control systems in place of a business

7/30/2019 Control Systems in Place of a Business

1/5

Financial System & Auditing

Outcome 2

Different components of business risk:

Sas 300Accounting and internal control systems and audit risks assessment

This SAS (statement of auditing standard) provides guidance on audit risk and its component:

- Inherent risk: the susceptibility of an account balance or class of transactions to materialmisstatement either individually or when aggregated with misstatements in other balances or

classes, irrespective of related internal controls over the accounting system.

- Control risk: the risk that material misstatement could occur in an account balance or class oftransactions, either individually or when aggregated with misstatement in other balances or

classes, and not be prevented, or detected and corrected, on a timely basis by the accounting

and internal control systems.

- Detection risk: the risk that the auditors substantive procedures do not detect a materialmisstatement in the financial records.

The three component of audit risk should be separately considered at the planning stage when the audit

procedures are designed. This enables efforts to be targeted towards areas of materiality and to reduce

overall audit risk.

In addition to the above, the planning process should:

1. Establish a materiality factor for the assignment.2. Establish whether a compliance or substantive testing approach is appropriate, i.e. whether or

not a system of internal control exists on which the audience can rely.

3. Set out the audit programme of tests to be undertaken.4. Establish initial sample sizes for testing.5. Set staff allocations and a fee budget.6. Involve the briefing of audit assistance. It is good practice for this briefing process to be

evidenced, perhaps by the assistant signing an appropriate section of the planning checklist.

SAS sets out standards for auditors on assessing audit risk and obtaining an understanding of accounting

standards for auditors on assessing audit risk and obtaining an understanding of accounting and internal

control systems. Its key points may be summarized as follows:

1. Audit risk, i.e. that an inappropriate audit opinion is given, has three components:


2/5

a. Inherent riskb. Control riskc. Detection risk

2. Detection risk incorporates audit sampling risk.3. Auditor should have an understanding of the accounting and internal systems of the client. The

auditor should maintain notes, documents, flowcharts, etc. on the permanent audit file detailing

the control procedures operated by management.

4. In order to assess the adequacy of the controls, and therefore the extent to which reliance canbe placed on them, it is common for auditor to check whether what happens in practice is

consistent with what is supposed to happen.

5. The three components of audit risk should be separately considered at the planning stage whenthe audit procedures are designed. This enables efforts to be targeted towards areas of

materiality and so reduce overall audit risk.

6. In the case of small, owner-managed businesses the audit evidence may have to be obtainedentirely from substantive procedures. The auditors planning record should allow for this

eventuality, together with a documentation of their reasons.

7. The SAS does not permit whatever the perceived level of inherent and control risk, an audit tobe conducted without applying substantive procedures.

8. In extreme cases, if the auditor derives no confidence from the system of internal control andalso considers audit risk to be high due to the state of the records, he may have no option other

than to undertake a 100 per cent check of transactions and balances as recorded.

9. Letters of weakness, or management letters, are often written following a review of internalcontrols.

10.A checklist within the planning documents may be useful to ensure that all components of auditrisk are adequately covered.

11.For smaller clients with uncomplicated transactions, a straightforward list of the books andrecords maintained will be sufficient.

12.Where it is clear that reliance on controls to reduce substantive testing would not beworthwhile, a detailed assessment of these controls and control risk is not necessary.

Risk-based auditing

Risk-based auditing is an approach of MUS (monetary unit sampling) which Is designed to avoid over-

auditing in low risk areas and under-auditing in high risk areas, and is an approach now considered vital

by many auditors.

A common approach to risk evaluation is to consider:

1. The adequacy of the clients accounting records and the control systems which ensure theiraccuracy and reliability.


3/5

2. The relevance of accumulated prior knowledge and reliability of evidence from past auditassessment.

An overall review will facilitate the formulation of an initial assessment of the level of risk into suitable

categories:

1. Negligible risk: i.e. when there is only a remote possibility of the accounting records andfinancial statements containing material errors.

2. Low risk.3. Medium risk: this risk evaluation factor might be appropriate when the nature of the companys

activities and the systems of internal control generally present a low audit risk but there are

identifiable areas which are more risky. For example. A freight forwarding company which may

be subject to claims from its clients for damage of property.

4. High risk: area are those which should be the primary concern of partners and senior managers,and will include such matters as

i. Adequacy of provisions.ii. Full disclosure of liabilities, including contingent liabilities.iii. Post-balance sheet review of subsequent events.iv. Analytical reviews on draft financial statements.v. Implications of tax legislation.vi. Detecting overstatement of assets.vii. Identifying high value items and error-prone conditions.viii. Drafting the audit report itself.

Control systems in place of a business

The three separate functions into which accounting controls may be divided are: buying

(authorization), receipt of goods (custody), and accounting (recording).

Buying factors to be considered include

a. The procedures to be followed when issuing requisition for additions to and replacements ofstocks, and the persons to be responsible for such requisitions.

b.

The preparation and authorization of purchases orders.c. The institution of checks for safe-keeping of order forms and safeguarding their use.d. As regards capital items, any special arrangements as to authorizations required.

Goods inwards factors to be considered include


4/5

a. Arrangements for examining goods inwards as to quantity, quality and condition, and forevidencing such examination.

b. The appointment of a person responsible for accepting goods, and procedures for recording andevidencing their arrival and acceptance.

c. The procedure to be instituted for checking goods inwards records against authorized purchasesorders.

Accounting factors to be considered include

a. The appointment of persons so far as possible separately responsible for.i. Checking supplier invoices.ii. Recording purchases and purchase returns.iii. Maintaining suppliers ledger accounts or similar records.iv. Checking suppliers statements.v. Authorizing payments.

b. Arrangements to ensure that before accounts are paid:i. The goods concerned have been received, accord with the purchase order, are properly

priced and correctly invoiced.

ii. The expenditure has been properly allocated, andiii. Payment has been duly authorized by the official responsible.

c. The establishment of appropriate procedures in connection with purchase returns, specialcredits and other adjustments.

d. Arrangement to ensure that liabilities relating to goods received during an accounting period areproperly brought into accounts of the period concerned.

e. The establishment of arrangements to deal with purchases from companies or branches formingpart of the same group.

f. Arrangements to deal with purchases made from employees under special terms.g. Regular independent checking of suppliers accounts against current statements, or direct

verification with suppliers.

h. The institution of a purchases control account and its regular checking by an independentofficial against suppliers balances.

Risk of fraud within a business, and methods for detection of fraud

Is the auditor responsible?

It could be argued that fraud, if it exists, may well affect the view presented by the accounts on which

it is undoubtedly the auditors responsibility to report and some audit work in this style is therefore

necessary.


5/5

This does not explain, though, the heavy emphasis of work which is directly or indirectly oriented

towards the direction of irregularity, both potential and real.

Thus, it is fair to state that the auditors degree of responsibility for fraud detection cannot at this

moment be quantified; further, that tendencies to cover claims with insurance, to settle at any price,

and to adopt untenable postures in letters, do not help matters.

control systems in place of a business

Documents