CHAPTER 10

UNDERSTANDING INTERNAL CONTROL

10-24.

a.

b.

The questions on an internal control questionnaire are designed to enable the

auditor to determine whether the entity has adopted internal controls that the
auditor considers necessary to prevent material misstatements in the financial
statements.
Questionnaires are easy to use and to complete. Moreover, they significantly
reduce the possibility of overlooking important aspects in each of the components
of internal control.

10-29. (Estimated time - 20 minutes)

a.
The auditor should gain an understanding of (1) the design of policies and
procedures pertaining to each internal control component and (2) whether the
policies and procedures have been placed in operation. In obtaining the
understanding, the auditor should obtain sufficient knowledge about the internal
control components to be able to:
Identify types of potential misstatements.
Consider factors that affect the risk of material misstatement.
Design substantive tests to provide reasonable assurance of detecting the
misstatements
related to specific assertions.
b.

The auditor obtains the understanding through:

Reviewing prior experience with the client
Inquiry of appropriate management and supervisory and staff personnel.
Inspecting documents and records.
Observing entity activities and operations.

c.

Yes, documenting the understanding of internal control components is required in

all audits.

d.

The auditor's documentation in the working papers may be made through

completed questionnaires, flowcharts, and narrative memoranda. Advantages of
questionnaires include that they (1) are usually developed by very experienced
professionals and provide excellent guidance to less experienced staff who may be
obtaining the understanding on a particular engagement, (2) are relatively easy to
use, and (3) significantly reduce the possibility of overlooking important internal

control matters. A disadvantage may involve the need to customize the

questionnaires for a particular client. Another disadvantage is the potential for
response bias where respondents answer in a manner most favorable to good
internal controls. In other instances, respondents may not know the answer to a
question, yet answer anyway.
Flowcharts should enable the auditor to see the relationships that exist between
controls, and facilitate the identification of key controls related to specific
financial statement assertions. They can be prepared in varying degrees of detail
by the auditor or obtained from the client. Once thought to be difficult to prepare,
flowcharting software for personal computers now eases the task of preparing and
amending flowcharts for the auditor's working papers.
Narrative memoranda are perhaps the easiest form of documentation to prepare
and are particularly effective on audits of smaller entities with fairly simple
system of internal controls. In such audits, they may constitute the only form of
documentation of the understanding of the system of internal control. For larger
entities with more complex systems of internal control, narrative memoranda are
generally used only as supplements to questionnaires and flowcharts. The
problem with narrative memoranda is that they may not be updated and kept
current to reflect changes in the system. Each year, narrative memoranda should
be critically evaluated to ascertain whether the system described is still the system
in use.
10.31. (Estimated Time 25 Minutes)
Item

a. Component of
Internal Control

1.
2.

Control environment
Control activities

3.

Control environment

4.

Monitoring

5.

Risk assessment

6.

Control activities

7.

Control activities

8.

Control activities

b. Additional example of component

of internal control.
An audit committee is formed comprised of outside directors
Access to mainframe computers, inventories, and cash and
securities is restricted (physical controls).
Management is involved in setting policies for developing ,
modifying and using computer programs and data.
Management receives information from external auditors
about weaknesses in internal controls and recommended
improvements.
Management carefully assesses the impact of new laws and
regulations on its business and reporting practices.
Controls are in place to review, test, and approve all new
systems, control program changes, and to document
procedures.
Physical controls limit direct access to assets and records and
limit indirect access through the preparation or processing of
documents that authorize the disposition of assets.
Management responsibilities include performance reviews
where the appropriate level of management reviews
disbursements charged to their responsibility center.

9.

Monitoring

10.

Information and
communication

Authority and responsibility is assigned in such a way that

each individual knows how his or her actions interrelate with
those of others in contributing to the achievement of the
entitys objectives, and how he or she will be held
accountable for the entitys performance.
The accounting system includes a provision for properly
measuring and recording the value of transactions in the
financial statements.

10-32 (Estimated Time 25 minutes)

a.
b.

c.
d.
e.
f.
g.
h.
i.

Control
Management has established a code of conduct that includes rules
regarding conflicts of interest for purchasing agents.
Waterfront has established a disclosure committee to review the
selection of new accounting policies.
Any computer program revision must be approved by user
departments after testing the entire program with test data.
The managers of each of Waterfronts manufacturing departments
must review and expenditures charged to their responsibility center
weekly.
The CEO, CFO, and controller review the financial consequences of
business risks annually to ensure that controls are in place to address
significant business risks.
Human resources focuses on ensuring that accounting personnel
have adequate qualifications for work performed in billing and
accounts receivable.
Security software limits access to programs and data files, and keeps
a log of programs and files that have been accessed which is
reviewed by the security manager daily.
A computer program prints a daily report of all shipments that have
not yet been billed to customers.
The controller reviews sales and collections bi-monthly.

j.

The computer compares the information on the sales invoice with

underlying shipping information.
k. Customer billing complaints are directed to internal audit for followup and resolution.
l. The documentary transaction trail for all credit sales is documented
in company policy manuals.
m. A committee of the board of directors evaluates and monitors
business risks.
n. Access to spreadsheets used in the financial reporting process is
limited and spreadsheets are tested with test data on a quarterly basis.

Category
1

Assertion(s)
Pervasive

4.6

DAO Accuracy and

Valuation, DAO
Classification and
Understandability
Virtually any
assertion
TAO Occurrence,
Completeness,
Accuracy, Cutoff
Pervasive

4.3.1
5
2
1

Virtually any
assertion

4.3.1

Virtually any
assertion

4.3.2

BAO - Completeness

4.5

TAO - Valuation,
Completeness, BAO existence,
Completeness
TAO - Occurrence,
accuracy
TAO Accuracy and
Occurrence
Virtually any
assertion
Virtually any
assertion
Virtually any
assertion

4.3.2
5
3
2
4.3.3

10-33. (Estimated Time 20 minutes)

a.

Assignment of functions
Employee No. 1--Accountant
Maintain general ledger (1)
Maintain disbursements journal (5)
Issue credits on returns and allowances (6)
Employee No. 2--Cashier
Prepare checks for signature (4)
Handle and deposit cash receipts (8)
Employee No. 3--Bookkeeper (subsidiary ledger)
Maintain accounts payable ledger (2)

b.

Maintain accounts receivable ledger (3)

Reconcile the bank account (7)

Undesirable combinations are

Handle cash receipts (8) and maintain accounts receivable ledger (3)
Handle cash receipts (8) and issue credit memos (6)
Prepare checks (4) and maintain accounts payable ledger (2)
Maintain accounts receivable ledger (3) and issue credit memos (6)
Handle cash receipts (8) and reconcile bank (7)
Prepare checks (4) and reconcile bank (7)

10-34. (Estimated Time 25 minutes).

Item
1.

2.
3.
4.

5.
6.

7.

The computer must match information

from a vendors invoices with
information from receiving and
information from the purchase order
before a check is issued.
A knowledgeable audit committee
reviews and approves new
applications of GAAP.
Two authorized signatures are
required on every check over
$100,000.
Each month management carefully
reviews the aged trial balance of
accounts receivable to identify pastdue balances and follows up for
collection.
A supervisor must approve overtime
work
The computer assigns sequential
numbers to sales invoices used in the
billing system.

The computer verifies the

mathematical accuracy of each
voucher and prints an exception report
for items with mathematical errors.
8. Employee payroll records are kept on
a computer file that can only be
accessed by certain terminals and are
password protected.
9. Internal auditors review journal entries
periodically for reasonableness of
account classifications.
10. The chairman of the audit committee
directly accepts confidential e-mails or
other submissions concerning

a. Category of Control
Activities
Computer application
controls

b. Assertion
TAO - Occurrence

Control over management

discretion in financial
reporting
Authorization

DAO Classification and

Understandability, DAO Accuracy
and Valuation
TAO Occurrence

Performance reviews

BAO - Valuation and allocation

Authorization

BAO - Existence

Computer application
controls

TAO - Completeness

Computer application
controls

TAO Accuracy

Physical controls; General

controls

Pervasive

Monitoring

DAO Classification and

Understandability

Antifraud

BAO Existence, TAO Occurrence

Item
questionable accounting and auditing
matters.
11. Checks received from customers and
related remittance advices are
separated in the mailroom and
subsequently processed by different
individuals
12. All vouchers must be stamped paid on
payment.

a. Category of Control
Activities

b. Assertion

Segregation of duties

TAO occurrence,
TAO Completeness,
TAO Accuracy

Physical controls

BAO - Existence

13. Department managers review

accounting for warranty claims on a
weekly basis.
14. On a quarterly basis, warranty
expenses are compared with actual
warranty claims.

Performance reviews

BAO - Valuation and allocation

Control over management

discretion in financial
reporting

BAO - Valuation and allocation

15. Only computer operators are allowed

in the computer room.
16. The computer will not complete the
processing of a batch when the
accounts receivable control account
does not match the total of the
subsidiary ledgers

Computer general controls

Physical controls
Computer application
controls

Pervasive affect on multiple

assertions
BAO Existence, BAO
Completeness