Chap 8 Tests of Controls. [PDF]

Zitiervorschau

Page 317

CHAPTER 8 Tests of controls

LEARNING OBJECTIVES (LO) 8.1

Understand that tests of controls are undertaken when the auditor intends to rely on controls to reduce the risk of material misstatement.

8.2

Appreciate that, when undertaking tests of controls, the auditor must collect audit evidence about the existence, effectiveness and continuity of controls. Identify factors affecting the auditor’s assessment of the sufficiency and appropriateness of evidence provided by tests of

8.3

8.4 8.5 8.6

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

8.7

controls. Describe the audit procedures for testing controls in the revenues, receivables and receipts system. Describe the audit procedures for testing controls in the expenditures, payables and disbursements system. Describe the audit procedures for testing controls relating to other types of expenditure transactions, including contractual transactions. Understand the auditing approaches used to test the controls contained in the client’s computer programs, including test data and integrated test facilities.

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

RELEVANT GUIDANCE Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment

ASA 330/ISA 330

The Auditor’s Responses to Assessed Risks

ASA 240/ISA 240

The Auditor’s Responsibilities Relating to Fraud in an Audit of a Financial Report

ASA 402/ISA 402

Audit Considerations Relating to an Entity Using a Service Organisation

ASA 500/ISA 500

Audit Evidence

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

ASA 315/ISA 315

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

CHAPTER OUTLINE As part of the planning process, the auditor has undertaken an assessment of business risk and an associated evaluation and assessment of inherent and control risk. From these assessments and evaluations the auditor has identified the classes of transactions and events, account balances and disclosures that contain a risk of material misstatement, and determined the required detection risk. The auditor then prepares an audit program, which outlines the audit tests that the auditor intends to undertake to reduce this risk of material misstatement to an acceptable level. Until this stage of the audit, the auditor has not undertaken any testing Page 318 of details. There are two major types of tests of details: tests of controls and substantive tests. The purpose of tests of controls (to support an assessed level of control risk) is very different from that of substantive tests of transactions and balances, and substantive analytical procedures (to reduce the auditor’s detection risk). It is also possible that certain types of testing can test both controls and substantively verify the dollar value. For example, a transaction may be selected by the auditor to test that it has been appropriately authorised (test of controls), and that the dollar amount is correct (substantive test of transactions). These are called dual-purpose tests and will be discussed in more detail in Chapter 9 . If control risk is assessed as being at any level less than high (that is, if reliance is to be placed on controls), then tests of controls must be undertaken to provide evidence of the existence, effectiveness and continuity of these key controls. In this chapter, tests of controls for the major systems of revenue, receivables and receipts, and expenditures, payables and disbursements are covered. Testing of controls for

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

other types of expenditure transactions, including contractual transactions and payroll, are also considered. This chapter covers tests of controls in a financial report audit, as illustrated in Figure 8.1

, an expansion of part of the flowchart provided in Chapter 1

.

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

FIGURE 8.1 Flowchart of response to assessed risks: tests of controls and tests of details

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

Page 319

LO 8.1 Tests of controls The auditor must obtain sufficient appropriate evidence to support the assessed level of control risk. As outlined in Chapter 7 , if the auditor assesses control risk as high for an account balance or assertion, there will be no tests of controls for that account balance or assertion. This is because the auditor does not plan to place any reliance on the related controls. Control risk will be assessed as high if the auditor has determined that: 1. controls do not exist 2. the controls that do exist will not provide reliable evidence, or 3. it is more efficient or effective to gather the required evidence by undertaking substantive testing. The one exception, where the auditor is required to perform tests of controls to obtain audit evidence about the operating effectiveness of controls, is if substantive procedures alone cannot provide sufficient appropriate evidence to reduce a risk of material misstatement to an acceptable level (ASA 330.8(b)/ISA 330.8(b)). Such areas would include those involving the routine recording of significant classes of transactions, such as an entity’s revenue, purchases, cash receipts and cash payments. The characteristics of these routine transactions often permit highly automated processing with little or no manual intervention. In such circumstances it might not be possible to perform only substantive procedures in relation to risk (ASA 315.30/ISA 315.30).

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

One example of a routine system where it may not be possible to perform only substantive procedures is airline ticket sales by a large airline such as Qantas. These sales transactions would be subject to routine control procedures. With numerous sales transactions within an accounting period, the auditor would be able to verify only a very small proportion of these transactions by using substantive tests of transactions. It would be expected in such systems that the auditor would evaluate control risk as less than high and undertake tests of controls in such systems. In addition, any control deficiencies in such automated systems would be expected to lead to systematic errors, which would be better identified by evaluating and testing internal control rather than by substantively verifying a small proportion of transactions or account balances. In assessing the control risk as less than high, the auditor has identified specific internal control policies and procedures that they believe will prevent or detect misstatements for the assertion. Evidence is needed to support the appropriateness of this assessment (ASA 330.8(a)/ISA 330.8(a)).

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

Tests of controls are usually concerned with gathering evidence concerning the effectiveness and continuity of controls associated with the processing of particular classes of transactions through the accounting system (existence of controls has been established during the assessment of controls, as discussed in Chapter 7 ). Transactions can also be substantively tested to provide evidence to support the assessment of detection risk. The best way of distinguishing between tests of controls and substantive tests of transactions is that tests of controls relate only to the assessment of controls and do not directly measure monetary error in accounting records. Substantive tests, whether of transactions or balances, are concerned with whether monetary errors have occurred. The coordinated program of tests of controls, substantive tests of transactions and balances and substantive analytical procedures (substantive procedures will be discussed further in Chapter 9 ) is commonly referred to as the audit program, which was discussed in Chapter 5 . The audit program sets out the combination of evidence-gathering procedures that the auditor believes will result in the most efficient and effective audit. If at any stage during this testing phase the auditor determines that controls are not working as they expected and that they have placed too much reliance on these controls, they can reduce the extent of tests of controls and increase the reliance on substantive testing, by changing their nature or increasing their extent.

Planning the scope of tests of controls The auditor’s underlying objective in undertaking tests of controls is to gain reasonable assurance that the controls associated with the processing of a particular class of transactions are working as expected. This will enable the auditor to reduce substantive tests. The considerations that affect the nature, timing and extent of tests of controls are explained in the following discussion.

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

Nature

Page 320

The nature of testing refers in the first place to the type of testing, being either tests of controls or substantive tests of transactions or balances. Based on the understanding of the internal control system gained in assessing control risk (as discussed in Chapter 7 ), the auditor identifies whether there are internal control policies or activities in place that provide reasonable assurance of achieving control objectives. If such policies or activities are prescribed, the auditor designs tests of their operating effectiveness (tests of controls). As the planned level of assurance increases, the auditor seeks more persuasive evidence

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

(ASA 330.9/ISA 330.9). If there are no internal control procedures prescribed that provide reasonable assurance of achieving specific control objectives, the auditor designs substantive tests of transactions or balances. The nature of testing also refers to the specific type of audit procedures used. These were discussed in Chapter 4 and are contained in ASA 500 (ISA 500), being inspection, observation, enquiry, external confirmation, recalculation, re-performance and analytical procedures. The specific type of tests of controls undertaken will depend on the characteristics of the control, but common procedures for testing controls are inspection, observation and enquiry. If the auditor identifies a control that they decide to rely on, and therefore needs to test that control’s operating effectiveness, the auditor should not use enquiry alone, but should perform other procedures as well (ASA 330.10(a)/ISA 330.10(a)). It would be a very rare circumstance in which enquiry alone provided the auditor with sufficient appropriate evidence that a control was operating effectively. This process is best understood by considering Global example 8.1

.

GLOBAL EXAMPLE 8.1 Test of controls for the recording of sales A specific control objective for sales transactions is that all goods shipped (or services rendered) have been recorded in the accounting records (the completeness assertion). A test of controls is to see that shipping documents are pre-numbered, that the numbers are accounted for by the client and that the shipping documents are matched to sales invoices and approved sales orders. The auditor would need to conduct a test of the numerical sequence of shipping documents issued or seek other evidence to ensure that the client has checked the numerical sequence, and select a sample of shipping documents and inspect the related sales invoices and sales orders to ensure

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

that the client has matched the documents. Enquiry alone is unlikely to provide the auditor with sufficient appropriate evidence that the control was operating effectively.

Timing Given that most of the controls the auditor intends to rely on relate to transaction flows, the auditor will need to establish that the control is operating effectively for the entire period of intended reliance. To aid the auditor’s ability to meet deadlines and the scheduling of staff,

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

the auditor sometimes schedules tests of controls to provide audit evidence for an interim period (this testing is commonly undertaken one to three months before balance date). The auditor would not normally undertake this testing at an early stage unless they believed that there were adequate controls in place to allow ‘roll-forward of testing’ (extending tests until year end). When obtaining evidence about the operating effectiveness of internal controls during this interim period, the auditor identifies whether there are any significant changes to the internal controls subsequent to the time that they were tested, and determines what additional evidence should be obtained for the remaining period (ASA 330.12/ISA 330.12). The factors that influence the extent of tests of controls necessary for the remaining period (the period between the interim date and the balance date) are as

Page 321

follows: Results of the tests of the interim period If results indicate that internal control policies and procedures lack operating effectiveness, control risk should be assessed as high and substantive tests of transactions and balances should be undertaken for the entire period of audit interest. Enquiries concerning the remaining period Enquiries should be directed at determining whether there were any significant changes in control or accounting procedures during the remaining period. Nature and amount of the transactions and balances involved If the transactions occurring between the completion of tests of controls and the end of the year are atypical of the transactions for the year, this indicates the need to test further. That would be the case with a highly seasonal business and with an entity that has several large or unusual transactions near the end of the year.

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

Evidence of compliance within the remaining period obtained from substantive tests Evidence obtained through tests such as the pricing of inventory or external confirmation of accounts receivable at balance date (which will be discussed in Chapter 9 ) shows both the accuracy of total debits and credits to those accounts and the propriety of the ending balances. If these tests indicate satisfactory results, there is less need to test controls for the remaining period. Other matters that the auditor considers relevant in the circumstances These include the auditor’s assessment of business risk and inherent risk, and the results of analytical procedures applied as an aid in planning the audit program. A commonly asked question is whether it is necessary to test the operating effectiveness of internal controls every year in order to continue to place reliance on them. The answer to this is no. If the auditor gains evidence that controls on which reliance was placed in previous audits have not changed, they may still rely on these controls for the current audit. The auditor obtains this evidence by enquiring of those responsible, combined with observation or inspection to confirm the auditor’s understanding of those specific controls.

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

Depending on the evidence thus gathered, the auditor then takes one of the following courses of action: If there have been changes that affect the continuing relevance of the audit evidence from the previous audit, the auditor tests the controls in the current audit. If there have not been any such changes, the auditor tests the controls at least once in every third audit, making sure to test some controls in each audit to avoid the possibility of testing all the controls in a single audit period with no testing of controls in the subsequent two audit periods (ASA 330.13–14/ISA 330.13–14).

Extent The more the auditor relies on the operating effectiveness of controls, the greater will be the extent of the auditor’s tests of controls (ASA 330.9/ISA 330.9). The extent of tests of controls that consist of inspecting documents for indication of the performance of a checking routine or approval by stamps, initials or signatures is commonly determined using audit sampling techniques. Determination of the extent of tests of controls using audit sampling will be explained in Chapter 10 . The extent of tests of controls that consist of re-performance of completed accounting routines is not, however, determined by reference to audit sampling. Many reconciling and balancing routines (for example, bank reconciliations) are performed monthly by the client. A common audit approach is to recompute one or a few such reconciliations or balancings and evaluate controls associated with these accounting routines (such as review or authorisation), and then check that the routine and related control procedures were performed in the other months. If the routine is performed much more frequently, the common approach is to select a sample of routines, to check whether the routine was

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

performed throughout the period. The rationale for this approach is that inspecting a reconciliation or trial balance provides reasonable evidence that the routine and

Page 322

related control procedures were properly performed and that, if they were not, sloppy or improper performance will be apparent. The only exception to an increase in extent with increasing reliance is in the area of automated IT processing. Because of the inherent consistency of IT processing, an automated control should function consistently unless the program is changed. Therefore, audit tests may be undertaken to ensure that changes have not been made to the program (ASA 330.A29/ISA 330.A29).

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

QUICK REVIEW 1. Tests of controls must be undertaken if reliance is to be placed on controls (i.e. if control risk is assessed as less than high). 2. Tests of controls will normally only be undertaken if the increased effort is more than offset by a reduced level of substantive testing. The auditor chooses the most efficient and effective combination of tests of controls, substantive tests of transactions and balances and substantive analytical procedures. The auditing standards also require tests of controls to be undertaken where substantive procedures alone do not provide sufficient appropriate evidence. 3. The auditor does not undertake tests of controls if there is no reliance to be placed on controls, either because of a lack of controls or because of identified control weaknesses, or because a substantive approach will result in a more efficient or effective audit. In either of these circumstances control risk should be assessed as high. 4. When planning the scope of tests of controls, the auditor considers the: nature—the specific control objectives for a transaction class provide a framework for designing tests of controls timing—many tests of controls are undertaken at an interim period and the auditor should determine what additional evidence should be obtained for the remaining period extent—this is usually determined with reference to audit sampling techniques.

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

5. The auditor does not necessarily need to test the operating effectiveness of internal controls every year in order to place reliance on them. If the auditor gains evidence that controls on which reliance was placed in previous audits have not changed, they may still rely on these controls for the current audit. They must, however, test these controls at least once in every third audit.

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

LO 8.2 Existence, effectiveness and continuity of controls For internal controls to provide audit evidence about the risk of material misstatements at the assertion level, the auditor must collect audit evidence about the existence, effectiveness and continuity of controls. Evidence of the existence of controls is usually gained when the auditor is evaluating control risk, as discussed in Chapter 7 . Tests of controls are aimed at establishing their effectiveness and continuity. ASA 330.8(a) (ISA 330.8(a)) requires that ‘the auditor shall design and perform tests of controls to obtain sufficient appropriate audit evidence as to the operative effectiveness of relevant controls if . . . the auditor’s assessment of risks of material misstatement at the assertion level includes an expectation that the controls are operating effectively’. From this requirement it can be seen that the existence of the control is identified at the time of assessing the control risk component of the risk of material misstatement. The continuity requirement is similar to the timing requirements discussed in the previous section , in that the auditor is required to test controls throughout their period of intended reliance (ASA 330.11/ISA 330.11). These three aspects of internal control are summarised in Table 8.1 . (See also Global example 8.2 .) Page 323

TABLE 8.1 Aspect

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

Existence

ASPECTS OF INTERNAL CONTROL FOR WHICH EVIDENCE IS GATHERED Definition Whether prescribed internal control procedures actually exist. For example, if a clerk is supposed to verify the mathematical

How tested Existence is normally identified when evaluating the design of the internal control policy and activities, using the audit procedures outlined in Chapter 7 under ‘Assessing control risk ’.

accuracy of an invoice, do they actually perform the verification? Effectiveness

Whether the

Effectiveness is usually evaluated as part

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

Continuity

control is operating effectively. That is, does the control prevent or detect the misstatements that it is designed to prevent or

of the tests of controls. Procedures include re-performing the control (e.g. checking the price, quantities and maths on invoices) and sighting documents to see that controls were complied with (e.g. checking that a voucher contains supporting documentation). If the control is programmed, such as checking

detect?

authorisation codes, run unauthorised transactions through the program to make sure they are correctly identified and excluded.

Whether the control operated throughout the period of intended reliance. For example, if the control was operational for

Continuity is usually evaluated as part of the tests of controls. This is usually achieved by ensuring that the sample of transactions to be tested is selected from throughout the year.

only part of the year, then no reliance can be placed on the control for the period when it was not operating.

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

Note: The auditing standards refer to effectiveness and continuity as ‘operating effectiveness’.

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

GLOBAL EXAMPLE 8.2 Existence, effectiveness and continuity of controls Assume there is a control where, before cash payments are authorised, a manager must ensure that there is appropriate supporting documentation for the payment (such as a supplier’s invoice, and evidence that goods were received). Existence will involve ensuring that there are appropriate policies and procedures for the authorisation; these are usually identified when assessing control risk (see Chapter 7 ). Effectiveness will involve ensuring that the control is doing what it is supposed to do, which is stopping unauthorised payments with insufficient supporting documentation. Continuity involves ensuring that the control has been in existence and effective over the period of intended reliance, and would involve sampling from all the cash payments during the period of audit. Tests of controls are undertaken to establish the effectiveness and continuity of the controls.

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

Page 324

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

QUICK REVIEW 1. The auditor must collect audit evidence about the existence, effectiveness and continuity of controls, as follows: Existence—that the internal control exists and is suitably designed to prevent or detect and correct material misstatements Effectiveness and continuity—that the internal control has operated effectively throughout the relevant period.

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

2. Evidence of the existence of controls is usually gained when the auditor is evaluating control risk. Evaluation of controls directed towards existence generally includes enquiries of entity personnel, inspection of documents and reports and observation of the application of specific internal control policies and procedures, including walk-throughs. These tests often require the preparation of flowcharts or questionnaires, as discussed in Chapter 7 . 3. Tests of controls are aimed at establishing their effectiveness and continuity. Relevant audit tests of controls include inspection of documents and reports for evidence indicating performance of the policy or procedure (such as signatures or other evidence of review and authorisation), observation of the application of the policy or procedure and reperformance of the policy or procedure by the auditor.

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

LO 8.3 Sufficiency and appropriateness of evidence As discussed in Chapter 4 , ASA 500.6 (ISA 500.6) requires the auditor to consider the sufficiency (quantity) and appropriateness (quality) of audit evidence. The quantity of evidence necessary to support a specific level of control risk is a matter of auditor judgment. The auditor would require stronger evidence as to the adequate design and operation of a procedure if the assessed level of control risk is low rather than medium. This is because a low assessment of control risk indicates that the auditor is going to place greater reliance on this procedure as an appropriate form of audit evidence: the greater the reliance, the greater the evidence required. Other factors that the auditor considers in determining whether the tests of controls have yielded sufficient appropriate evidence include the type and source of evidence and the interrelationships of the evidence with other evidence.

Type and source of evidence As for audit evidence in general (see Chapter 4 ), the auditor recognises that some audit tests of controls provide stronger evidence than others. For example, enquiry and observation that the accounts payable manager reviews invoices and supporting documents before cheques are written provide some evidence, but inspection of written approvals for a sample of cheques throughout the period provides more assurance of the existence, effectiveness and continuity of this control.

Interrelationships of evidence

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

The auditor considers the combined effect of all the evidence that the auditor collects. Included in this consideration is the interaction of the internal control components and how this affects overall risk of material misstatement. Individual pieces of evidence that, taken alone, are not sufficient may be sufficient when taken together. Conversely, evidence that is persuasive taken by itself may be less reliable if, for example, there is other evidence that the control environment is weak. Page 325

Effect of documentation of controls along the audit trail

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

The methods and procedures that the auditor uses for tests of controls depend on whether the control activities leave a documentary trail of their performance. If there is: no documentation of controls along the audit trail, tests of controls involve enquiries and observation of accounting personnel and routines to determine how control activities are performed and, especially, who performs them. For example, this approach is used to evaluate the control that cash is handled by someone who does not record cash transactions a documentary trail, tests of controls involve inspection of documents supporting a particular type of transaction to see whether a control procedure, such as approval or checking, was performed (by noting signatures or initials).

Relationship between tests of controls and financial report assertions As outlined earlier in this book (and diagrammatically in Figure 5.10 ), the auditor is required to identify and assess the risks of material misstatement at the financial report level and at the assertion level for classes of transactions and events, account balances and disclosures. When the auditor’s assessment of material misstatement at the assertion level includes an expectation that controls will be relied on and are operating effectively, the auditor performs tests of controls to obtain sufficient appropriate audit evidence that the controls were operating effectively (effectiveness) during the period of the audit (continuity) (ASA 330.8(a)/ISA 330.8(a)).

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

However, while most controls are capable of being related directly to assertions, some are not. As a general rule, controls that relate to the control environment element of a company’s internal control system relate less directly to specific financial report assertions. Also, many of the controls associated with the entity’s risk-assessment process will concern future strategic decisions and relate less to historical financial information. However, the other three elements of internal control—the information system, control activities and monitoring of controls—are usually built around major classes of transactions and events. Therefore, tests of controls for these areas can be more easily related to the category of assertions for the relevant classes of transactions or events.

Assertions and testing the control environment and the entity’s risk-assessment process

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

As discussed above, for many of the control environment elements and risk-assessment processes (discussed in Chapter 7 ) that are emphasised in organisations today (for example, an ethical approach by management), the auditor may find it difficult to relate these aspects of controls directly to financial report assertions. Evidence of a satisfactory control environment may include the observation that there is a code of ethics, and the fact that this code of ethics is followed may be evidenced by the impression that the control environment has an ‘ethical feel’ about it. While these controls are not necessarily aimed directly at particular account balances or transactions or related assertions, they are nonetheless important. As outlined in ASA 315.A124 (ISA 315.A124), ‘concerns about the integrity of the entity’s management may be so serious as to cause the auditor to conclude that the risk of management misrepresentation in the financial report is such that an audit cannot be conducted’. It may, of course, not be this serious, but a lack of integrity can cause the auditor to carefully consider whether reliance can be placed on any tests of controls and how management might misrepresent in the financial report (such as in areas requiring judgment). In these situations, because of concerns about the control environment and the risk-assessment processes, the auditor would have to evaluate these areas as having a higher risk of material misstatement and would therefore undertake a substantive approach to the audit in these areas. Page 326

Assertions and testing the information system, control activities and monitoring of controls As three of the elements of internal control—the information system, control activities and

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

monitoring of controls—are built around major flows of transactions and events, it is possible to relate most of the tests of controls for these elements to the assertions about classes of transactions and events and related disclosures. As outlined in ASA 315.A128 (ISA 315.A128), these assertions are as follows in Exhibit 8.1 :

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

EXHIBIT 8.1 (i) (ii) (iii) (iv) (v) (vi)

ASSERTIONS ABOUT CLASSES OF TRANSACTIONS AND EVENTS AND RELATED DISCLOSURES

Occurrence—transactions and events that have been recorded or disclosed have occurred and pertain to the entity Completeness—all transactions and events that should have been recorded have been recorded, and all related disclosures that should have been included in the financial report have been included Accuracy—amounts and other data relating to recorded transactions and events have been recorded appropriately, and related disclosures have been appropriately measured and described Cut-off—transactions and events have been recorded in the correct accounting period Classification—transactions and events have been recorded in the proper accounts Presentation—transactions and events are appropriately aggregated or disaggregated and clearly described, and related disclosures are relevant and understandable in the context of the applicable financial reporting framework.

Source: Extracted from Australian Auditing and Assurance Standards Board (AUASB) (2015) ASA 315 Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment.

In the following sections, we relate the tests of controls in these areas to the major transaction flows and events of most businesses, the buying of goods or services from

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

vendors or suppliers and the selling of goods or services to customers.

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

QUICK REVIEW 1. If the risk of material misstatement for an assertion at risk is reduced by internal controls that the auditor intends to rely on, then these controls need to be tested. The auditor performs tests of controls to obtain sufficient appropriate audit evidence that the controls were operating effectively (effectiveness) during the period of the audit (continuity). 2. Other factors affecting the sufficiency and appropriateness of audit evidence include: type and source of evidence interrelationships with other evidence. 3. The auditor’s tests of controls relating to the control environment and riskassessment processes are not necessarily aimed directly at related assertions. If tests of controls show that there is not a sound control environment, the auditor may question whether any reliance can be placed on any controls.

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

4. Auditors’ tests of controls concerning the information system, control activities and monitoring of controls will normally be related to evidence collection for specific assertions about classes of transactions and events, as a means of collecting sufficient appropriate evidence to reduce the risk of material misstatement to an acceptable level.

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

Page 327

Auditing controls of major activities The next two sections of this chapter explain tests of controls of the information system and control activities for the central activities of most businesses—buying and selling. Although some of the descriptive terms differ, most businesses are engaged in acquiring goods or services from vendors or suppliers and providing goods or services to customers.

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

These activities are usually characterised by high volume (many relatively small transactions) and are repetitive and recurrent in nature (transactions of a particular type are very similar and continuing). For these reasons, the audit approach in these areas often emphasises tests of controls. When tests of controls are not feasible or efficient, the scope of substantive tests of transactions or balances for the related account balance needs to be expanded.

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

LO 8.4 Revenues, receivables and receipts This section is primarily concerned with the controls relating to the sale of merchandise to customers on credit. The sales accounting system of such transactions is relatively unaffected by whether the merchandise is acquired from others (retailing or wholesale merchandising) or produced by converting raw materials to a finished product (manufacturing). Thus, this discussion applies to most manufacturing and retail entities. Some special considerations that apply to other industries or other types of revenuegenerating transactions are discussed briefly at the end of the section. One characteristic of this type of revenue accounting system is that the audit problems tend to be those related to high-volume clerical processing rather than to complex accounting principles. For example, revenue is typically recognised when merchandise is shipped, and recording of sales and receivables is routine and does not involve complicated issues of revenue recognition.

An overview of functions, documents, inputs and accounting systems A narrative of a typical credit sales cycle is outlined below, while a corresponding flowchart is shown in Figure 8.2 . An order entry function is the starting point in the credit sales cycle. In this function, orders are received, accepted and then translated into

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

shipping and billing instructions. Order entry may or may not be integrated with the accounting system. The original order may be a written purchase order mailed in by a customer, or be taken over the phone or through electronic lodgement by mechanisms such as the internet. The first document or input by the audit client is usually a sales order. At this point, a decision needs to be made concerning whether to accept the order. Specific approval of the credit department may be required; there may be a list of approved customers determined by the credit department; or credit limits may be established that are checked by order entry. The availability of the items ordered is also established by checking the inventory records for the level of inventory items currently on hand.

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

FIGURE 8.2 A typical credit sales flowchart

After an order has been accepted, a shipping order is sent to the shipping department (usually electronically) and a copy of the order is maintained in a pending file. The system generates an aged open order report. Usually this report is used as a record of backlog orders (orders not completed), and a routine review of it helps to prevent loss of orders. Physical inspection of shipments for a shipping document help to prevent unauthorised shipments. The shipping function is an operating department that sends merchandise to customers. When shipments are made, the shipping department completes a shipping notice. Completion of the shipping notice clears the open order file and initiates the process of invoicing the customer. If a common carrier is used for shipments, the shipping notice is a copy of the bill of lading (the contract with the carrier). Any source document that serves

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

the purpose of recording the event of shipment is normally referred to simply as a shipping document. The invoicing function is usually the first department involved in the sequence that Page 328 is part of the accounting department. The invoicing department is responsible for Page 329 ensuring that a sales invoice is sent to bill the customer. Usually, a sales invoice is a multi-part form, with the original being electronically sent to the customer and duplicates used to notify other departments within the business. Of primary concern to the auditor is the flow that creates the debit to accounts receivable. The individual sales invoices are one of the inputs to accounts receivable processing. Sales invoices are used to update the accounts receivable master file. The invoicing department also compares a total of bills prepared (a control total of sales invoices). This total is sent to the general ledger function to become the debit to the accounts receivable control account. The totals sent to the general ledger function should not go through the accounts receivable function. If this separation is maintained, a reconciliation of the control account with the total of the accounts receivable master file can be a key control in the auditor’s assessment of control risk. Cash collection is the next step in the cycle, and several functions may be involved. A flowchart of this part of the cycle is shown in Figure 8.3 . For most systems today there is a direct deposit (electronic transfer) function. For those few systems where cash Page 330 is not directly deposited by the customer to the bank account, the first step is opening mail and creating an initial record of the amount, usually in the form of a cheque, received. The person responsible for opening the mail creates a prelist of cash receipts, which is simply a list of the amounts received and from whom they were received, and this is usually used strictly for control purposes. Mail receipts are usually accompanied by a

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

remittance advice, which is often a tear-off portion of the sales invoice that is returned by the customer with their payment.

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

FIGURE 8.3 A typical cash collection flowchart

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

The remittance advices and the cheques are sent to the cashier function, where the cashier prepares the bank deposit slip. The remittance advices are sent to the accounts receivable function and become the input for posting to the accounts receivable subsidiary ledger. The total of remittance advices is sent to the general ledger function to update the accounts receivable control account in the general ledger. Accounting systems differ substantially in the summarisation steps that take place between the source document, such as a sales invoice or remittance advice, and the entries to the general ledger. Computer reports and files are generally titled as they were historically in manual systems—a sales journal for credit sales and a cash receipts journal for remittances. The systems usually produce some form of printed report or computerreadable file that includes all daily activity. That is, all the transactions entered that day are recorded and retained for back-up and recovery purposes. The auditor can generally use these daily activity reports or sales journals. However, in some systems only summary information is retained for more than a short time and advance arrangements must be made if more detail is required by the auditor.

Adjustments and cost of sales From a control standpoint, these adjustments are of concern because they are less routine than sales and collections and require the exercise of some discretion in deciding whether that adjustment should be allowed. The usual approach is to use a specialised source document—a credit memorandum or a debit memorandum—and to require the approval of responsible supervisors before processing. The other complication is the relationship between sales and cost of sales. Ideally, there should be a direct correlation between the items of merchandise recorded as sales and the

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

items recorded as cost of sales. In some accounting systems the recording of sales and cost of sales are simultaneous, and copies of the shipping document are used as notification both for billing the customer and for relieving the inventory of the quantity and cost of merchandise sold. Although this chapter will not discuss in detail the integration of the recording of cost of sales with the recording of sales, the correlation between sales and cost of sales should always exist.

Transactions in a revenue, receivables and receipts system

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

As can be identified from the above description, the accounting transactions recorded in a revenue, receivables and receipts accounting system are: credit sales to customers (recognition of revenue and recording of receivable owing) receivables from customers (recording that receivable owing has been paid and the amount received) adjustments for return of merchandise, allowances for defective merchandise and writeoffs or allowances for bad debts. In addition, the revenue, receivables and receipts cycle includes accounting estimates that are not exchange transactions but are more in the nature of allocations (and therefore part of the accuracy, valuation and allocation assertion) of recorded amounts among accounting periods that require the judgment of management. Invariably, an estimate is necessary of customer accounts that will become uncollectable (doubtful debts expense and provision for doubtful debts). In some cases liability under warranty arrangements needs to be estimated (warranty expense and provision for warranty expense). While, on the basis of materiality, sales returns and allowances are normally recorded in the Page 331 period in which they occur, if the auditor believes that such items are becoming material, an adjusting entry for expected returns and allowances should be suggested so that they are recorded in the period of sale. Control systems relating to routine transactions

(such as sales and recording of

debtors, and related payments by debtors) are usually very well controlled and well suited to tests of controls. As outlined earlier in this chapter, for highly automated processing systems with little or no manual intervention, and where substantive procedures alone do not provide sufficient appropriate evidence, the auditor should evaluate control risk as less than high, and undertake tests of controls (ASA 330.A24/ISA 330.A24). Control systems for non-routine transactions

, such as the return of goods or the estimates of the

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

doubtful debts provisions, are not usually as developed. Because these non-routine transactions involve managerial discretion rather than rules (and thus can be more easily manipulated) they will usually receive increased attention from the auditor, although this will more likely be of a substantive testing nature (as discussed in Chapter 9

).

Tests of controls for sales The exact nature and extent of tests of controls for sales are influenced by the specific control activities and by the auditor’s consideration of the most efficient audit strategy. The auditor may, on the basis of their understanding of the internal control system, decide that

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

it is more efficient to apply more extensive substantive tests. In that case, tests of controls for a particular class of transactions, such as sales, may be omitted or reduced. Substantive tests for related balances such as accounts receivable, and the relationship of those tests to tests of controls, will be discussed in Chapter 9

. An auditor who plans to assess control

risk as less than high for a particular transaction class needs to identify specific control procedures that provide a basis for the risk assessment, and perform tests of controls for those control activities.

Identifying specific control objectives and procedures Table 8.2

presents specific control objectives for sales transactions for the type of entity

described in the overview of functions, documents and accounting systems for the sales cycle. Because of the correlation between sales and cost of sales, it is important to separate the functions of shipping, invoicing and merchandise (inventory) storekeeping. It can be seen that the list of policies and procedures outlined in this table reflects the procedures outlined in Chapter 7

for determining the accuracy and reliability of transactions. For

example, the policies and procedures for authorisation and approval support the occurrence assertion related to transactions and events. The second control objective of all sales shipped being invoiced and properly recorded includes policies and procedures related to completeness. The third control objective, relating to invoices having been recorded correctly as to amount and period, includes policies and procedures related to accuracy.

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

Page 332

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

TABLE 8.2 Specific control

Common control

objectives and

policies and

assertions

procedures

Occurrence All sales recorded are bona fide transactions for merchandise actually shipped to customers

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

CONTROL POLICIES AND PROCEDURES AND TESTS OF CONTROLS FOR SALES TRANSACTIONS

Completeness All sales shipped have been invoiced and recorded in

Policy of authorisation of credit and terms Evidence of quantities shipped reconciled to quantities invoiced Monthly statements sent to customers and queries followed up Shipping documents and sales invoices pre-numbered and sequence accounted for

Tests of controls

Select a sample of sales transactions from sales journal (daily activity report), check for appropriate authorisation and trace to shipping document file Inspect reconciliation of shipments to invoices Observe that monthly statements are sent, and enquire about followup of queries

Review the evidence of control of accounting for numerical sequence of shipping documents and sales invoices, or test numerical sequence

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

accounting records

Accuracy All invoices have been recorded correctly as to amount, and summarised

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

correctly

Quantities shipped periodically reconciled to quantities invoiced, independently of shipping and invoicing departments Shipments checked for shipping documents

Inspect evidence of client’s reconciliations of shipments to invoices

Recomputation and comparison of details (quantity, price, terms) to supporting documents Monthly statements sent to customers Authorisation and independent follow-up of correspondence with customers

Select a sample of transactions from the sales journal (daily activity report) and review evidence that comparison with supporting documentation undertaken and that prices traced to approved list and extensions and footings recomputed

Approval of write-offs of uncollectable accounts Programmed controls in processing sales to identify unusual sales amounts Cut-off All invoices have been recorded in the correct period

Written procedures detailing the last sales (and related cost of sales) recorded before balance date, and first sale (and related cost of

Observe checking of shipments or inspect selected shipments

Review evidence of authorisation for sending of monthly statements Review evidence of follow-up of correspondence with customers Inspect indication of supervisory review and approval of summarisation and posting Inspect approval of write-offs of uncollectable amounts Test data techniques to test specific programmed controls

Observe or ascertain that written procedures followed and independent check carried out. (Because of the nature of this assertion, it is likely that the auditor will undertake substantive tests of transactions by selecting the last sales transactions before balance date and the first after balance date and ensuring they are

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

sales) of next period recorded in next period

recorded in the correct period, as outlined in Chapter 9 .)

Independent check that written procedures followed Classification All sales have been classified in

Appropriate account codings on sales documents

Review approval of and account codings for sales, including related-party sales

Supervisory approval of draft disclosures

Review approval of draft disclosures

accordance with written policies Presentation Sales are appropriately aggregated or disaggregated and clearly described, and related disclosures are relevant and understandable Page 333

Common control procedures to achieve these specific control objectives are also presented in Table 8.2

. Not all the listed procedures are necessary in every

circumstance to achieve the objective, and other control activities may also achieve the objective.

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

The auditor needs to consider whether the specific control and monitoring activities that the client has adopted provide reasonable assurance of achieving the objective. Reasonable assurance is influenced by the extent of supervision and by the auditor’s assessment of the control environment. For example, consider the objective that ‘all merchandise shipped is invoiced’ (completeness). In an entity with a strong control environment and good supervision of separate shipping and invoicing functions, an independent reconciliation of quantities shipped to quantities invoiced may be unnecessary for reasonable assurance of achieving the objective. However, some testing, be it a different control or a substantive

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

test, is necessary. In another entity, this independent reconciliation may be essential in order to obtain reasonable assurance.

What if the test of controls suggests that the control is not working? It may be that the auditor undertakes the tests of controls and finds that the necessary degree of reliance cannot be placed on the control to reduce the risk of material misstatement to an acceptable level. The auditor would then attempt to identify a compensating control that will reduce the risk of material misstatement. If there is no compensating control, the auditor will have to revise the audit program and undertake substantive procedures aimed at assessing the impact of this particular risk. For example, if it were found while testing the assertion of occurrence that the sales transactions were not appropriately authorised, the auditor may decide to extend substantive testing on the related account balance assertion at risk of material misstatement, that being the existence of debtors. This will be discussed in more detail in Chapter 9

.

Tests of controls for cash receipts The specific control objectives for cash receipts and examples of common control policies and procedures and tests of controls are summarised in Table 8.3

. In general, the

concepts discussed for sales transactions—identifying control policies and procedures that achieve specific control objectives and selecting audit procedures for tests of controls and substantive tests—also apply to cash receipts transactions. This discussion concentrates on matters that might be misunderstood without further explanation.

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

Page 334

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

TABLE 8.3

CONTROL POLICIES AND PROCEDURES AND TESTS OF CONTROLS FOR CASH RECEIPTS TRANSACTIONS Common control policies

Specific control objectives Occurrence Recorded cash receipts are for collection of receivables resulting from sales to customers of the entity

Completeness All cash receipts are recorded and

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

deposited

and procedures

Tests of controls

Direct deposits and other cash receipts matched to specific sales invoices in posting to accounts receivable master file (for verification that sale occurred, see Table 8.2 )

Select a sample of entries in cash receipts journal and review evidence that matched to specific sales invoices

All direct deposits are reconciled to sales invoices, and reconciliation authorised Opening of mail and prelisting of cash receipts independently of cashier, accounts receivable master file and general ledger

Inspect a sample of direct deposit reconciliations for appropriate authorisation Observe opening of mail and preparation of deposits

Policy of depositing cash receipts each day Comparison of deposit slips, prelists and posting from cash receipts journal (daily activity report)

Enquire about policy of depositing cash receipts each day Select a sample of remittance advices or items on prelist and trace to deposits on bank statement and recorded cash receipts

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

Accuracy Cash receipts have been recorded correctly as to amount

Prelist forms prenumbered and sequence accounted for

Review the prelist forms for evidence that numerical sequence accounted for

Cash handling (receipt and deposit) independent of accounting functions and authorised cheque signing Authorisation of remittance invoices for discounts

Observe that cash handling is independent of accounting (recording functions) Select a sample of remittance advices, ensure discounts are appropriately authorised, and trace to accounts receivable subsidiary ledger

Supervisory review and approval of posting to general ledger Monthly statements sent to customers All bank accounts are reconciled promptly with cash records and general ledger Review reconciling items and approve bank reconciliation Programmed controls to identify unusual cash receipts

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

Cut-off Cash receipts have been recorded in correct period

Review by person independent of banking to ensure all cash receipts for period recorded and associated sales recognised (cash sales) or debtors balance reduced (prior credit sales) Review cash receipts for next period to

Inspect posting for indication of supervisory review and approval Review evidence of authorisation for sending of monthly statements Inspect client bank reconciliations for evidence of approval and reperform one or a few reconciliations Test data techniques to evaluate programmed controls Because of the nature of this assertion, it is likely that auditor will undertake substantive tests of transactions, by selecting the last cash receipt transactions before balance date, and the first after balance date, and ensuring they are

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

Classification Cash receipts are classified in accordance with company policy Presentation Cash receipts are appropriately aggregated or

ensure not included in current period

recorded in the correct period (see Chapter 9 ).

Independent check that cash receipts are classified correctly (especially important for statement of cash flows)

Examine evidence that independent check of cash receipt classification carried out

Supervisory review and approval (especially important for statement of cash flows)

Review approval of aggregation and disaggregation and draft disclosures

disaggregated and clearly described, and related disclosures are relevant and understandable Notice that some control activities for sales transactions, such as sending monthly statements to customers, contribute to the achievement of specific control objectives for cash receipts. Tests of these control activities are performed either in testing sales transactions or in testing cash receipts; they are not duplicated. Page 335

Potential misstatements Generally, the types of misstatements that may occur in an accounting system are classified as one of: clerical mistakes (omissions, misclassifications or miscalculations)

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

employee fraud misapplication of accounting policies.

Clerical mistakes At each step in processing it is possible for transactions to be lost or for unauthorised or duplicate transactions to be inadvertently added. If computations, such as extensions or summarisations, are made in processing, they can be done incorrectly.

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

Employee fraud Many clerical mistakes can be made intentionally to conceal employee fraud. For employee fraud involving misappropriation of assets to occur, the employee must have access to cash or other assets that can be consumed or turned into cash. However, misappropriation of the asset is only part of the problem. If the misappropriation is to be concealed to avoid detection, the accounting records must be brought into agreement with the reduced level of assets associated with the fraud. Concealment may take place before or after the misappropriation, as long as it occurs before the accounting records are reconciled with the asset count. One of the difficulties of concealing misappropriation of assets in a double-entry accounting system is that credits achieve the concealment, but the problem is where to put the related debits. For example, if cash is misappropriated, a fraudulent credit entry to cash can be made to bring the cash account into agreement with cash in the bank. However, the debit half of the fraudulent entry needs to be concealed in the

Page 336

accounting records. Accounts receivable is a possible storehouse for concealing debits because it has a normal debit balance and often there are many individual customer accounts. This is one of the reasons that audit procedures and control activities emphasise ensuring the existence of recorded accounts receivable. One type of employee fraud associated with accounts receivable is called lapping

. An

employee misappropriates cash received from a customer and covers the shortage shortly afterwards by using receipts from another customer. Continued concealment requires continually delaying the recording of credits to different customers’ accounts so that the receipts may be credited to accounts affected by the initial misappropriation. To perpetrate this fraud, an employee must have access to cash receipts and be able to make entries to the accounting records for both cash and accounts receivable.

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

Misapplication of accounting policies As mentioned previously, when sale, delivery and collection occur within a relatively short period, complex revenue recognition issues do not arise. However, when an extended period is required for sale (for example, in real estate), delivery (for example, in construction contracting) or collection (for example, in instalment sales), the accounting policies for revenue recognition are more often misapplied.

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

Sales and accounts receivable involve accounting estimates which create a risk of misstatement. Accounts receivable should be stated at net realisable value. Failure to identify promptly and provide an adequate allowance for uncollectible accounts may arise from extending credit without control, poorly controlled billing practices or insufficient management monitoring of the ageing and collection follow-up. Even if these areas are well controlled, unanticipated changes in economic conditions or customer mix may cause a misstatement of the doubtful debts expense and allowance. Other accounting estimates that may be misstated for similar reasons include unissued credits for sales returns and allowances for warranty expenses. A management motivated to inflate net profit may engage in fraudulent financial reporting (as discussed in more detail in Chapter 6

) in the revenue, receivables and receipts cycle

by recording fictitious sales transactions or by deliberately misapplying the revenue recognition test with the intention to deceive. The risk of fraud in revenue recognition is singled out in ASA 240.26 (ISA 240.26) as a risk to which the auditor must pay attention. The auditor starts with the presumption that there is a risk of fraud in revenue recognition and considers which types of revenue, revenue transactions and related assertions give rise to such risks. Auditing in the global news 8.1

provides an example of a recent practice

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

used to overstate revenue.

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

8.1 Auditing in the global news ... Tests of controls for ‘channel-stuffing’ fraud An approach that has been used recently by management to overstate revenue, and therefore profits, is the recording of revenue for a financial year in which goods have been shipped to a distributor/retailer before year end, even though the distributor/retailer has right of return of all products and does not have to pay for them until the goods have been sold onwards to a third party (a practice also known as ‘channel stuffing’). For example, on 5 July 2011, Bloomberg published an article revealing that General Motors (GM) was falling into ‘old, bad habits’ by ‘channel stuffing’, a practice whereby excess inventory was ‘sold’ to dealerships so that the manufacturer, in this case, GM, could record those sales on its books, creating the false appearance of revenues, even while those vehicles remained unsold on dealer lots. As highlighted by PwC (2016), there are currently more of these issues coming to light. And it is always worth bearing in mind that these issues, when they come to light, can have a big impact on the

Page 337

reputation of a business and life-changing consequences for employees. If such revenue is permitted to be recognised, this means that accounting numbers can be manipulated to whatever management wants simply by placing whatever quantity of inventory it chooses with a distributor/retailer before year end. This situation highlights the importance of stopping such practices.

However, for management fraud involving the intentional misapplication of accounting policies, it is unlikely that the auditor will be able to reduce the risk of material misstatement to an acceptable level by the use of tests of controls, as control systems are not normally designed for this type of misstatement. Thus, the auditor will have to Copyright © 2018. McGraw-Hill Australia. All rights reserved.

undertake substantive procedures for such situations. This will be discussed further in Chapter 9

.

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

QUICK REVIEW 1. The revenue, receivables and receipts section is usually characterised by a large volume of repetitive transactions that are subject to a number of controls. For this reason the audit approach often emphasises tests of controls to provide the evidence to support the assessment of control risk as less than high. 2. The auditing standards require tests of controls in cases of large volume and repetitive transactions and associated automated controls, as substantive procedures alone do not provide sufficient appropriate evidence. In such cases control risk for revenue, receivables and cash receipts is assessed as less than high and tests of controls are undertaken. 3. The auditor undertakes tests of controls for revenue, receivables and cash receipts as part of a coordinated audit approach to reduce the risk of material misstatement in the following assertions: Occurrence—all revenues, receivables and cash receipts that have been recorded have occurred and pertain to the entity Completeness—all revenues, receivables and cash receipts that should have been recorded have been recorded Accuracy—amounts and other data relating to revenue, receivables and cash receipts have been recorded appropriately Cut-off—revenues, receivables and cash receipts have been recorded in the correct accounting period Classification—revenues, receivables and cash receipts have been recorded in the proper accounts Presentation—revenues, receivables and receipts have been appropriately aggregated or disaggregated, and related disclosures are relevant and understandable.

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

4. The common evidence-gathering procedures for tests of controls can be categorised as: enquiry and observation of segregation of duties and restricted access to assets inspection of evidence that control activities are undertaken re-performance of routines to test not only existence of controls but also effectiveness of controls inspection of a sample of shipping documents and sales transactions.

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

LO 8.5 Expenditures, payables and disbursements Conceptually, the expenditures cycle includes all exchange transactions in which assets or services used in operating the business are acquired for cash or on credit. However, because of the diversity of the ‘buying’ activities of most entities, auditors often organise the audit approach by transaction type (for example, purchases from trade creditors, other purchases, payroll) within the expenditures transaction class. This is one of several differences from the sales cycle, and is discussed in more detail below. Page 338

Differences from the sales cycle The differences between the normal audit approach to the expenditures cycle and the approach to the sales cycle are influenced by differences between the transaction types within each cycle and matters related to audit efficiency.

Focus on type of transaction The acquisition of assets and services, and the payments for them, encompass many types of transactions. For example, auditors often distinguish the following categories: payroll costs, including salaries, wages and related benefits property and equipment purchase of goods and services for inventory (production or merchandising) company-related taxes selling and administrative expenses

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

miscellaneous expenses paid from petty cash. Control risk assessments for specific control activities are made separately for each type of transaction. The central focus of the discussion of the expenditures cycle in this chapter will be on purchases of goods and services for inventory. The acquisition and payment of selling and administrative expenses are similar to purchases of goods and services for inventory, and the minor variations in controls and audit tests for these expenditure transactions will be explained later in this section. Payroll is largely a stand-alone accounting application, and some of the basic features of controls tests for payroll will also be explained later in this section, along with controls tests for petty cash disbursements (an inconsequential area in most audits).

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

The acquisition of property and equipment and payments for company-related taxes will be discussed in Chapter 9 , because a substantive audit approach aimed at verifying the related account balances is normally used for these items.

Concurrent testing of disbursements and acquisitions Primarily for reasons of audit efficiency, the normal audit approach is to test concurrently the items acquired and the related cash disbursement. For example, the auditor selects a sample of cash disbursements and applies audit procedures to the documents also supporting the acquisition of the goods or services. In contrast, the audit tests in the sales cycle are normally applied separately to sales and cash receipts.

Increased concern with classification of debits Another distinguishing feature of transactions in the expenditures cycle compared to the sales cycle is the significantly greater number of account balances. For example, administrative expenses include office supplies, rent, legal and audit fees, property taxes and insurance. Selling expenses include advertising, commissions, travel and entertainment and freight out. For a manufacturing entity, purchases of goods or services for inventory include raw materials purchases and overhead expenses, such as supplies, electricity, repairs and maintenance and freight in.

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

The greater number of account balances causes an increased concern with the classification assertion of the debit when a liability is incurred or a cash disbursement made. The auditor is concerned with proper classification in testing sales transactions also, but the relative risk of misclassification is much greater for the expenditures cycle. Sales accounting systems are generally designed to process credit sales to customers. The risk of another type of transaction, such as disposition of manufacturing equipment or marketable securities, being recorded as a sale in the ordinary course of business is usually relatively low. In contrast, the account classification of an expenditure is far more susceptible to error.

Differences between accounts payable and accounts receivable In the sales cycle, the statement of financial position account of primary concern is accounts receivable. In the expenditures cycle it is accounts payable. Except for

Page 339

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

the obvious point that one is an asset and the other a liability, these account balances are in some respects similar. Accounts receivable represents uncollected sales invoices; accounts payable represents unpaid suppliers’ invoices. However, important differences between the perspective of the client’s management and that of the auditor have auditing implications. Generally, processing of accounts payable is influenced more by cash management concerns than is processing of accounts receivable. An entity can only encourage prompt collections from its customers but, within limits, it can control precisely the timing of disbursements. Often, the system for processing accounts payable is designed primarily to facilitate the timing of the payment of individual supplier invoices on the most advantageous basis, such as realising discounts, and there is less concern with the accuracy and completeness of recording the obligation to each supplier or in total. From the auditor’s perspective, the primary difference from accounts receivable is the focus on detecting understatement of accounts payable. The risk of material misstatement for accounts payable is one of understatement because of the improvement in financial performance and position that can be achieved by understating or omitting liabilities and the associated expenses. For example, consider that electricity expenses incurred during the year are not accrued. Financial performance and position will be improved by the failure to recognise the electricity expense and the related accrued liability.

Functions, documents, inputs and accounting systems This section explains the functions, documents, inputs and accounting systems for purchases of inventory items. In a manufacturing entity this includes raw materials and

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

overhead expenses. In a merchandising entity it includes goods acquired for resale and related acquisition costs.

An overview of functions, documents, inputs and accounting systems A narrative of a purchases and cash payments system is included below, while a corresponding flowchart is shown in Figure 8.4 . A purchase requisition is the starting point for this category of transactions in the expenditure cycle. It is a formal request from an operating department for raw materials or merchandise, or goods or services used in

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

production. For example, automatic reorder points may be established for various inventory

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

items that trigger a computerised request.

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

FIGURE 8.4 Typical purchases and cash payments flowchart (voucher system)

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

The purchase requisition is sent to the purchasing department. As far as possible, it is desirable for the acquisition of goods and services to be handled by a centralised purchasing function. This permits centralised review of requisitions for compliance with established policy and sound practices such as obtaining competitive bids. The purchasing department prepares a purchase order and sends it to the supplier of the goods or services. The order is processed through the supplier’s accounting system and, upon their accepting the order, the goods are shipped or the service provided and an invoice sent. The purchased goods received are accepted by a receiving department. The receiving department inspects and counts the goods before determining whether to accept them. To evaluate whether the goods conform to the specifications of the order, the receiving department is sent a copy of the purchase order. The receiving department prepares a receiving report and forwards notification copies to the purchasing department and the accounting department. The accepting of the goods is a very important stage because at this point the entity incurs a liability for payment. Within the accounting department, the accounts payable function receives suppliers’ invoices. Services, such as electricity or insurance, are received directly by operating departments rather than through the receiving department. The usual approach is to send invoices for such services to supervisors in operating departments or to company officers, who approve the invoices and acknowledge receipt of the service. They are one of the inputs that enable the processing of accounts payable. Suppliers’ invoices are used

Page 340

to update the accounts payable master file. The system records and summarises the day’s invoices in a purchases journal, which is a daily activity report. To help ensure that disbursements are made only for goods or services that are authorised and received, a specialised source document designed for control purposes is often used. This source document, called a voucher, is simply a folder for collecting the source documents that support disbursements. A type of expenditures accounting system, Copyright © 2018. McGraw-Hill Australia. All rights reserved.

explained below, is called a voucher system. However, vouchers may be used in several types of expenditures accounting systems. The account distribution (classification of debits) is normally indicated on the voucher. The cash disbursements function assembles the required supporting documents

Page 341

needed for cash payments (suppliers’ invoices, receiving reports and purchase orders). This is called ‘putting together the voucher package’.

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

Most entities take all reasonable precautions possible to prevent unauthorised disbursements. Today, payments are normally made by direct (electronic) payment to approved suppliers. For those organisations or systems where payments are made by cheque it is important to use pre-numbered cheques, to protect unissued cheques and to account for the numerical sequence of issued and unissued cheques. This includes defacing and retaining voided cheques.  Segregation of duties is also extremely important. In this respect, a distinction should be made between those preparing the supporting documentation and those approving the cheques or direct payments. Personnel responsible for preparing the supporting documentation should not be in a position to initiate purchase requisitions or other requests for disbursement, or to prepare receiving reports. Individuals with authority to approve payments should be separated from the accounting function of recording accounts payable and the general ledger. Usually a manager or another responsible supervisor is responsible for approving payments. Those approving payments should have evidence at the time of approval that disbursement is appropriate. They should review the supporting documents (supplier’s invoice, receiving report and purchase order), inspect indication of prior checking and assembly of supporting documents and indicate supervisory approval. Supporting documents should be cancelled so they cannot be re-used to support another disbursement. Often, the cheque number or reference number for a direct debit is written on the supporting documents for this purpose. The information required for the direct payments or individual cheques is generally the basis for recording in the cash payments or cash disbursements journal. The details from the cash payments journal are used to update the accounts payable master file and totals are posted to the general ledger accounts (accounts payable control and cash). A daily activity report of cash payments is usually generated as part of the updating of the accounts payable master file.

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

Voucher systems and other variations A voucher system

is designed to improve control over disbursements by establishing a

sequential pre-numbered record of suppliers’ invoices and to improve efficiency by eliminating inessential record keeping and facilitating timing of payments. A voucher number needs to be issued, as the supplier’s invoices are pre-numbered for the supplier’s system, and the sequence of suppliers’ invoices cannot be accounted for by the purchaser. It is difficult to obtain control over some suppliers’ invoices because there are no authorising documents associated with the service. For example, there is no receiving report for

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

electricity accounts. On receipt of such invoices these are either approved by an appropriate authority in accounts payable, or if related to a particular operating department sent to that department for approval.  The record-keeping sequence is as follows. All suppliers’ invoices are assigned to a prenumbered source document—a voucher—on receipt. The voucher is input into a voucher register file and sorted by due date. Vouchers are approved for payment on the basis of supporting documents (supplier’s invoice, receiving report, purchase order) collected in the voucher package. When payments are made, the voucher register is updated to indicate payment. Paid vouchers are marked and stored in a paid voucher file by voucher number. When posting to the general ledger, the distribution of the debits to expense and asset accounts is originally recorded in the voucher register and often also on the voucher. In summary form, the entry is as follows:

Dr (Expense or asset accounts)

$ (Total)

    Cr Cash

    $ (Paid vouchers)

    Cr Accounts payable

    $ (Unpaid vouchers)

Notice that the determination of the accounts payable liability is based on the preparation of a schedule of unpaid vouchers. There is not necessarily an accounts payable master file which records balances owed to each supplier. This can make it difficult to Page 342 reconcile suppliers’ statements (monthly statements mailed to customers by suppliers, showing the balance owed) with the entity’s records.

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

Adjustments and inventory The processing of accounts payable has additional complicating factors that are similar to those for the processing of accounts receivable. In addition to the credits to accounts payable for purchases and the debits for cash disbursements, there are adjustments for such things as returns to suppliers of goods that do not meet purchase order specifications. Controls and processing for those adjustments are similar to those for sales accounting. Pre-numbered debit memoranda are used and supervisory approval is required before processing. Also, memoranda issued can be matched with shipping reports for goods returned and the corresponding credit memoranda (credit notes) received from suppliers.

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

In an expenditures system, the receiving reports for raw materials or merchandise are the input for updating inventory records. Perpetual inventory records are a running total of inventory items on hand, and they may be maintained in quantities only or in both quantities and dollars. Perpetual records in dollars are integrated with sales accounting systems. However, personnel responsible for inventory storekeeping should be separated from purchasing, receiving and accounting. Audit considerations for inventory will be further discussed in Chapter 9

.

Tests of controls for purchases of inventory Conceptually, the approach to tests of controls for purchases of goods or services for inventory is similar to that for testing controls in the sales system. The auditor needs to consider whether the specific control and monitoring activities that the client follows provide reasonable assurance of achieving the specific control objectives. If the control being tested by the auditor does not provide the required level of assurance, the auditor will determine whether there are other controls which achieve the specific control objective that are worth testing, or whether they have to extend their planned level of substantive testing in assessing this particular risk of misstatement. The specific control objectives for purchases of goods or services for inventory and examples of common control activities and tests of controls are summarised in Table 8.4

. The arrangement and approach to listing audit procedures is, as explained

earlier, referred to as an audit program. The auditor needs to eliminate duplications and reorder the procedures into a logical and efficient sequence. Again it can be seen from Table 8.4 that assertions are used to link the risk of misstatements (the risk is reduced if control policies and procedures are effective) to evidence-gathering procedures (in this

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

case tests of controls).

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

CONTROL POLICIES AND PROCEDURES AND AUDIT TABLE 8.4

TESTS FOR PURCHASES OF INVENTORY TRANSACTIONS

Specific control objectives Occurrence All recorded purchases are bona fide transactions, in that they relate to goods or services authorised or

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

received

Completeness All purchases of inventory for the period are recorded

Common control policies and procedures

Tests of controls

Approval of purchase order Goods received are counted, inspected and compared to purchase order before acceptance Services received are acknowledged in writing Comparison of purchase order, receiving report and supplier’s invoice before recording liability

Examine evidence of approved purchase and service orders Select a sample of order entries in purchases journal, trace back to vouchers and inspect supporting documentation, including receiving report, ensuring agreement of details, indication of approval

Suppliers’ invoices are numbered using an invoice register or prenumbered vouchers and the sequence accounted for Suppliers’ invoices are matched to receiving reports and unmatched items investigated

Review the evidence of the accounting for numerical sequence of invoices Review reports of unmatched items for evidence of investigation and enquire about disposition Review the accounting for numerical sequence of receiving reports

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

Receiving reports are pre-numbered and the sequence accounted for Accuracy Purchases of inventory are recorded correctly as to amount and summarised correctly Cut-off Purchase invoices have been recorded in the correct period

Classification Purchases are classified in accordance with classification policies

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

Presentation Purchases are appropriately

Established procedures for review of purchase amount and verification to supporting documentation Programmed controls (e.g. reasonableness check) to identify any unusual purchase transactions

For the sample of vouchers selected, examine for evidence that review of purchase amount and verification to supporting documentation undertaken Test data techniques to verify that programmed controls are working

Review by person independent of purchasing to ensure all purchases for period (and related cash payments/creditors) included, and purchases for next accounting period not included

Because of the nature of this assertion, it is likely that auditors will undertake substantive tests of transactions, selecting the last purchase transaction before balance date, and the first after balance date, and ensuring they are recorded in the correct period (see Chapter 9 ).

Procedures to ensure appropriate account coding on purchases documents Separate accounts in chart of accounts for purchases from related parties, and possibly additional authorisation for related-party transactions

Check that procedure aimed at establishing appropriate account and appropriate authorisation for related-party transactions undertaken

Supervisory review and approval

Review approval of aggregation and disaggregation and draft disclosures

aggregated or disaggregated and clearly described, and related disclosures are

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

relevant and understandable Page 343

Tests of controls for cash disbursements The specific control objectives for cash disbursements and examples of common control policies and procedures and related tests of controls are summarised in Table 8.5

. For

tests that involve inspection of documents, audit sampling is used. The appropriate sample size of the number of documents to inspect can be determined in accordance with the procedures outlined in Chapter 10

. Page 344

TABLE 8.5

CONTROL POLICIES AND PROCEDURES AND AUDIT TESTS FOR CASH DISBURSEMENTS TRANSACTIONS Common control policies

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

Specific control objectives Occurrence Recorded cash disbursements are for goods or services authorised and received (for verification that

and procedures

Tests of controls

Electronic funds transfers authorised or cheques signed only after viewing supporting documentation and prior approval Supporting documentation cancelled with

Select a sample of cash disbursement transactions from cash payments journal and inspect supporting documentation for indication of checking, review and approval

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

purchase occurred, see Table 8.4

)

reference to electronic funds transfer details or cheque number  Signed cheques mailed directly to payees

For the sample of cash disbursement transactions, inspect supporting documents for appropriate cancellation Observe and enquire about cheque signing and mailing

Completeness All cash disbursements are recorded

Voucher packets and cheques pre-numbered and sequences accounted for Unissued cheques protected and the sequence accounted for Electronic payments and presented cheques listed on bank statement compared to cash payment records (the above control activities are usually done as part of the bank reconciliation)

Accuracy Cash disbursements are recorded correctly as to

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

amount

Summarisation and posting of cash disbursement records reviewed and approved Programmed controls (e.g. reasonableness check) to identify any unusual cash disbursement transactions

Review evidence that sequence check of voucher packets and cheques is properly undertaken Observe and enquire about cheque signing, including protective measures for unissued cheques and cheque-signing devices Observe and enquire about preparation of bank reconciliation and re-perform one or a few For the sample of cash disbursements transactions selected to test occurrence assertion, compare amount, payee and date with cash payment record and identify approval and review of summarisation and posting carried out Test data techniques to verify that programmed controls are working

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

Cut-off Cash disbursements are recorded in correct period

Classification Cash disbursements are recorded correctly as to

Bank transfers and cheques written are independently reviewed for recording in correct period

Because of the nature of this assertion, it is likely that auditors will undertake substantive tests of transactions, selecting the last cheques issued before balance date and first cheque issued after balance date, and ensuring they were recorded in the correct period. They will carefully review all bank transfers around balance date to ensure they are recorded in the correct period (see Chapter 9 ).

Cheque signatory and authorised expense classification reviewed

Review sample of cash disbursement transactions for evidence of authorisation of expense classification

Supervisory review and approval (especially important for statement of cash flows)

Review approval of aggregation and disaggregation and draft disclosures

account

Presentation Cash disbursements are appropriately aggregated or disaggregated and clearly described, and related disclosures are relevant and Copyright © 2018. McGraw-Hill Australia. All rights reserved.

understandable Page 345

Potential misstatements Auditors should be aware of the following types of irregularities that may occur in the expenditures cycle:

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

Classic disbursements fraud The classic pattern for employee fraud in the disbursements area involves the preparation of fraudulent supporting documents that are used to obtain an authorised payment. Because this fraud requires careful planning, the deception is often elaborate. Some frauds of this type have included the opening of post office boxes and bank accounts in the names of fictitious entities. Clever frauds may be difficult for internal auditors or independent auditors to detect as long as the perpetrator is not too greedy. Appropriate procedures for approving suppliers with whom the entity will transact, and checking that transactions are only with approved suppliers, becomes an important control. If the discrepancy between goods or services received and goods or services paid for becomes too great, audit tests are more likely to discover the fraud. This type of fraud is one of the reasons that auditors commonly investigate unusual or unfamiliar names of suppliers. Kickbacks Personnel responsible for purchasing may enter into arrangements with suppliers to receive kickbacks on goods or services purchased from them. Since collusion is involved, it could be argued that auditors have little chance of detecting kickbacks. However, when competitive bidding practices are not followed, many auditors compare unit prices on items of the same type acquired from different suppliers in order to consider the possibility of a kickback scheme. Illegal acts The auditor’s responsibility with respect to illegal acts was explained in Chapter 6 . Questionable transactions that may indicate bribery or other illegal payments are most likely to come to the auditor’s attention in the examination of disbursement transactions. The most likely transaction type is selling or administrative expense. For example, a sales commission may be a bribe to obtain business. As explained in Chapter 6 , the auditor does not undertake audit procedures specifically to detect illegal acts, but remains aware of the possibility of such acts.

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

Unauthorised executive perks The personal use of business assets is inappropriate unless the use is authorised and appropriately considered as part of executive compensation. For public companies, the Australian Securities Exchange requires disclosure of management remuneration. For private companies and other entities, the auditor may still be concerned with such practices because they affect the tax return preparation responsibilities and liability for fringe benefits tax. Kiting The term ‘kiting’ is used to describe the practice of inflating the cash balance by using the fact that cash which is recorded as a deposit on one day may not be considered withdrawn from the bank account in which it was being held until the next banking day. Cash is transferred from one bank account to another and the cash receipt (deposit) is recorded in the period under audit, but the disbursement Page 346 (withdrawal) is not recorded until the following period. During this period, the money being transferred appears to be in both bank balances. This device may be used by an employee to conceal a cash shortage or, especially around balance date, by management to improve the entity’s apparent financial position. The auditor should be especially aware of large deposits into a bank account on the final day of the financial year, which may not show up as a withdrawal from the associated bank account until the first day of the next financial year.

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

QUICK REVIEW 1. The expenditures, payables and disbursements section is usually characterised by well-controlled systems processing a large volume of similar transactions. For these reasons the audit approach often includes tests of controls. 2. From the auditor’s perspective, the primary difference between accounts receivable (and associated cash receipts) and accounts payable (and associated cash payments) is generally that the auditor is more concerned with detecting overstatement of accounts receivable and understatement of accounts payable. 3. As completeness of accounts payable and cash payments is a concern, a voucher system is commonly implemented to establish a sequential prenumbered record in order to capture all payments and payables.

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

4. The numerical sequencing and accounting for receiving reports are also an important control for completeness, because on acceptance of the goods a liability is established for the entity. 5. Assertions are used to link the identified risks of misstatements (which are reduced if control policies and procedures identified as being in existence are effective and continuous) to tests of controls, which provide the auditor with the evidence on their effectiveness and continuity.

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

LO 8.6 Tests of controls for other types of expenditure transactions, including contractual transactions The following discussion explains the primary variations in the nature of control policies and procedures and tests of controls for some other types of expenditure transactions.

Selling and administrative expenses The processing and related control policies and procedures for selling and administrative expenses are similar to those for purchases for inventory. The primary difference is a greater emphasis on budgetary control of selling and administrative expenses. Review and approval of budgets and obtaining satisfactory explanation of variances are important. For some expenses, such as travel and entertainment, a well-defined expense reimbursement policy is important. The auditor needs to understand the business purpose of selling and administrative expense transactions examined, and should review supporting documentation, such as expense reports, for appropriate approval.

Petty cash disbursements The expenses paid out of petty cash are usually so insignificant (immaterial) to the business as a whole that the auditor applies no tests. However, the primary control activity is an imprest fund . The total of cash on hand and the documentation of expenses paid out of the fund should always equal a pre-established control total. When the fund is reimbursed, someone other than the custodian counts the cash and documents. If audit procedures are applied, the auditor counts the fund in the custodian’s presence and Page 347 examines the supporting documents for disbursements out of the fund for propriety and reasonableness.

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

Payroll Effective substantive analytical procedures are often possible for payroll, due to the fact that periodic payrolls (weekly, fortnightly or monthly) can be compared and analysed for explanation of fluctuations. In undertaking such comparisons the auditor establishes an appropriate base payroll to which other payrolls are compared. This may be achieved by undertaking tests of controls. Important control activities for payroll include segregation of the following duties:

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

approval of hiring and firing and determination of pay rates (by personnel department or senior management) approval of time worked (supervisor) payroll preparation and distribution. Instead of maintaining a separate large payroll department, many organisations engage a service entity to perform their payroll function. The audit implications arising from the use of such a service entity are contained in ASA 402 (ISA 402) Audit Considerations Relating to an Entity Using a Service Organisation, and were discussed in Chapter 7 . The primary misstatements that may occur are a padded payroll (fictitious employees), and overpayment for work performed. Generally, employees can be relied on to detect and report errors of understatement. Audit procedures for payrolls are similar to those for other expenditures, but the terms for source documents differ. For example, time sheets are used instead of vendors’ invoices. The auditor is concerned with assessing the accuracy of pay rates and occurrence of time worked. The personnel department should be separated from other payroll-related functions, and payroll data such as approved rates of pay can be compared to records maintained by the personnel department. As payroll is subject to enterprise and industrial agreements and various state and federal awards, approved rates used can be verified and examined for reasonableness by the auditor. These contracts and agreements often specify the kinds of services to be performed by the employee and the compensation to be paid, as well as the pay period. The compensation may be in the form of set payments each payday; it may, in addition, include bonuses at year end and contributions towards superannuation. Generally, all of these specifications are spelt out in the award or contract, which should be known by the auditor.

Tests of controls for payroll Copyright © 2018. McGraw-Hill Australia. All rights reserved.

If the auditor finds that tests of controls are necessary, the following may be undertaken. The main controls for which the auditor is seeking evidence are that the employee is bona fide and pay rates approved (by the personnel department), and time worked is authorised (by supervisors). The documents to be examined relative to payroll are supporting documentation for new employees, time sheets for those employees who must use them, as well as personnel department records to establish wage or salary rates and to make sure that the employees’ names and rates correspond to those on the time sheets. The main sources of information are evidence of interview and the employment contract for new

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

employees, the applicable industrial awards for correctness of rates of pay, and the board of directors’ minutes authorising executive salary rates or bonuses and commissions. Under the provisions of the Australian taxation system, employees may claim the general exemption from tax on the first portion of their taxable income, and have any dependant or other rebates reflected in the tax instalments deducted from their earnings. To do this, they must lodge an income tax instalment declaration with their employer. If the auditor determines that there is a material risk of misstatement with regard to these deductions, these forms should be examined, as should employee authorisations for deductions such as health fund contributions, superannuation contributions and union fees. The auditor also usually recomputes the deductions, using the appropriate percentages or amounts and tracing to the appropriate ledger accounts. The total amounts of payroll and superannuation payments are also traced through the journals to the appropriate ledger accounts. Page 348

Interest expense The audit of interest is generally easy. The auditor identifies the contract, the interest rate and the period of time that the particular instrument has been outstanding during the fiscal period under audit, and determines the total interest expense. A comparison is then made with the entries, both payment and accrual, made by the client, and any discrepancy is reconciled. Thus, interest is almost totally determined by the contract under which the transaction exists. The controls with which the auditor is most concerned relate to evidence of authorisation of any contractual obligations and evidence of the checking of mathematical accuracy in accordance with the terms of the loan.

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

Rent, lease and insurance payments Lease transactions are becoming common, and an auditor will find such transactions in the audit of almost every client. Many businesses also rent some kind of property or asset, even if it is not leased, and most carry insurance against fire, theft and loss of profits. The details of these transactions are set out in contracts: rental agreements, lease agreements and insurance contracts. The auditor’s primary concern with lease contracts is to determine that the entity is in fact receiving the services for which it is paying, and that these services are being used in the manner that was intended under the contract. The auditor is also interested in whether the client is performing all the tasks required under the contract, for example, keeping the item in good repair. Finally, the auditor is concerned that the

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

accounting treatment for leases is in accordance with AASB 117 (IAS 17) Leases. Again, the auditor is most concerned with obtaining evidence that the controls of authorisation and checking of mathematical accuracy in accordance with the term of the contract are working.

QUICK REVIEW 1. Procedures for the audit of selling and administrative expenses are similar to those for purchases for inventory, with the primary difference being the greater emphasis on budgetary control of selling and administrative expenses. The analytical procedure of comparing actual expenses with both budgeted and previous year’s expenses is an important audit procedure. 2. Petty cash disbursements are usually immaterial, so the auditor applies no direct tests. 3. Effective substantive analytical procedures are often possible for payroll. Tests of controls include segregation of duties, vouching to agreements and awards, recomputation and retracing data processing.

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

4. The audit of interest expense is relatively easy, being determined by the terms of the contract under which the transaction exists. 5. Rent, lease and insurance payments should also be made in accordance with a contract. The auditor examines the contract, recomputes the rates specified and retraces the data processing to the supporting documentation.

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

LO 8.7 Testing controls in client computer programs As explained in Chapter 7 , client application programs include programmed accounting procedures for calculating and summarising data, and programmed control and monitoring activities for providing reasonable assurance that data are authorised, valid, complete and accurate. If the auditor tests the client’s programs, both aspects are usually tested. Auditing through the computer techniques are predominantly tests of controls and will be used where control risk is less than high and the auditor wishes to place reliance on controls in the programs. The need for computer-assisted audit techniques that test controls is greater in complex systems with real-time processing. Auditing firms that have relatively large numbers of computer audit specialists also use such computerassisted techniques more frequently. As outlined by the International Auditing and

Page 349

Assurance Standards Board (IAASB) (2016), the auditing standards acknowledge the use of technology by the auditor in executing the audit, through use of computer-assisted audit techniques (CAATs). The IAASB also recognised that CAATs are evolving significantly with the advent of advanced data analytics. This section first explains some of the more common CAATs for testing controls contained in client programs. One of the major categories of CAATs is test data techniques, which covers the concepts of both test data and the integrated test facility. It also mentions some of the uses of advanced data analytics for tests of controls.

Test data

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

The test data approach is explained first not because it is the most widely used, but because it demonstrates what the auditor is trying to accomplish by testing client programs. When using this approach, the auditor prepares simulated transaction data. These test transactions include both correct data to test processing and incorrect data to test control activities in the client’s application program. The auditor has expectations as to what the processing results should be and compares them to the results produced when the test data are processed by the client’s application program (see Figure 8.5

).

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

FIGURE 8.5 Processing of test data

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

The auditor needs to ensure that the program tested is the production program used in actual processing, and that the same program was used throughout the period covered by the control risk assessment. Generally, it is necessary to identify general controls (described in Chapter 7 ) and consider their effectiveness for that assurance. The test data approach may be used in a system with online entry capability if the auditor obtains client permission to use a terminal to enter transactions. In most circumstances the program is tested in a non-live environment (on a copy of the client’s files) to ensure that there is no risk of corrupting the client’s files. The use of test data is illustrated in Global example 8.3 . Page 350

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

GLOBAL EXAMPLE 8.3 Using test data The situation The auditor undertakes an evaluation of the client’s general control environment and concludes that it is strong. The auditor therefore plans to test specific application controls contained in the client’s payroll system that they have identified as potentially reliable, with the ability to significantly reduce the amount of substantive testing required. In particular they want to collect audit evidence on some of the limit and reasonableness tests that are contained in the program, which they believe are important in reducing the risk of material misstatement for the accuracy assertion of payroll expenses. One of these identified programmed controls that the auditor intends to rely on is the limit control that the number of payroll hours per employee per week cannot exceed 40. How will the auditor collect audit evidence that this control is working as they believe it to be working?

The auditor’s response To test this control, the auditor designs test transactions, such as employee A having payroll hours per week equalling 40 and employee B having payroll hours per week equalling 41. (The auditor tends to work around the parameters set in the program.) The expectation is that if the programmed control is working as the auditor believes, employee A’s transaction will be accepted and employee B’s transaction will be rejected and written to an error or suspense report. This will establish the effectiveness of the control. (The continuity of the control will be established by placing reliance on general controls that establish that the program being tested has been in

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

use for the entire period of intended reliance.)

Integrated test facility An integrated test facility (ITF)

is an adaptation of the test data approach. Dummy

records are included in the client’s files. For example, dummy customers might be included for an accounts receivable application. The auditor’s simulated transactions are processed with the production program against the live files during regular processing. This approach overcomes several of the drawbacks of the test data approach, but the auditor must still assess general controls for reasonable assurance that the program tested has not changed

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

during the period. It is essential to prevent dummy records from being summarised with live data when financial reports or other reports are prepared. A diagrammatic representation of the integrated test facility is shown in Figure 8.6

.

The method outlined for excluding the ITF transactions in this figure is to produce one report without the ITF data for the client, and one containing the ITF data for the auditor.

FIGURE 8.6 Integrated test facility for a payroll system

Both test data and ITFs, which use simulated data, are tests of controls only (they are not dual-purpose tests because they do not substantiate real transactions). The use of the integrated test facility is illustrated in Global example 8.4

.

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

Page 351

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

GLOBAL EXAMPLE 8.4 Using an integrated test facility Following on from Global example 8.3 , the auditor can test the programmed control of maximum weekly hours by including a dummy record (employee) in the payroll master file. They can then feed through test transactions designed to test this control at any stage during the year. Thus in a payroll file they may have a dummy employee working 41 hours in a week, and they would expect this dummy employee’s hours not to be processed, but to be written to a suspense report for follow-up. Using the integrated test facility, continuity of the control can be established by feeding through test transactions at different times during the year.

Processing client data Both the test data approach and the ITF use simulated transactions. Another group of techniques for testing client programs uses actual client data to test processing, and simulated data to test controls. These techniques are presented together below because of this similarity, but the auditor might use only one of the techniques for a particular computerised accounting application. The techniques are:

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

Controlled processing The auditor establishes control over client input and independently calculates key processing results, such as the ending balance of a control account. The auditor maintains control over the computer processing and output, and compares the computer output to the calculated results. Controlled reprocessing The auditor maintains control over the reprocessing of previously processed results, having tested the appropriate version of the program, and compares the computer output of the original processing and reprocessing. Parallel processing (parallel simulation) The auditor compares the results of the client’s processing with results obtained by using the client’s input and files and the auditor’s own program. The program used for this purpose may be custom-designed or generalised audit software (see the next section of this chapter). Generally, the auditor’s program calculates key processing results rather than duplicating all the client’s processing. The above techniques are generally more useful for testing the processing accuracy of the client’s programs than for testing programmed control activities.

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

Reviewing the client’s program code or the results of job processing Program code review

involves the auditor reviewing the client’s program

documentation and the source code. The auditor goes over the relevant code line by line and considers whether the processing steps and control activities are properly coded and logically correct. This approach is commonly used as a prelude to the use of test data, and is one of the main ways in which the auditor identifies key programmed controls that they may wish to test through the use of test data. Software that aids the review of the Page 352 relevant code includes programs that can be used to map or create flowcharts of systems. This will help the auditor to understand the logic flow of the program being evaluated. Review of job (batch) accounting data

involves the auditor reviewing the printed log

produced as jobs (batches of transactions) are processed, and considers any excessive processing time, error conditions or abnormal halts. (While this technique does not test the client’s program, it has similar objectives.) This helps the auditor to identify potential batches of transactions where something unusual has happened while they were being processed that has increased the risk of error or misstatement and on which they should therefore concentrate their audit attention.

Advanced data analytics It is recognised that advanced data analytic techniques, which can analyse complete data sets, can be used in both audit planning and in evidence-gathering procedures to identify and assess risk. These techniques have the ability to analyse complete populations of data in order to identify patterns, correlations, and deviations from expected results. These

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

methods can give auditors new insights about the entity and its risk environment and improve the auditor’s knowledge about the transactions that comprise the balances contained in the financial report. As such, advanced data analytic techniques can allow external auditors to improve financial report audits by: testing complete sets of data, rather than testing samples aiding risk assessment through identification of anomalies and trends that the auditors need to investigate further providing audit evidence by analysing all transactions that comprise an account balance.

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

QUICK REVIEW 1. Using the test data approach, the auditor prepares simulated transaction data to test program control activities. The auditor develops expectations as to what the processing results should be and compares them to the results obtained by processing the test data with the client’s application program. 2. The integrated test facility is an adaptation of the test data approach using simulated transactions. Dummy records are included in the client’s files, and simulated transactions are processed against the live files during regular processing. 3. It is possible to use actual client data to test the processing of the IT systems. Such techniques include controlled processing, controlled reprocessing and parallel processing.

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

4. Non-processing approaches may also be used to provide confidence concerning the client’s programs. These are usually used in conjunction with computer-assisted techniques, and include program code review and review of job accounting data.

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

Summary Tests of controls are one of the main sources of audit evidence. The auditor undertakes that combination of tests of controls and substantive tests that results in the most efficient and effective combination of audit procedures. If the auditor assesses control risk as being at any level below high, the auditor has identified and intends to rely on specific internal control policies and procedures that are capable of reducing the risk of material misstatement. Evidence gathered to determine the appropriateness of this intended reliance

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

is known as tests of controls. The auditor assesses the risk of material misstatement at the assertion level, and considers whether there are any relevant controls on which they can rely that will reduce this risk. For any controls on which the auditor intends to rely, evidence must be collected about that control’s existence, effectiveness and continuity.

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

Page 353

Key terms classic disbursements fraud illegal acts imprest fund integrated test facility (ITF) kickbacks kiting lapping non-routine transactions program code review review of job (batch) accounting data routine transactions test data tests of controls unauthorised executive perks

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

voucher system

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

References and additional readings

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

Armour, M. (2000) ‘Internal control: governance framework and business risk assessment’, Auditing: A Journal of Practice & Theory, Supplement, pp. 75–82. Bedard, J. and Graham, L. (2002) ‘The effects of risk orientation, underlying risk, and client experience on risk factor identification and audit test planning’, Auditing: A Journal of Practice & Theory, Vol. 21, No. 2, pp. 39–56. Blokdijk, H. (2004) ‘Tests of control in the audit risk model: effective? efficient?’, International Journal of Auditing, July, pp. 185–94. Deumes, R. and Knechel, W.R. (2008) ‘Economic incentives for voluntary reporting and internal risk management and control systems’, Auditing: A Journal of Practice & Theory, May, pp. 35–66. Grant, G., Miller, K. and Alali, F. (2008) ‘The effect of IT controls on financial reporting’, Managerial Auditing Journal, Vol. 23, No. 8, pp. 803–23. Hogan, C.E. and Wilkins, M.S. (2008) ‘Evidence on the audit risk model: do auditors increase audit fees in the presence of internal control deficiencies?’, Contemporary Accounting Research, Spring, pp. 219–42.  International Auditing and Assurance Standards Board (IAASB) Data Analytics Working Group (2016) Exploring the Growing Use of Technology in the Audit, with a Focus on Data Analytics, September, International Federation of Accountants (IFAC), New York. Janvrin, D. (2008) ‘To what extent does internal control effectiveness increase the value of internal evidence?’, Managerial Auditing Journal, Vol. 23, No. 3, pp. 262–82. PwC (2016) ‘What is channel stuffing and how might it affect your business?’, http://pwc. blogs.com/fraud_academy/2016/05/what-is-channel-stuffing-and-how-might-it-aff ect-your-business.html, accessed December 2017. Rae, K. and Subramaniam, N. (2008) ‘Quality of internal control procedures: antecedents and moderating effect on organisational justice and employee fraud’, Managerial Auditing Journal, Vol. 8, No. 2, pp. 104–24.  Rittenberg, L. (2013) ‘COSO 2013: a reflection of the times’, The Internal Auditor, August.

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

Review questions

Tests of controls 8.1 8.2

Briefly explain the matters that an auditor may consider in determining the extent of their tests of controls. LO 8.1 If an auditor wishes to place increased reliance on a control, does it make any difference to the extent of testing whether it is a manual control or an automated control? LO 8.1

Existence, effectiveness and continuity of controls 8.3 8.4

Identify and explain the differences between the types of testing the auditor would undertake for the existence of internal control and for the effectiveness of internal control. LO 8.2 How does an auditor test for the continuity of controls? LO 8.2 Page 354

Sufficiency and appropriateness of evidence 8.5 8.6

Explain the factors that determine whether the auditor has obtained sufficient appropriate audit evidence to support a control risk assessment. LO 8.3 Explain the difference between the ways in which an auditor tests a control where there is a documentary audit trail and where there is no documentary audit trail. LO 8.3

Revenues, receivables and receipts 8.7

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

8.8

Explain three controls related to the accuracy assertion for sales and indicate the tests of controls that the auditor would undertake to test the effectiveness of these controls. LO 8.4 Explain lapping and kiting, indicating the audit procedures used to detect these irregularities. LO 8.4

Expenditures, payables and disbursements 8.9 8.10

List control procedures that typically relate to the occurrence assertion for a purchase transaction. Identify the tests of controls that are usually performed for this assertion. LO 8.5 List control procedures that typically relate to the completeness assertion for a purchase transaction. Identify the tests of controls that are usually performed for this assertion. LO 8.5

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

Tests of controls for other types of expenditure transactions, including contractual transactions 8.11

8.12

What distinguishes contractual transactions from other major classes of transactions? Explain the sort of controls that would be important for such transactions and the way that the auditor would test these controls. LO 8.6 Outline control activities that can be undertaken for payroll and identify the tests of controls that are generally performed for testing these controls. LO 8.6

Testing controls in client computer programs 8.13

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

8.14

Identify the major differences between test data and an integrated test facility. Explain whether each technique involves tests of controls only or whether it has a substantive element. LO 8.7 Explain what impact advanced data analytics is likely to have on testing of controls. LO 8.7

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

Discussion problems and case studies

Tests of controls 8.15

8.16

EASY You are the auditor of Starlight Ltd for the year ended 30 June 2018 and you intend to rely on controls that have not changed since they were last tested. REQUIRED (a)

Explain how frequently you must test the operating effectiveness of such controls.

(b)

Provide three factors that would typically decrease the period for retesting a control that has been tested in previous audits. LO 8.1

MEDIUM New Release Ltd provides pay TV services across Australia. To subscribe to New Release, customers call a hotline number, select the package they require and provide a credit card number, to allow automatic payment of the monthly fee. Approximately 600 new subscribers sign up each month. There are no contracts and no payments accepted other than via credit card. There is no hard-copy documentation generated in relation to the sale —hotline staff enter the customer’s details directly into the computer, which then generates the relevant journal entries and postings to the ledger. From discussions with management you believe this system has not Page 355 changed since you tested it during last year’s audit, when you placed a high level of reliance on the controls and found only one minor deviation. REQUIRED Assuming that you have decided it is appropriate to test internal controls over the relevant transactions, provide a brief explanation of how the information provided above would affect the nature, timing and extent of your tests of controls. LO 8.1

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

Source: This question was adapted from the Chartered Accountants Program of the Institute of Chartered Accountants in Australia, 2011 (2) audit and assurance module.

Existence, effectiveness and continuity of controls 8.17

EASY EasyCut Ltd operates a sawmill located in Tasmania. EasyCut sources its timber from a number of local growers and from its own plantations. Logs are transported on large trucks that are weighed-in on the company’s weighbridge and weighed-out after dropping their loads in the storage area. Logs are then debarked and sawn to size in the cutting area of the mill. The logs are then sent to other areas of the sawmill depending on what they will be used for. Two documents are generated when the logs are received: a pre-numbered weighbridge ticket

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

a pre-numbered goods received docket (one copy is provided to the truck driver as the truck driver exits the mill). The goods received docket can only be signed by the foreperson in charge. The company’s chief financial officer (CFO), Ricky Myer, advises you that one cubic metre of timber weighs approximately one tonne and that the cost price per cubic metre to the mill varies according to the contract with each supplier. You compare this to the information from an expert’s report obtained from the permanent audit file and find that it is consistent. REQUIRED Outline three tests of controls that you would undertake on the effectiveness of controls relating to the receipt of logs. LO 8.2 Source: This question was adapted from the Chartered Accountants Program of the Institute of Chartered Accountants in Australia, 2011 (2) audit and assurance module.

8.18

MEDIUM You are audit senior at Peterson, Chan & Waugh and have been assigned to the audit of Outback Ltd for the year ended 30 June 2018. Outback manufactures, wholesales and retails Australian outback clothing for sale both in Australia and overseas. During the planning stage of the audit, you have identified the following three key internal controls over the functioning of Outback’s online inventory management system: Internal control 1—the system will not allow a customer to place an order for an item of inventory that is currently out of stock. Internal control 2—all new wholesale customers must undergo a credit approval check, which has to be signed off by Outback’s credit manager and CFO, before their credit limits are approved and a debtor account established.

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

Internal control 3—each customer is required to enter their unique customer identification number and personal identification number (PIN) before an order can be processed. This is to ensure that unauthorised inventory orders are not placed and only customers who are approved customers are able to order online. REQUIRED (a)

For each of internal controls 1, 2 and 3, describe a test that you would perform to assess whether the control was functioning effectively.

(b)

Outline the result that you would expect to see if the internal control was functioning effectively. LO 8.2

Page 356

Source: This question was adapted from the Chartered Accountants Program of the Institute of Chartered Accountants in Australia, 2012 (3) audit and assurance module.

Sufficiency and appropriateness of evidence 8.19

MEDIUM You are the audit senior at East & West and are conducting the audit of Relaxing Pool Ltd for the year ended 30 June 2018. Relaxing Pool retails spa pools and has stores across Australia.

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

The audit assistant, John Cummins, has carried out tests of controls over payroll. An extract from his audit working papers is as follows: The tolerable rate of deviation for this test, as per the audit plan, is 5 per cent. Twenty-four employee pays were selected from the weekly payroll reports (two per month) and tests performed as per the audit plan. Two immaterial errors were found. These errors were discussed with the client, who corrected them based on information provided by audit staff. As the errors were immaterial (less than $30 each) and subsequently corrected, payroll controls are working satisfactorily and there is sufficient appropriate audit evidence to rely upon them. REQUIRED (a)

Identify three reasons why the audit assistant’s conclusion is incorrect.

(b)

State the correct conclusion the audit assistant should have reached. LO 8.3

Source: This question was adapted from the Chartered Accountants Program of the Institute of Chartered Accountants in Australia, 2012 (3) audit and assurance module.

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

8.20

HARD Your firm has recently been appointed as auditors of Hot News Pty Ltd and you have been assigned as audit senior to the audit for the year ended 30 June 2018. Your engagement partner and the assistant auditor conducted an interim audit visit to the client four months before this year end; however, this is the first time you have been on the audit. There were no major issues identified at the interim audit visit and the assistant informs you that she thinks that the results of the interim audit are applicable for the full year. Hot News produces a monthly giveaway magazine that is distributed across Sydney. Articles are written by locals and largely consist of reports on upcoming community events. It is general practice for the chief executive officer (CEO) to attempt to convince the local writers that the resulting publicity for their community event means that the article should be published without payment. Most of the time the CEO is successful, and only about half the magazine’s articles are paid for. The CEO accumulates articles, so that there is always a ‘bank’ of articles available for the next edition. Hot News’ revenue consists of advertising by local businesses. The sales director and her staff actively pursue sales opportunities in each area. Advertising is mostly sold in three-edition or six-edition bundles. Occasionally there are a few one-off monthly advertisements, especially from seasonal businesses. The magazine offers a discount to advertisers if they place orders early, and the discount increases the earlier the order is placed (for example, a bigger discount is offered if an advertiser wants an advertisement in a

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

magazine next year than if they want one in next month’s issue). Responsibility for invoicing the advertiser and recording the details lies with whichever member of the sales team signs the advertiser. You make enquiries about the purchase of articles and Page 357 photographs for the magazine and have been provided with the following responses from the CEO: 1. Writers submit articles to the magazine and the CEO evaluates each article and then decides which ones are suitable for publication. 2. The CEO uses an order book specially allocated to him to prepare orders for those writers that will be paid for their work. The orders are mailed out to the writers. The CEO drafts and sends out a letter of thanks to the writers who were not selected. 3. The CEO and the art director select the photographs to be used. Notes are not kept of the result of their discussions. Photographers are freelancers, who are paid for every photo published. The CEO writes out the orders and they are mailed out to the photographers. 4. Invoices are received from the writers and photographers and matched to the orders. A rubber stamp is used by the bookkeeper to put the date of receipt on the invoice, as well as providing for the checking of the invoice details for accuracy and classification (allocation to a general ledger account). Prices and calculations on the invoices are checked by the bookkeeper and she puts her initials onto the relevant sections of the stamp. 5. The invoices then go to the CEO for approval for payment and the bookkeeper enters them into the accounts payable system. 6. Electronic funds transfers to creditors take place on the due date for payment, which is usually 30 days after the end of the previous month (writers and photographers do not send out statements). REQUIRED

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

Assume that you have decided that it is appropriate to test internal controls over the relevant transactions. (a)

Identify three tests of controls that you would use to obtain sufficient appropriate evidence regarding the purchases of articles and photographs.

(b)

Indicate whether it is appropriate to follow the advice of your assistant auditor to accept the results of the interim audit as applicable for the whole year. LO 8.3

Source: This question was adapted from the Chartered Accountants Program of the Institute of Chartered Accountants in Australia, 2011 (2) audit and assurance module.

Revenues, receivables and receipts 8.21

EASY You are working on the audit of Starburst Ltd and have just completed an evaluation of controls in the cash receipts area. You note the

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

following key controls as part of your evaluation: All cash handling is independent of the accounting function’s cash. Cash receipts are matched to specific sales invoices before being posted to the accounts receivable master file. There is an independent check that cash receipts are recorded in the correct account. There is a comparison of deposit slips, prelists and the posting to the cash receipts journal. There is a policy of depositing cash receipts each day. REQUIRED Provide an example of one procedure that could be used to test the control for each of the key controls identified above. LO 8.4 8.22

MEDIUM You are the audit senior on the Gemstone Ltd audit for the year ended 30 June 2018. Gemstone manufactures a wide range of jewellery. Orders are received by the sales order department by mail, fax, email or via a sales representative and are passed on to the credit manager for his review of the credit limit and approval of the order. Once approved, orders are returned to the sales order department where data-entry clerks key in the order via the terminals located in that department. Orders are subject to various computer edit checks when they are input at the terminal. If orders satisfy all the computer edit criteria, a picking slip is produced that lists the goods ordered. Orders that fail any of the Page 358 computer edit criteria are not accepted by the system. Rejected orders are noted by the data-entry clerk and passed to the department’s supervisor for investigation. 

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

Picking slips are printed in the dispatch office and then forwarded to the warehouse by the dispatch supervisor. A storeperson picks and assembles the orders. If goods are not in stock the storeperson alters the picking slip quantity to reflect actual goods picked. The storeperson then initials the picking slip prior to forwarding it together with the goods to dispatch. The dispatch clerk agrees the picking slip to physical goods picked, making adjustments for any stock-outs, before printing the invoice, which is forwarded to the accounts department. REQUIRED Identify the key controls and determine an appropriate test of controls you would employ for each control. LO 8.4

Expenditures, payables and disbursements 8.23

EASY The following is an extract of a working paper containing the results of a test of controls in the accounts payable area:

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

TEST

RESULT

CONCLUSION

Selected a number

Four out of 50

Accepted, as the

of suppliers’ invoices and checked that the

invoices tested had not been authorised

errors in discounts claimed were

pricing and discount terms have been

and incorrect discounts were

immaterial.

reviewed and

recorded for these

authorised by the

invoices. A follow-up

purchase manager.

of the four samples with deviations did not highlight a pattern or specific reason for the errors.

REQUIRED (a)

Identify the key assertion addressed by the test procedure.                  

(b)

Provide an explanation as to why the conclusion reached is appropriate or inappropriate.

(c)

Outline the key additional procedure that you believe needs to be performed. LO 8.5

Source: This question was adapted from the Chartered Accountants Program of the Institute of Chartered Accountants in Australia, 2008 (3) audit and assurance module.

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

8.24

MEDIUM While working on the audit of Cosmopolitan Ltd, you are involved in a review of control activities in the cash disbursement area. As part of your review, you have noted the following procedures: 1. All payments prepared by the clerk include a pre-numbered bank transfer requisition. 2. The bank transfer requisition requires the clerk to confirm that they have performed the following procedures for each payment: checked the additions and prices on the invoice confirmed the details on the invoice have been matched to a delivery note by the warehousing department verified a valid purchase order exists for the goods. 3. The clerk forwards the bank transfer requisition together with any supporting documentation (invoice and any other relevant correspondence) to the CFO for approval.

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

REQUIRED For each of the three controls identified above: (a)

Describe the purpose of the control—what is the control designed to prevent or detect?

(b)

Identify the account(s) and assertion(s) that this control will have an effect on in the financial report. 

(c)

Give one example of a procedure that could be used to test the control. LO 8.5 Page 359

Tests of controls for other types of expenditure transactions, including contractual transactions 8.25

MEDIUM Snowfields Pty Ltd operates a hotel in the New South Wales ski fields, providing accommodation, bar and restaurant facilities for tourists. Casual and part-time wages are a major expense item, particularly during winter, when up to an additional 50 staff are employed. In order to keep track of casual and part-time wages, Snowfields’ operations manager, Betty Zhang, prepares a weekly roster (using Excel), showing: employee name position of employment (e.g. kitchen hand) days and hours rostered for the week hourly rate

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

any additional amounts to be paid (e.g. meal allowances). The immediate supervisor of each employee is required to sign a hard copy of the Excel spreadsheet on a daily basis, as evidence that the hours were worked as rostered. Any discrepancies (such as additional hours) are recorded on a separate payroll adjustment form (PAF) and co-signed by the employee. The spreadsheet plus any PAFs are forwarded to the payroll officer each Friday and used as the basis for that week’s casual and parttime employee payroll. Last year, you tested and placed reliance on controls over casual and part-time wages. REQUIRED Assume that you have decided it is appropriate to test internal controls over the relevant transactions. (a)

How would the information provided above affect the nature, timing and extent of tests of controls in relation to casual and part-time wages?

(b)

Provide one test of control for accuracy and one test of control for occurrence in relation to casual and part-time wages. LO 8.6

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

Source: This question was adapted from the Chartered Accountants Program of the Institute of Chartered Accountants in Australia, 2011 (2) audit and assurance module.

Testing controls in client computer programs 8.26

MEDIUM Panoramic Views Pty Ltd is a hot-air ballooning company whose customers include the general public, as well as Australian and overseas travel agents selling packaged tours. Over the course of 2017, the management of Panoramic Views recognised that it needed to allow customers to make bookings online, if it wanted to remain competitive. Given the need for an interface between the web-based booking system and the general ledger, Panoramic Views upgraded the existing accounting software and acquired additional hardware to cope with additional speed of processing and the increase in required storage space. During the year ended 30 June 2018, Panoramic Views upgraded its entire general ledger system to include an integrated purchasing module and an accounts payable module that were installed on all company desktops. As part of the audit planning, you have identified the following relevant IT application controls (AC) and IT general controls (GC) for the integrated purchasing and accounts payable modules: 1. Purchasing clerks are responsible for ordering and receiving goods and processing clerks are responsible for processing invoices and preparing remittance advices. Purchasing clerks have access only to the purchasing module and processing clerks have access only to the accounts payable module. Each type of clerk has exclusive access to their module via a separate password-protected menu. 2. The purchasing module automatically assigns each order a sequential purchase order number. The purchasing clerk only has to enter the supplier code, stock code and quantity ordered. The unit price is automatically generated from the purchase price master file and cannot be overridden by the purchasing clerk.

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

3. Supplier information is contained in a supplier master file (SMF). Page 360 Each supplier has a unique supplier code. If the purchasing clerk attempts to place an order with a supplier not in the SMF, the order cannot be processed. 4. When goods are delivered, the purchasing clerk enters the order number and the date received. The quantity of goods received cannot be overridden by the purchasing clerk. A ‘Yes/No’ prompt confirms the receipt of the goods. The purchasing clerk is required to enter ‘No’ if the quantity received is incorrect. If ‘No’ is entered, the order cannot be processed for payment. 5. The IT manager assigns new staff a user profile and an initial password, based on advice provided by the IT administrator. The initial password is generic. The first time the new employee logs onto a company desktop computer they are automatically forced to change their password. Passwords must be changed every 30 days. REQUIRED

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

For each of the five IT controls outlined above, describe one computerassisted audit technique (CAAT) you would use to test that control. LO 8.7 Source: This question was adapted from the Chartered Accountants Program of the Institute of Chartered Accountants in Australia, 2010 (3) audit and assurance module.

8.27

HARD You have been assigned to the audit of Tropical Fruitland Ltd for the year ended 30 June 2018. Tropical Fruitland grows bananas and pineapples on its Queensland plantations and has a large workforce. As a result, the employee benefits expense is material. As the business process is fully automated using a human resource management information system (HRMIS), you have decided to use CAATs as part of your audit. You have undertaken the steps necessary to ensure the reliability and usability of the CAATs by using a copy of Tropical Fruitland’s HRMIS on a computer not in Tropical Fruitland’s networked environment. The human resources (HR) manager of Tropical Fruitland, Annabelle Sanders, has been assigned to assist you during your walk-through of the HRMIS processes. Annabelle assists you in adding a new dummy employee and in ensuring that salaries are correctly paid and entered into the accounting system (the employee benefits cycle). During the walk-through you observe the following: Annabelle opens the HRMIS application and enters a super-user name and password specifically created for this exercise by the systems accountant responsible for the HRMIS. The menu screen appears and displays a number of functions. She selects the function titled ‘create new employee’, and the screen for this appears with a number of empty fields. Annabelle explains that new employee details should only be entered from a hard copy of an employee registration form. She also tells you that the form must be signed by the employee, the employee’s manager and the HR manager before being entered into the HRMIS. She then enters the information of the dummy employee by populating the following fields: – name

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

– employee number – address – phone number – start date – date of birth

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

– annual salary – tax file number. The dummy employee is now set up in the system, so Annabelle goes back to the menu screen and clicks the item titled ‘initiate/process pay run’ and explains that the system automatically calculates employees’ monthly payments based on their salary and current tax rates. The system generates a standard report, titled ‘monthly pay run’, that lists the employees, their payments and the total tax paid to the tax office for the fictitious pay run. The monthly pay run report is reviewed and approved by the payroll manager before payments are released to employees. Once paid, the monthly pay run report is forwarded to the finance team for posting into the accounting system. Annabelle explains that a user with access to create a new employee in the system would not have the ability to initiate or process a pay run.

Page 361

As a result, you have identified the following two risks in the employee benefits cycle: the creation or existence of ghost employees (i.e. employees created in the system who do not exist, but are still paid) the incorrect calculation of payments in a pay run resulting in overpayment or underpayment of staff. REQUIRED (a)

Identify the assertion at risk for each of the two risks identified.

(b)

Identify an application control that already exists for each risk.

(c)

Design and implement one CAAT for each of the controls identified in (b). LO 8.7

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

Source: This question was adapted from the Chartered Accountants Program of the Institute of Chartered Accountants in Australia, 2012 (3) audit and assurance module.

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.

Continuous case study Background information for the continuous case study, Reliable Printers Ltd (RPL), is contained in the Appendix to this book. 8.28

MEDIUM William Jackson, the CEO of RPL, has requested that the tests of controls only be performed once (due to the disruption caused by audit staff to the work of the staff in the printing and shipping departments). In addition, he has requested that the tests of controls occur only during July 2018, as this is traditionally the quietest time of the year for RPL. You expect the audit report to be signed on 15 August 2018. REQUIRED (a) For each of the manual and IT application control activities identified in Question 7.29 in Chapter 7 , design an appropriate audit procedure to test that control. (b)

For each of the audit procedures you described in (a), outline the result you would expect if you determined that the control activity was not reliable.

(c)

Ignoring considerations of limitation of scope, discuss the effects of William’s requests on the sufficiency and appropriateness of the audit evidence to be gathered.

(d)

Review the sample supporting control documentation contained in the Appendix and identify any control deviations that would be revealed by your tests of controls. LO 8.2 , LO 8.3

Source: This question was adapted from the Chartered Accountants Program of the Institute of Chartered Accountants in Australia, 2012 (3) audit and assurance module.

Copyright © 2018. McGraw-Hill Australia. All rights reserved.

Page 362

Gay, Grant E., and Roger Simnett. Auditing and Assurance Services in Australia, McGraw-Hill Australia, 2018. ProQuest Ebook Central, http://ebookcentral.proquest.com/lib/adelaide/detail.action?docID=5729228. Created from adelaide on 2021-06-10 14:12:13.