UNIT 4: INTERNAL CONTROL AND ITS EVALUATION

Contents
4.0 Aims and Objectives
4.1 Introduction
4.2 The Meaning of Internal Control
4.2.1 Control Environment
4.2.2 Control Procedures
4.3 Objectives of Internal Control
4.4 Elements of Internal Control
4.5 Risk Assessment
4.6 Limitations of Internal Control
4.7 The Auditors Consideration of Internal Control
4.8 Internal Control in the Small Company
4.9 Internal Control Over Major Accounting Functions
4.9.1 The Sale System
4.9.2 The Purchases System
4.9.3 The Wages System
4.9.4 The Cash System
4.9.5 The Inventory System
4.10 Summary
4.11 Answer to Check Your Progress Exercise

4.0 AIMS AND OBJECTIVES

After studying this unit, you should be able to:

- define what is meant by internal control
- describe management's responsibility for internal control
- distinguish among the major components of a client's internal control structure: the
control environment, risk assessment, the (accounting) information and
communication system, control activities, and monitoring
- explain the characteristics of effective internal control

41
 - describe the auditor's consideration of the internal control structure
- discuss the techniques used by auditors to obtain an understanding of internal control
and describe the results in their working papers
- describe the auditor's responsibility for communication of internal control structure
related matter.

4.1 INTRODUCTION

Our consideration of internal control in this unit has three major objectives. First to explain
the meaning and significance of internal control, second, to discuss the major components of a
client's internal control structure; and third, to show how auditors go about obtaining an
understanding of internal control to meet the requirements of the second standard of field
work. An attempt is made in this unit to present in brief the internal control procedures
applicable to particular kind of assets or liabilities or to particular types of transactions, such
as purchases or sales.

Internal control has attained greatest significance in large-scale business organizations.

Accordingly, the greater part of the discussion in this unit is presented in terms of the large
corporation. A separate section is presented at the end of the unit, however, dealing with the
problem of achieving internal control in a small business.

4.2 THE MEANING OF INTERNAL CONTROL

The internal control system comprises the control environment and control procedures. It
includes all the policies and procedures adopted by the directors and management of an entity
to assist in achieving their objective of ensuring, as far as practicable, the orderly and efficient
conduct of its business, including
- adherence of internal policies
- the safeguarding of assets
- the prevention and detection of fraud and error,
- the accuracy and completeness of the accounting records, and
- the timely preparation of reliable financial information.

42
Internal controls may be incorporated within computerized accounting systems. However
internal control system extends beyond those matters which relate directly to the accounting
system.

4.2.1 Control Environment

Control environment is the framework within which controls operate. The control
environment is very much determined by the management of a business.

Control environment is the overall attitude, awareness and actions of directors and managers
regarding internal controls and their importance in the entity. The control environment
encompasses the management style and corporate culture and values shared by all employees.
It provides the background against which the various other controls are operated.

The following factors will be reflected in the control environment.

- The philosophy and operating style of management
- The entity's organizational structure
- The directors' methods of imposing controls.

4.2.2 Control Procedures

Control procedures are those policies and procedures in addition to the control environment,
which are established to achieve the entity's specific objectives.

Control procedures include those designed to prevent or to detect and correct errors. Some of
the specific control procedures are:
- Segregation of duties
- Approval and control of documents
- Control over computerized applications
- Checking the arithmetical accuracy of records
- Maintaining and reviewing control accounts and trial balances
- Reconciliation
- Comparing the results of cash, securities and stock counts with accounting records
- Comparing internal data with external sources of information
- Limiting direct physical access to assets and records.

43
4.3 OBJECTIVES OF INTERNAL CONTROL

Some studies suggest that management typically has the following objectives in setting up a
good system of internal control.

a) The orderly and efficient conduct of its business

An organization which is efficient and conducts its affairs in an orderly manner is much
more likely to be able to supply the auditors with sufficient appropriate audit evidence on
which to base their audit opinion. More importantly, the level of inherent and control risk
will be lower, giving extra assurance that the financial statements do not contain material
errors.
b) Adherence to Internal Policies
Management is responsible for setting up an effective system of internal control and
management policy provides the broad framework within which internal controls have to
operate. Unless management does have a pre-determined set of policies, then it is very
difficult to imagine how the company could be expected to operate efficiently.
Management policy will cover all aspects of the company's activities and will range from
broad corporate objectives to specific areas such as determining selling prices and wage
rates.

Given that the auditors must have a sound understanding of the company's affairs
generally, and of specific areas of control in particular, then the fact that management
policies are followed will make the task of the auditors easier in that they will be able to
rely more readily on the information produced by the systems established by the
management.
c) Safeguarding of Assets
This objective may relate to the physical protection of assets (for example by locking
monies in a safe at night) or to less direct safeguarding (for example ensuring that there is
adequate insurance, cover for all assets). It can also be seen as relating to the maintenance
of proper records in respect of all assets.

The auditors will be concerned to ensure that the company has properly safeguarded its
assets so that they can form an opinion on existence of specific assets and, more generally,

44
 on whether the company's records can be taken as a reliable basis for the preparation of
financial statements. Reliance on the underlying records will be particularly significant
where the figure in the financial statements are derived from such records rather than as
the result of physical inspection.
d) Prevention and Detection of Fraud and Error
The directors are responsible for taking reasonable stops to prevent and detect fraud. They
are also responsible for preparing financial statements, which give a true and fair view of
the entity's affairs. However, the auditors must plan and perform their audit procedures
and evaluate and report the results thereof, recognizing that fraud or error may materially
affect the financial statements. A strong system of internal control will give the auditors
some assurance that frauds and errors are not occurring. Unless management are colluding
to overcome that system.
e) Accuracy and completeness of the accounting records/timely preparation of reliable
financial information
This objective is most clearly related to statutory requirements relating to both
management and auditors. The auditors must form an opinion on whether the company
has fulfilling this obligation and also conclude whether the financial statements are in
agreement with underlying records.

Detailed Internal Control Objectives

There are seven detailed objectives that an internal control system must meet to prevent errors
in the accounting records. A basic assumption that underlines the assessment of whether the
objectives were met is that the system of internal control was in operation as described for the
period of reliance. The auditor must be careful to ensure that the objectives were met
continuously and not just sporadically.

The client's system of internal control must be sufficient to provide reasonable assurance that:
1. recorded transactions are valid (validity).
(validity). The system should not permit the inclusion
of fictious or non-existent transactions in journal or other accounting records.
2. transactions are properly authorized (authorization).
(authorization). If a transaction that is not
authorized takes place, it could result in a fraudulent transaction and it could also have
the effect of wasting or destroying company assets.

45
 3. the existing transactions are recorded (completeness).
(completeness). The client's procedures must
provide controls to prevent the omission of transactions from the records.
4. transactions are properly valued (valuation).
(valuation). An adequate system includes procedures
to avoid errors in calculating and recording transactions at various stages in the
recording transactions at various stages in the recording process.
5. transactions are properly classified (classification).
(classification). The proper account classification
according to the client's chart of accounts must be made in the journals if the financial
statements are to be properly stated. Classification also includes such categories as
division and product.
6. transactions are recorded at the proper time (timing). The recording of transactions
either before or after the time they took place increases the likelihood of failing to
record transactions or of recording them at the improper amount. if late recording
occurs at the end of the period, the financial statements will be misstated.
7. transactions are properly included in subsidiary records and correctly summarized
(posting and summarization). In many instances individual transactions are
summarized and totaled before they are recorded in the journals. The journals are then
posted to the general ledger, and the general ledger is summarized and used to prepare
the financial statements. Regardless of the method used to enter transactions in the
subsidiary records and to summarize transactions, adequate controls are needed to
make sure summarization is correct.

The seven detailed internal control objectives must be applied to each material type of
transaction in the audit, such transactions typically include sales, purchases, cash receipts and
payments, acquisition and issuance provision of goods and services, payroll, and so on.

4.4 ELEMENTS OF INTERNAL CONTROL

It is necessary that a system have certain elements or characteristics that increase the
likelihood of reliable accounting records and safeguarding of assets. Elements are directly
related to internal control objectives and the way in which a company satisfies them. The
following six are discussed in this section. In evaluating the strength and weakness of a
system of internal control it is imperative to look into the following elements.

46
 - Competent, trustworthy personnel with clear lines of authority and responsibility
- Adequate segregation of duties
- Proper procedures for authorization
- Adequate documents and records
- Physical control over assets and records
- Independent checks on performance

Competent and Trustworthy Personnel

The most important element of any system of internal control is its personnel. If employees
are competent and trustworthy, even if some of the other elements are absent, reliable
financial statements will results. Honest, efficient people are able to perform at a high level
even when there are few other controls to support them. Conversely, even if the other five
elements of control are strong, incompetent or dishonest people can reduce the system to a
shambles.

Adequate Segregation of Duties

Four general guidelines for segregation of duties to prevent both intentional and unintentional
errors are of special significance to auditors. A discussion of each follows.

Separation of the Custody of Assets From Accounting

The reason for not permitting a person who has temporary or permanent custody of an asset to
account for that asset is to protect the firm from fraud. When one person performs both
functions, there is an excessive risk of his disposing of the asset for personal gain and
adjusting the records to reliance himself of responsibility. For example, if the casher receives
cash and maintains both the cash and account receivable records, it is possible for has to take
the cash received from a customer and adjust the customer's account by failing to record a sale
or by recording a fictious credit to the account.

Separation of the Authorization of Transactions From the Custody of Related Assets

It is desirable, if possible, to prevent persons who authorized transactions from having control
over the related asset. For example, the same person should not authorize the payment of a
vendors invoice and also sing the cheque in payment of the bill. Similarly, the authority for

47
adding new employees to or eliminating terminated employees from the payroll should not be
given to the person responsible for distributing payroll cheques. As illustrated, the
authorization of the transaction and the handling of the related asset by the same person
increases the possibility of fraud within the organization.

Separation of Duties Within the Accounting Function

The least accounting system is one in which one employee is responsible for recording a
transaction from its origin to its ultimate posting in the general ledger. This enhances the
likelihood that unintentional or intentional errors will remain undetected and it may encourage
sloppy performance of duties. It is possible, however, that a single bookkeeper may be cost
effective.

There are many opportunities for automatic cross checking of different employees' work in a
manual system by simply segregating the recording in journals from the recording in related
subsidiary ledgers. It is also possible to segregate the responsibility for recording in related
journals, such as the sales and cash receipts journals.

Separation of Operational Responsibility from Record Keeping Responsibility

If each department or division in an organization were responsible for preparing its won
records and reports, there would be a tendency to bias the results to improve its reported
performance. In order to ensure unbiased information, record keeping is typically included in
a separate department under the controller.

The overall organizational structure of a business must provide proper segregation of duties,
yet still promote operational efficiency and effective communication.

Proper Procedures for Authorization

Every transaction must be properly authorized if controls are to be satisfactory. If any person
in an organization could acquire or expand assets at will, complete chaos would result.
Authorization can be either general or specific. General authorization means that management
establishes policies for the organization to follow. Subordinates are instructed to implement
these general authorizations by approving all transactions within the limits set by the policy.

48
Examples of general authorization are issuance of fixed price lists for the sale of products,
credit limits for customers, and fixed automatic recorder points for making purchases.

Specific authorization has to do with individual transactions. Management is often unwilling

to establish a general policy of authorization for some transactions. Instead, it prefers to make
authorizations on a case-by-case basis. An example is the authorization of a sales transaction
by the sales manager for a used car.

The individual or group who can grant either specific or general authorization for transactions
should hold a position commensurate with the nature and significance of the transactions. The
policy for such authorizations should be established by top management. For example, a
common policy is to have all acquisitions of capital assets over a set amount authorized by the
board of directors.

There is also a distinction between authorization and approval. Authorization is a policy

decision for either a general class transactions or specific transactions. Approval is the
implementation of management's general authorization decisions. For example, assume
management sets a policy authorizing the ordering of inventory when less than a three-week
supply on hand. That is a general authorization. When a department orders inventory, the desk
responsible from maintaining the perpetual record approves the order to indicate that the
authorization policy has been met.

Adequate Documents and Records

Documents and records are the physical objects upon which transactions are entered and
summarized. They include such diverse items as sales invoices, purchase orders, subsidiary
ledgers, sales journals, time cards and bank reconciliation. Both documents of original entry
and records upon which transactions are entered are important elements of a system, but the
inadequacy of documents normally causes greater control problems.

Documents perform the function of transmitting information throughout the client's

organization and between different organizations. The documents must be adequate to provide
reasonable assurance that all assets are properly controlled and all transactions correctly
recorded. For example, if the receiving department fills out a receiving report when material

49
is obtained, the accounts payable department can verify the quantity and description on the
vendor's invoice by comparing it with the information on the receiving report.

Certain relevant principles dictate the proper design and use of documents and records.
Documents and records should be:
- Pre-numbered consecutively to facilitate control over missing documents, and as an
aid in locating documents when they are needed at a later date.
- Prepared at the time transaction takes place, or as soon thereafter as possible. When
there is a longer time interval, records are less credible and the chance for error is
increased.
- Sufficiently simple to ensure that they are clearly understood.
- Designed for multiple uses whenever possible, to minimize the number of different
forms. For example, a properly designed and used sales invoice can be the basis for
recording sales in the journals, the authority for shipment, the basis for developing
sales statistics, and the support for salesmen's commission.
- Constructed in a manner that encourages correct preparation. This can be done by
providing a degree of internal check within the form or record. For example, a
document might include instruction for proper routing, blank spaces for authorization
and approvals, designated column spaces for numerical data.

Physical Control Over Assets and Records

The most important type of protective measure for safeguarding assets and records is the use
of physical precautions. An example is the use of storerooms for inventory to guard against
pilferage. When the storeroom is under the control of a competent employee, there is also
further assurance that obsolescence is minimized. Fireproof safes and safety deposit vaults for
the protection of assets such as currency and securities are other important physical
safeguards.

Physical safeguards are also necessary for records and documents. The redevelopment of lost
or destroyed records is costy and time consuming. Imagine what would happen if an accounts
receivable master file were destroyed. The considerable cost of backup records and other
controls can be justified to prevent this loss. Similarly, such documents as insurance polices
and promissory notes should be physically protected.

50
Mechanical protective devices can also be used to obtain additional assurance that accounting
information is correctly and accurately recorded. Cash registers and certain types of automatic
data processing equipment are all potentially useful additions to the system of internal control
for this purpose.

Internal Verification
The last specific element of control is the careful and continuous review of the other five,
often referred to as independent checks or internal verification. The need for a system of
independent checks arises because a system tends to deteriorate over time unless there is a
mechanism for frequent review. Personnel are likely to forget or intentionally fail to follow
procedures or become careless unless someone observes and evaluates their performance. In
addition, both fraudulent and unintentional errors are always possible, regardless of the
quality of the controls.

An essential characteristic of persons performing internal verification procedures is

independence from the individual originally responsible for preparing the data. A
considerable portion of the value of checks on performance is lost when the individual doing
the verification is a subordinate of the person originally responsible for preparing the data or
lacks independence in some other way.

4.5 RISK ASSESSMENT

One of the components of internal control is risk assessment. Management should carefully
consider the factors that affect the risk that the organization's objectives will not be achieved.
When considering the financial reporting objective, these risks include the threats to preparing
financial statements in accordance with generally accepted accounting principles. For
example, the following factors might be indicative of increased financial reporting risk:
- changes in the organization's regulatory or operating environment
- changes in personnel
- implementation of a new or modified information system
- rapid growth of the organization
- changes in technology affecting production processes or information systems
- introduction of new lines of business, products, or processes

51
Management's process of risk assessment is similar to the auditor's assessment of audit risk, as
described in unit 3. However, the scope of management's risk assessment is more
comprehensive in that it involves consideration of factors that affect all of the organization's
objectives. The auditor's are concerned only with the level of inherent risk and control risk
that affect the organization's ability to produce financial statements that are in accordance
with generally accepted accounting principles.

4.6 LIMITATIONS OF INTERNAL CONTROL

Auditing standards states that the directors of an entity will set up internal controls in the
accounting system to assess the following.

a) Transactions are executed with proper authorization

b) All transactions and other events are promptly recorded at the correct amount, in the
appropriate accounts and in the proper accounting period.
c) Access to assets is permitted only in accordance with proper authorization.
d) Recorded assets are compared with the existing assets at reasonable intervals and
appropriate action is taken with regard to any differences.

However, any internal control system can only provide the directors with reasonal assurance
that their objectives are reached, because of inherent limitations, such as the following.
a) The usual requirement that the cost of an internal control does not outweigh the
potential loss, which may result from its absence.
b) Most systematic internal controls tend to be directed at routine transactions than non-
routine transactions. Hence it is important for auditors to ascertain what may go on
outside the accounting system.
c) The potential of human error in the operation of internal controls due to careless,
distraction, mistakes of judgment and the misunderstanding of instructions.
d) The possibility of controls being by passed because two or more people collude.
Collusion may be between people inside the organization, but may involve outsiders
as well.
e) The possibility that a person responsible for exercising internal control could abuse
that responsibility by overriding an internal control.

52
 f) The possibility that procedures may become inadequate due to changes in conditions
or that compliance with procedures may deteriorate overtime. This may particularly
apply if a business is expanding internal controls designed to cope with a smaller
business may well have problems coping.

These factors show why auditors cannot obtain all their evidence from tests of the systems of
internal control.

4.7 THE AUDITOR'S CONSIDERATION OF INTERNAL CONTROL

The second standard of fieldwork states:

A sufficient understanding of the internal control structure is to be obtained to plan the audit
and to determine the nature, timing, and extent of tests to be performed.

The Auditor's understanding of their client's internal control provides a basis both to (1) plan
the audit, and (2) assess control risk.

In planning an audit it is essential that the auditors have a sufficient understanding of the
client's internal control structure. This encompasses both an understanding of the design of the
policies, procedures, and records, and a knowledge of whether they have been placed in
operation by the client. It is difficult to imagine designing tests of financial statement balances
without an understanding of the internal control structure. For example, auditors who do not
understand the client's policies and procedures for executing and recording credit sales would
have a difficult time substantiating the balances of account receivable and sales.

The auditor's consideration of the internal control structure also provides a basis for their
assessment of control risk – the risk that material misstatements will not be prevented or
detected by the client's internal control structure. If the auditors determine that the client's
internal control is effective, they will assess control risk to be low. They can then accept a
higher level of detection risk, and substantive testing can be decreased. Conversely, if internal
controls are weak, control risk is high and the auditors must increase the scope of their
substantive tests to limit the level of detection risk. Therefore, the auditors' understanding of
internal control is a major factor in determining the nature, timing, and extent of substantive
testing necessary to verify the financial statement assertions.

53
Since an effective internal control structure is a major factor in an audit, the question arises as
to what action the auditors should take when internal control is found to be seriously
deficient. Can the auditors complete a satisfactory audit and properly express an opinion on
the fairness of financial statements of a company in which control risk is considered to be
extremely high? The answer to this question depends on whether the auditors believe that
inherent risk is at a satisfactory level so that substantive tests can be designed that will reduce
audit risk to an acceptable level. For example, the auditors of a small business with a limited
segregation of duties often apply an approach of restricting detection risk through extensive
substantive tests of financial statement assertions, rather than performing tests of internal
control.

4.8 INTERNAL CONTROL IN THE SMALL COMPANY

The preceding discussion of internal control and its consideration by the independent auditors
has been presented in terms of large corporations. In the large concern excellent internal
control may be achieved by extensive segregation of duties so that no one personally handles
a transaction completely from beginning to end. In the very small concern, with only one or
two office employees, there is little or no opportunity for division of duties and
responsibilities. Consequently, internal control tends to be weak, if not completely absent,
unless the owner/manager recognizes the importance of internal control and participates in
key activities.

Because of the absence of strong internal control in small concerns, the independent auditors
must rely much more on substantive tests of account balances and transactions than is
required in large organizations. Although it is well to recognize that internal control can
seldom be strong in a small business, this limitation is no justification for ignoring available
forms of control. Auditors can make a valuable contribution to small client companies by
encouraging the installation of such control procedures as are practicable in the
circumstances. The following specific practices are almost always capable of use in even the
smallest business:
1. Record all cash receipts immediately
2. Deposit all cash receipts intact daily

54
 3. Make all payments by serially numbered checks, with the exception of small
disbursements from petty cash
4. Reconcile bank accounts monthly and retain copies of the reconciliation in the
files
5. Use serially numbered sales invoices, purchase orders, and receiving reports
6. Issue checks to vendors only in payment of approved invoices that have been
matched with purchase orders and receiving reports
7. Balance subsidiary ledger with control accounts at regular intervals, and
prepare and mail customers' statements monthly.
8. Prepare comparative financial statements monthly in sufficient detail to
disclose significant variations in any category of revenue or expense.

Adherence to these basic control practices significantly reduces the risk of material error or
major defalcation going undetected. If the size of the business permits a segregation of the
duties of cash handling and record keeping, a fair degree of control can be achieved. If it is
necessary that one employee serve as both accounting clerk and cashier, then active
participation by the owners in certain key functions is necessary to guard against the
concealment of fraud or errors. In a few minutes each day the owner, even though not trained
in accounting, can create a significant amount of internal control by personally;
1) reading daily cash register totals
2) reconciling the bank account monthly
3) signing all checks and canceling the supporting documents
4) approving all general journal entries, and
5) critically reviewing comparative monthly statements of revenue and
expense.

4.9 INTERNAL CONTROL OVER MAJOR ACCOUNTING FUNCTIONS

4.9.1 The Sales System

The three elements of controls over sales are on:
- selling (authorization)
- good outwards (custody)

55
 - accounting (recording)

Control Consideration
1. Selling (authorization)
- Segregation of duties, credit control, invoicing and sales
- Authorization of credit terms to customers
o Authorization by senior staff
o References/credit checks obtained
o Regular review
- Authorization for changes in other customer data
o Change of address supported by letterhead
o Requests for deletion supported by evidence balances cleared/customer in
liquidation.
- Acceptance of customer orders
- Matching of customer orders with production orders and dispatch notes
- Authorization of dispatches of goods free of charge or on special terms
- Preparation of invoices and credit notes
o Authorization of selling prices/use of price lists
o Authorization of credit notes
o Checks of prices, quantities, extensions and totals on invoices and credit notes
o Custody over bank invoices and credit notes
2. Goods Outwards (custody)
- Authorization of dispatch of goods
o Dispatch only on sales order
o Dispatch only to authorized customers
- Examination of goods outwards as to quantity, quality and conditions
- Recording of goods outwards
- Agreement of goods outwards records to customer orders, dispatch notes and invoices
- Pre-numbering of dispatch notes and delivery notes
- Condition of returns checked

56
 - Recording of goods returned on goods returned notes
- Signature of delivery notes by customers

3. Accounting (records)
- Segregation of duties: recording sales, maintaining customer accounts and preparing
statements
- Matching of sales invoices with dispatch notes and checking details
- Recording of sales invoices sequence and control over spoilt invoices
- Matching of cash receipts with invoices
- Retention of customers remittance advices
- Separate recording of sales returns, price adjustment etc
- Cut-off procedures to ensure goods dispatched and not invoiced (or vice versa) are
properly dealt with the correct period
- Preparation and checking of debtor statements
- Safeguarding of debtor statements so that they cannot be altered before dispatch
- Review and follow-up of overdue accounts
- Authorization of writing off of bad debts
- Dealing with customer queries
- Arrangements for inter-group sales
- Reconciliation of sales ledger control account

Tests of Controls
1. Goods dispatched notes
- Verify trade sales with
o customers' orders
o internal sales orders approved by dully authorized officials
o sales invoices checking
 quantities
 prices charged with official price lists
 trade discounts have been properly dealt with
 calculation and addition

57
  entries in sales day book are correctly analyzed
 VAT, where chargeable, has been properly dealt with
 Posting to sales ledger

o entries in stock records

- Verify non-routine sales (scrap, fixed assets etc) with:
o appropriate supporting evidence
o approval by authorized officials
o entries in plant register etc
- Verify credit notes with
o correspondence or other supporting evidence
o approval by authorized officials
o entries in stock records
o calculations and additions
o entries in day book, checking these are correctly analyzed
o posting to sales ledger
- Test numerical sequence of dispatch notes and enquire into missing numbers
- Test numerical sequence of invoices and credit notes, enquire into missing number and
inspect copies of those cancelled.
- Test numerical sequence of order forms and enquire into missing numbers.
2. Sales day book
- Check entries with invoices and credit notes respectively
- Check additions and cross casts
- Check posting to general ledger and control account
- Check posting to sales ledger
3. Sales ledger
- Check a sample of accounts with entries to books of prime entity
- Check additions and balances carried down
- Note and enquire into contra entries
- Check that control accounts have been regularly reconciled

58
 - Scrutinize accounts to see if credit limits have been observed
4. Conclusions
- Write conclusions covering any errors or weaknesses discovered during the above
tests and noting any possible management letter points.

4.9.2 The Purchases System

Control Consideration
The three separate elements into which accounting controls may be divided also clearly
appear in the consideration of purchase procedures. They are buying (authorization) receipt of
goods (custody) and accounting (recording).

1. Buying
- Central policy for choice of suppliers
- Evidence required of requirements for purchase before purchase authorized (re-order
quantities and re-order levels)
- Orders forms prepared only when a purchase requisition has been received
- Authorization of order forms
- Prenumberred order forms
- Safeguarding of blank order forms
- Review of orders not received
2. Goods Inwards
- Examination of goods inwards
o quality
o quantity
o condition
- Recording arrival and acceptance of goods (good received notes)
- Comparison of goods received notes with purchase orders
3. Accounting
- Segregation of duties: accounting and checking functions
- Referencing of supplier invoices; numerical sequence and supplier reference

59
 - Checking of suppliers' invoices
o price, quantities, accuracy of calculation
o comparison with order and good received note
- Recording purchases and purchase returns
- Regular maintenance of purchase ledger
- Comparison of supplier statements with purchase ledger
- Authorization of payments
o authority limits
o confirmation that goods have been received, accord with purchase order, and
are properly priced and invoiced
- Review of allocation of expenditure
- Reconciliation of purchase ledger
- Cut-off accrual of unmatched goods received notes at year end.

Test of Controls
Invoices and Credit Notes
- Check invoices for capital expenditure, service, office supplies, expenses are:
o supported by requisitions, other supporting documentation etc
o approved by dully authorized officials and verify that authority limits are being
observed
o entered in plant register etc
- Check invoices for good, raw materials are:
o supported by purchase requisitions and purchase orders signed by authorized
officials
o supported by goods received notes and inspection notes
o entered in stock records
o priced correctly by checking to quotations, price lists to see the price is in order
o properly referenced with a number and supplier code
o correctly coded by type of expenditure
- Check partial deliveries are properly accounted for to ensure there is no duplicate
payment

60
 - Trace entry in record of goods returned etc and see credit note duly received from the
supplier, for invoices not passed due to defects or discrepancy
- For invoices of all types;
o check calculations and additions
o check entries in purchase day book and verify that they are correctly analyzed
o check posting to purchase ledger

- For credit notes

o verify the correctness of credit received with correspondence
o check entries in stock records
o check entries in record of returns
o check entries in purchase day book and verify that they are correctly analyzed
o check posting to purchase ledger
- Check for returns that credit notes are dully received from the suppliers
- Test the numerical sequence and enquire into missing number of
o purchase requisition
o purchase orders
o good received notes
o good returned notes
o suppliers' invoices
- Obtain explanations for items which have been outstanding for a long time
o unmatched purchased requisitions
o purchase orders
o good received notes (if invoices not received)
o unprocessed invoices
Purchase daybook
- Verify that invoices and credit notes are
o initialed for prices, calculations and extensions
o cross-referenced to purchase orders, goods received notes etc
o authorized for payment

61
 - Check addition
- Check postings to nominal ledger accounts and control account
- Check postings of entries to purchase ledger

Purchase Ledger
- For a sample of accounts
o test check entries back into books of prime entry
o test check additions and balance forward
o note and enquire into all contra entries
- Confirm contra account balancing has been regularly carried out during the year
- Examine control account for unusual entries

Conclusions
Write conclusions covering any errors or weaknesses discovered during the above tests and
noting any possible management letters points.

4.9.3 The Wages System

We will follow the same procedures as in section 4.9.1 and 4.9.2: control consideration and
then standard test of control. Auditors are checking that the correct employees are paid at the
correct rate, the liabilities of pay tax are properly deducted, and that wages and salaries and
deductions are properly recorded in the accounts.

Control Consideration
While in practice separate arrangements are generally made for dealing with wages and
salaries, the considerations involved are broadly similar and for convenience the two aspects
are here treated together.

General Arrangements
Responsibility for the preparation of pay sheet should be delegated to a suitable person, and
adequate staff appointed to assist him. The extent in which the staff responsible for preparing
wages and salaries may perform other duties should be clearly defined. In this connection full
advantage should be taken where possible of the division of duties, and checks available
where automatic wage accounting system are in use.

62
Other key controls
- Staffing and segregation of duties
- Maintenance of personnel records
- Authorization
o engagement and discharge of duties
o changes in pay rates
o overtime
o non-statutory deductions
o advance of pay
- Recording of changes in personnel and pay rates
- Recording and review of hours worked
- Holiday pay arrangements
- Answering queries

Preparation of payrolls
- Bases for compilation of payroll
- Preparation, checking and approval of payroll
- Dealing with non-routine matters

Payment of cash wages

- Segregation of duties
o cash sheet preparation
o distribution of wages
- Custody of cash
o encashment of cheque
o security of transit
o security of unclaimed wages
- Verification of identity
- Recording of distribution

Payment of salaries
- preparation and signing of checques and bank transfer lists

63
 - maintenance and reconciliation of wages and salaries bank account

Deductions from pay

- maintenance of separate employees' records, with which pay lists may be compared as
necessary
- reconciliation of total pay and deductions between one pay day and the next
- surprise cash counts
- comparison of actual pay totals with budget estimates or standard costs and the
investigations of variances
- agreement of gross earning and total tax deducted with income tax returns to the
Inland Revenue

Appropriate arrangement should be made for dealing with statutory and other authorized
deduction from pay, such as income tax, pension fund contributions, and savings held in trust.
A primary consideration is the establishment of adequate controls over the records and
authorized deduction.

Test of Controls
- Industrial wages and weekly salaries
- Arrange to attend the pay-out of wages to confirm that the official procedures are
being followed.

Industrial Wages
For a sample of employees
- Check with personnel records to see that the engagement of new employees and
departures have been confirmed in writing
- Check calculation of gross pay with
o authorized rates of pay
o production records. See that production bonuses have been authorized and
properly calculated
o clock cards, time sheets or other evidence of hours worked verify that overtime
has been authorized

64
 - Examine receipts given by employee: trace unclaimed wages to unclaimed wages
book:
- Trace gross wages earned to tax deduction cards and, where appropriate, to holiday
pay cards
- Check calculation of deduction for income pension/provident fund
- Check other deductions to appropriate records. In respect of voluntary deductions see
authority therefore completed by the employees concerned

For a number of weeks

- Check additions of payroll sheets
- Check totals of wages sheets selected in (a) to summary
- Check addition and cross-casts of summary
- Check postings of summary to nominal ledger (including control accounts)
- Check casts of net cash column to cash book
- Verify that the wage summary has been approved for payment
- Verify that reconciliation have been made with
o the previous week's payroll
o clock cards with time sheets/job cards (hours)
o gross wages with costing analyses, production budgets

Unclaimed wages
- Check entries in the unclaimed wages book with the entries on the wages sheets
- Check the unclaimed wages are banked regularly
- Check the unclaimed wages books shows reasons why wages are unclaimed

Holiday pay
- Verify a sample of payments with the underlying records and check the calculation of
the amount paid

65
Salaries-weekly and monthly
- For a sample of employees
o check personnel records. Confirm that the engagement of new employees and
discharges have been confirmed in writing
o verify that gross salaries are in accordance with personnel records, letters of
engagement etc and increases in pay have been properly authorised
o verity that overtime has been properly authorized
o check calculation and deductions for income tax and pension/provident fund
o verify that other deductions have been correctly made and accounted for
o check calculation of net pay
o examine receipts from employees paid in cash
o examine paid cheques or certified copy of bank list for employees paid by
cheque or bank transfer

- For a number of weeks/months

o check additions of payroll sheets
o check totals of salaries sheet to summary
o check addition and cross-costs of summary
o check posting of summary to nominal ledger (including control accounts)
o check total of net pay column to cash book
o verity that the summary has been approved for payment
o verify the total of salaries has been reconciled with the previous week/month
or standard payroll

Deductions
- Scrutinize the controlled account maintained to see appropriate deduction have been
made
- Check to see that the employer's contribution for pension/provident fund has been
correctly calculated
- Check that the payment to the inland revenue and other bodies are correct

66
Conclusions
Write conclusions covering any errors or weaknesses discovered during the above tests and
nothing any possible management letter points.

4.9.4 The Cash System

The key aim of control over cash is to prevent fraud or theft of receipts and payments, and
also unauthorized payments being made.

Segregation of duties is particularly important here. The person responsible for receiving and
recording cash when it arrives in the post should not be the same as the person responsible
banking it. Ideally the cashbook should be written up by a further staff member, and fourth
staff member should reconcile the various records of amounts received.

Records of cash are obviously also at the heart of company's accounting records; therefore if
these accounting records are to fulfill companies act requirements, cash must be recorded
promptly.

The following matters should be considered.

Control Consideration: cash at bank and in hand-receipts

- Segregation and duties between the various function listed below is particularly
important.
1. Receipts by Post
- Safeguards to prevent interception of mail between receipt and opening
- Appointment of responsible person to supervise mail
- Protection of cash and cheques (restrictive crossing)
- Amounts received listed when post opened
- Post stamped with date of receipt
2. Control Over Cash Sales and Collections
- Restrictions on receipts of cash (by cashier only, or by salesmen etc)
- Evidencing of receipt of cash
o serial numbered receipt forms
o cash registers incorporating sealed till rolls
- Clearance of cash offices and registers

67
 - Agreement of cash collections with till rolls
- Agreement of cash collections with banking and cash and sales records
- Investigation of cash shortages and surpluses
3. Recording
- Maintenance of records
- Limitation of duties of receiving cashiers
- Holiday arrangements
- Giving and recording of receipts
o retained copies
o serial numbered receipts books
o custody of receipts books
o comparisons with cash records
4. Paying into Bank
- Daily banking
- Make-up and comparison of paying-in slip against initial receipt records and cash
book
- Banking of receipts intact/control of disbursements
5. Cash and Bank Balances
- Restriction on opening new bank accounts
- Limitation of cash floats held
- Restrictions on payments out of cash received
- Restrictions on access to cash registers and offices
- Independent checks on cash floats
- Surprise cash counts
- Custody of cash outside office hours
- Insurance arrangements
- Control of funds held in trust for employees
- Bank reconciliation
o issue of bank statements
o frequency of reconciliation by independent person
o reconciliation procedures

68
 o treatment of long standing un presented cheques
o stop payment notice
o sequence of cheque numbers
o comparison with cash books

Control Consideration: Cash at bank and in hand payments

The arrangements for controlling payments will depend to a great extent on the nature of
business transacted, the volume of payments involved and the size of the company.

Cheque and Cash Payments Generally

The cashier should generally not be concerned with keeping or writing up books of account
other than those recording disbursements nor should he have access to, or be responsible for
the custody of, securities, title deeds or negotiable instrument belonging to the company.
The person responsible for preparing cheques or traders' credit lists should not himself be a
cheque signatory. Cheque signatories in turn should be responsible for recording payments.

- Cheque Payments
o custody over supply and issue of cheques
o preparation of cheques restricted

- Cheque Requisitions
o presentation to cheque signatories
o approval by appropriate staff
o cancellation (crossing/recording cheque number)
- Authority to sign cheques
o signatories should not also approve cheque requisitions
o limitation on authority to specific amounts
o number of signatories
o prohibitions over signing of blank cheques
- Safeguards over mechanically signed cheques/ cheques carring printed signatures
- Restrictions on issue of blank or bearer cheques
- Prompt dispatch of signed cheques

69
 - Obtaining of paid cheques from banks
1. Cash Payments
- authorization of expenditures
- cancellation of vouchers to ensure cannot be paid
- limits on disbursements
- rules on cash advances to employees, and cheque cashing

Test of Control
Receipt received by post
- Observe procedure for post opening are being followed
- Observe the cheques received by post are immediately crossed in the company's favor
of the company
- For items entered in the rough cash book (or other record of cash, cheques etc received
by post), trace entries to:
o cash book
o paying in book
o counter foil or carbon copy receipts
- Verify amounts entered as received with remittance advices or other supporting
evidence.
Cash sales, branch takings
- For a sample of cash sales summaries/branch summaries from different locations
o verify with till rolls or copy cash sales notes
o check to paying-in slip date-stamped and initialed by the bank
o verify that takings are banked intact daily
o vouch expenditure out of takings
Collections
- for a sample of items from the original collection records
o trace amounts to cash book via collectors' cash sheets or other collection
records
o cheque entries on cash sheets or collection records with collectors' receipt
books

70
 o verify that goods delivered to travelers/sales men have been regularly
reconciled with sales and stocks in hand
o check numerical sequence of collection records

Receipts Cash Book

For cash receipts for several days through out the period
- Check to entries in rough cash book, receipts, branch returns or other records
- Check to paying in slip obtained direct from the bank, observing that there is no delay
in banking monies received
- Check additions of paying in slips
- Check additions of cash book
- Check posting to the sales ledger
- Check posting to the purchase ledger
- Check posting to the general ledger, including control accounts
- Scrutinize the cash book and investigate items of a special or unusual nature
Cash payments
- For a sample of payments
o compare with paid cheques
o note that cheques are signed by the persons authorized to do so within their
authority limits
o check to suppliers' invoices for goods and services. Verify that supporting
documents are signed as having being checked and passed for payment and
have been stamped paid
o check to suppliers' statements
o check to other documentary evidence, as appropriate (agreements, authorized
expense vouchers, wage/salaries records, petty cash books etc)

Payments cash book

- For a sample of weeks
o check the sequence of cheque numbers and enquire into missing numbers
o trace transfer to other bank accounts, petty cash books or other records, as
appropriate

71
 o check additions, including extensions, and balance forward at the beginning
and end of the months covering the period chosen
o check posting to the sales ledger
o check posting to the purchase ledger
o check posting to the general ledger, including the control accounts
o scrutinize the cash book for the rest of the year and examine items of a special
or unusual nature
o check custody arrangements for blank cheques

Bank reconciliation
- For a period which includes a reconciliation date
o compare cash book(s) and bank statements in detail, and check items
outstanding at the reconciliation date to bank reconciliation concerned
o verify contra items appearing in the cash books or bank statements
o obtain satisfactory explanations for all item in the cash book for which there
are not corresponding entries in the bank statement and vice versa
o examine all lodgments in respect of which payment has been refused by the
bank. Ensure that they are cleared on representation or that other appropriate
steps have been taken to effect recovery of the amount due.
- Verify that reconciliation have been prepared at regular intervals throughout the year
- Scrutinize reconciliation for unusual items

Petty cash
- For a sample of payments
o check to supporting vouchers
o check whether they are properly approved
o see that vouchers have been marked and initialed by the cashier to prevent their
re-use
- For a sample of weeks
o trace amounts received to cash book
o check additions and balances carried forward

72
 o check postings to the nominal ledger

Conclusion
Write conclusions covering any errors or weaknesses discovered during the above tests and
noting any possible management letter points.

4.9.5 The Inventory System

The inventory system can be very important in an audit because of the high value of inventory
or the complexity of its audit. It is closely connected with the sales and purchases systems.

Control Considerations
Inventory may be as susceptible to irregularities as cash and indeed, in some circumstances
the risk of loss may be materially higher. Arrangements for the control of inventory should be
framed with this in mind.

The inventory control procedure should ensure that inventory held are adequately protected
against loss or misuse, and are properly applied in the operation of the business.
Inventory should be duly accounted for by appropriate recording and authorization of all
movements. It is also important that the business has proper control over inventory level to
prevent on the one hand the possibility of running out of stock and on the other of holding too
much inventory, and hence incurring increased holding cost and the risk of inventory
obsolescence.

A further aim should be to ensure inventory is appropriately valued, and that write-downs of
inventory are kept to a minimum. According to the nature of the business separate
arrangement may be necessary for different categories of inventories, such as raw materials,
components, work in progress, finished goods and consumable stores.

Other controls
- Segregation of duties, custody and recording of inventories
- Reception, checking and recording of goods inwards
- Precautions against theft, misuse and deterioration
o restriction of access to stores
o control on stores environment (temperature, precautions against damp)

73
 - Control of inventory levels
o maximum inventory limits
o minimum inventory limits
- Maintenance of inventory records
o inventory ledger
o bin cards
o transfer records
- Arrangements for dealing with returnable containers
- Security over inventory held by third parties, and third party inventory held by entity
- Inventory-taking
o regular inventory taking
o fair coverage
o counts by independent person
o recording
o cut-off goods in transit and time differences
o reconciliation of inventory count to book records and control accounts
- Computation of inventory valuation
o checking of calculation
- Review of condition of inventory
o treatment of slow-moving, damaged and obsolete inventory
o authorization of write-offs
- Accounting for scrap and waste

Taste of controls
Most of the testing relating to inventory has been covered in the purchase and sales testing.
Other test of control, which might be carried out in certain circumstances include the
following.
- Test check inventory counts carried out from time to time (eg. Monthly) during the
period and confirm:
o all discrepancies between book and actual figures have been fully investigated

74
 o all discrepancies have been signed off by a senior managers
o obsolete, damaged or slow moving goods have been marked accordingly and
written down to Net Realizable Value (NRV)
- Select a sample of stock movements records and agree to goods received and goods
dispatched notes
- Select a sample of good received and goods dispatched notes and agree to inventory
movement records
- Check sequence of inventory records
- Observe security arrangements for inventories
- Consider environment in which inventories are held

Check Your Progress Exercise

1. What is an internal control?
…………………………………………………………………………………………………...
…………………………………………………………………………………………………...
…………………………………………………………………………………………………...
2. Define the control environment?
…………………………………………………………………………………………………...
…………………………………………………………………………………………………...
…………………………………………………………………………………………………...
3. What are the internal control procedures?
…………………………………………………………………………………………………...
…………………………………………………………………………………………………...
…………………………………………………………………………………………………...
4. What are the major objectives of internal control?
…………………………………………………………………………………………………...
…………………………………………………………………………………………………...
…………………………………………………………………………………………………...
5. What are the inherent limitations of internal control?

75
…………………………………………………………………………………………………...
…………………………………………………………………………………………………...
…………………………………………………………………………………………………...
6. What are the elements of internal control?
…………………………………………………………………………………………………...
…………………………………………………………………………………………………...
…………………………………………………………………………………………………...
7. Which auditing standard states about the auditor's consideration of internal control?
…………………………………………………………………………………………………...
…………………………………………………………………………………………………...
…………………………………………………………………………………………………...
8. Why must auditors obtain an understanding of the client's accounting system?
…………………………………………………………………………………………………...
…………………………………………………………………………………………………...
…………………………………………………………………………………………………...

9. What procedures should be in place to control goods inwards?

…………………………………………………………………………………………………...
…………………………………………………………………………………………………...
…………………………………………………………………………………………………...
10. What are the key controls over cash receipts and payments?
…………………………………………………………………………………………………...
…………………………………………………………………………………………………...
…………………………………………………………………………………………………...

4.10 SUMMARY

The auditors must understand the accounting system and control environment in order to
determine the audit approach.

76
Specific control procedures include the following
- approval and control of documents
- controls over computerized applications and the information technology environment
- checking the arithmetic accuracy of the records
- maintaining and reviewing control accounts and trial balances
- reconciliation
- comparing the results of cash, security and stock counts with accounting records
- comparing internal data with external sources of information
- limiting direct physical access to assets and records

The auditors understanding of internal control provides a basis both to plan the audit and
assess control risk.

In small businesses auditors must rely much more on substantive tests of account balances
and transactions rather than tests of controls.

The tests of controls of the sales system will be based around

- selling (authorization)
- goods outwards (custody)
- accounting (recording)
Similarly, the purchases system tests will be based around
- buying (authorization)
- goods inwards (custody)
- accounting (recording)

Key controls over wages cover

- documentation and authorization of staff changes
- calculation wages and salaries
- payment of wages
- authorization of deductions

controls over cash receipts and payments should prevent fraud and theft. Inventory controls
are designed to ensure safe custody. These include
- restriction of access to stock

77
 - documentation and authorization of movement.

4.11 ANSWER TO CHECK YOUR PROGRESS EXERCISE

1. Refer Section 4.2

2. Refer Section 4.2.1
3. Refer Section 4.2.2
4. Refer Section 4.3
5. Refer Section 4.6
6. Refer Section 4.4
7. Refer Section 4.7
8. Refer Section 4.7
9. Refer Section 4.9.2
10. Refer Section 4.9.4

78