain where specific frauds or errors are
possible.
It is normally employed where system’s information has
already
been recorded (usually in the form of
flowcharts).
Key questions are asked in an ICEC, the answers to which prompt
further supplementary questions.
Reference is made to a supporting flowchart which is the means
of ascertaining the existing systems. This
makes the ICEC document shorter and less complex, but it may
require more skill and judgment on the
part of the auditor to interpret the completed form.
Note that virtually all the rules applicable to the construction
of an ICQ apply to the construction of an
ICEC.
page
71
Example of ICEC
INTERNAL CONTROL EVALUATION CHECKLIST
Prepared by: ________ Date: ________
CLIENT: ___________ PERIOD: _____
Reviewed by:________ Date: ________
PURCHASES – PAYABLES – PAYMENTS
(a) Control objectives.
(b) Business considerations.
(c) The checklist
a) Control Objectives
As per ICQ
b) Business Consideration
As per ICQ
c) The Checklist
1 Purchases
Comments Reference
1.1 Can goods be purchased without authority?
(a) purchase requisitions and order approvals?
(b) limit of buyers authority to order?
(c) purchasing segregated from receiving,
accounts payable and inventory records?
(d) un issued orders safeguarded against loss?
1.2 Can liabilities be incurred although goods
not received?
(a) receiving segregated from purchasing,
accounts payable and inventory records?
(b) are all goods passed directly to stores?
(c) GRNs or equivalent prepared independently?
(d) adequate comparison with order, claims for
short shipment etc?
(e) invoices, GRNs, direct to accounts payable not
purchasing?
(f) invoices checked to order and GRNs, prices
checked?
(g) check of extensions, additions, discounts?
(h) documents cancelled to prevent re-use?
(i) unmatched documents investigated regularly?
(j) freight checked, bills matched to
consignments?
(k) purchase returns and allowances controlled -
follow-up?
(I) forward purchases controlled?
1.3 Can cut-off errors occur?
(a) time lapse from receipt of goods to invoice processing?
(b) valuation of unmatched GRNs?
(c) adequate control and recording of receipts?
1.4 Can invoices be wrongly allocated?
(a) nominal ledger analysis?
(b) analysis independently checked?
(c) staff purchases controlled?
(d) independent and regular review?
page
72
1.5 Can liabilities be recorded for goods or services not
ordered?
(a) goods received without authority?
2 Payables
2.1 Can liabilities be incurred but not recorded?
(a) payables balances agreed periodically?
(b) suppliers statements independently reconciled?
(c) invoice register?
(d) forward contracts?
(e) order backlog follow up?
(f) debit balances controlled?
3 Payments
3.1 Can payments be made if not properly supported?
(a) discounts taken?
(b) control over invoices before validating complete?
(c) cheque signatories independent of purchasing, receiving,
accounts payable and cheque
preparation?
(d) signatories examine support for payment,
check completeness, cancel support?
(e) control over signature plates or pre-signed
cheques?
(f) control where one signature?
(g) frequency with which cheques mailed?
(h) independent regular bank reconciliation, with
cheques directly from bank and review
reconciliation?
(i) cheques crossed
account payee only,
continuity accounted for, control over unused
cheques?
(j) bank transfers controlled - standing orders?
(k) issue of bearer or cash’ cheques?
(I) advances and loans controlled?
(m) bank transfer payments, traders credits, direct
debits?
3.2 Can payments for non-routine purchases be made if not
authorized or properly
supported?
(a) services, expense
accounts, taxation payments
in advance, staff purchases and goods on
consignment?
3.3 Can non-current assets be acquired or removed without proper
authorization and recording?
(a) approved work
orders for non-current assets
and major repairs?
(b) approval of cost over-runs?
(c) reporting of scrapping or disposals?
(d) detailed non-current asset register, regular
physical inspection and review of values?
(e) periodic insurance appraisals, adequate
coverage?
(f) control over loose tools?
Limitations of the effectiveness of Internal Control
It is possible to reduce the volume of transaction testing
required in conducting an audit if the internal
controls are sound and are operating effectively, but it is not
likely that an auditor will be able to rely on
internal controls entirely. This is because all control systems
have inherent limitations such as:
a) The need to balance the cost of the control with its benefits
page
73
b) The fact that internal controls are applied to regular,
recurring transactions, not one off year
end adjustments or unusual transactions, which are often large
and subject to error.
c) The potential for human error
d) The possibility of fraudulent collusion (two or more persons
operating together) to ‘get round’
controls that segregate duties. For example; the supervisor
responsible for checking and
authorizing overtime claims could collude with employees, to
enable excess overtime payments
to be claimed.
e) The abuse of authority and override of controls by senior
managers or the owners of the
business. Abuse of authority might involve ordering personal
goods through the firm. It is very
easy for directors and managers of organizations of any size to
instruct staff to bypass normal
procedures such as the requirement for authorization for
payments.
f) The obsolescence of controls which have not changed to
reflect changes in the business
activities or organization.
In practice, the training of auditors always involves a warning
never to rely on internal controls entirely, no
matter how effective they may appear to be. Hence some
verification of transactions is always carried out as
part of the auditor’s work.
|
|
|
|
|