Thursday, September 25, 2008

ISA 315 : Understanding Control Environment and Control Activities

- relevant to F8 (ACCA)





WARRIOR :
Macro approach (Control Culture) : Alert to dangers. Suspicious of enemies
Micro approach (Control activities) : He puts many guard soldiers, spies and dispatchers to secure his army

ISA 315 Understanding the entity and its environment and assessing the risks of material misstatement deals with the whole area of controls. It requires that auditors 'obtain an understanding of the entity and its environment, including its internal control, sufficient to identify and assess the risks of material misstatement of the financial statements whether due to fraud or error, and sufficient to design and perform further audit procedures'.
The ISA states that internal control has five elements:
1. The control environment
2. The control activities
3. The entity's risk assessment process
4. The information system
5. Monitoring of controls


control environment above looks at the management "CULTURE" as to controls assessing management's toleration level of poor controls

contrasts with

control activities are "PROCEDURES" which are micro managing internal controls

CONTROL ENVIRONMENT – management’s attitude and firm’s culture toward controls


Control environment is governance and management functions and the attitudes, awareness and actions of those charged with governance and management concerning the entity's internal control and its importance in the entity.
The ISA requires auditors to 'obtain an understanding of the control environment'.


CONTROL ENVIRONMENT

COMMUNICATION ENFORCEMENT - ethical values
Essential elements which influence the effectiveness of the design, administration and monitoring of controls

COMMITMENT COMPETENCE
Management's consideration of the competence levels for particular jobs and how those levels translate into requisite skills and knowledge

GOVERNANCE
Independence from management, their experience and stature, the extent of their involvement and scrutiny of activities, the information which they receive, the degree to which difficult questions are raised and pursued with management and their interaction with internal and external auditors

MANAGEMENT'S PHILOSOPHY
Management's approach to taking and managing business risks, and management's attitudes and actions toward financial reporting, information processing and accounting functions and personnel

ORGANISATIONAL STRUCTURE
The framework within which an entity's activities for achieving its objectives are planned, executed, controlled and reviewed

AUTHORITY AND RESPONSIBILITY
How authority and responsibility for operating activities are assigned and how reporting relationships and authorisation hierarchies are established

POLICIES AND PRACTICES
Recruitment, orientation, training, evaluating, counselling, promoting, compensating and remedial actions



CONTROL ACTIVITIES - POLICIES AND PROCEDURES
PURPOSE : Control activities include those designed to prevent or to detect and correct errors. Examples include activities relating to authorisation, performance reviews, information processing, physical controls, segregation of duties.


CONTROL
Transactions should be approved by an appropriate person.
For example, overtime should be approved by departmental managers.

CONTROLS
The ISA requires the auditor to 'obtain an understanding of how the entity has responded to risks arising from IT'. We shall look at computer controls

CHECKING & ACCURACY
checking to see if individual invoices have been added up correctly.

MAINTAINING REVIEWING
Control accounts bring together transactions in individual ledgers. Trial balances bring together unusual transactions for the organisation as a whole. Preparing these can highlight unusual transactions or accounts.

RECONCILIATIONS
Reconciliations involve comparison of a specific balance in the
accounting records with what another source says the balance should be, for example, a bank reconciliation. Differences between the two figures should only be reconciling items.

COMPARING the results of cash, security and inventory counts with accounting records
in a physical count of petty cash, the balance shown in the cash book should be the same as the amount in the tin.

COMPARING internal data with external sources of information
For example, comparing records of goods dispatched to customers with customers' acknowledgement of goods that have been received.

AUTHORISED physical access to assets and records
Only authorised personnel should have access to certain assets
(particularly valuable or portable ones).
-ensuring that the inventory store is only open when the store personnel are there and is otherwise locked.
This can be a particular problem in computerised systems.

SEGREGATION OF DUTIES
(a) Segregation of function. The key functions that should be segregated are the carrying out of a transaction, recording that transaction in the accounting records and maintaining custody of assets that arise from the transaction.
(b) Segregation of various steps in carrying out the transaction should also be segregated.
(c) Segregation of accounting operations - the same staff should not record transactions and carry out the reconciliations at the period-end.


the above are crucial to APPLY say in a payroll environment :
1. auditors need to assess if the control [culture] is appropriate when handling cash payment for wages
2. auditors need to assess if the control policies of say in
(i) PAYMENT OF WAGES : all total hourly wages paid are verified by supervisors, hours claimed overtime are authorised, time sheets reviewed and reasonable hours claimed.
(ii) DEDUCTIONS : review of pay deductions printouts and checked and casted for accurate deductions

Note that the control activities are applied in the context of the 4 boxes of logical payroll sequence. Alan Lewin can easily apply the same control environment and control activities in other scenarios like client's receivables and payables sections .

CONCLUSION
exam could test you on what AUDIT PROCEDURES i need to take as in "TESTING OF CONTROLS" ensuring that you are satisfied that wages processes are adequately carried out like you are satisfied with degree of authorisation and segregation of duties to reduce fraud and minimise errors. In short, what steps should an auditor do to assert the payroll system adequacy?

However, another question style is "Can you investigate if you are satisfied with its current internal controls which is this case tell me what is the management culture and the type of policies they use?" examiner takes a step further as "Now you found so many weaknesses in the (lazy and lousy) management, can you suggest improvements?" This type of question is on test of controls based on ISA 315. (please see notes 9 & 10).

Please practice questions on Test of Controls on Payroll, Purchases and Sales system that we have done in our tutorials

2 comments:

JeNn_Babe said...

Jesus!!thanks sir for provided the guideline!!arigato!!!!!
Love you sir

Unknown said...

Mr. Marcus,

May i know the Macro & Mirco approach is used at the same time?

Thanks & regards,
Lam

URGENT: SBL Exam Guidance for Dec 2018 Exams

EVERY SUCCESS IN YOUR DECEMBER 2018 EXAMS Change is the only constant. Kasturi Core lecturing team has now moved to 2 new locations. ...