AUDITING

BAC2664 (New), BAC2287(Old)

Topic 5
Accounting and Internal Control
System

1
 Accounting and Internal Control
System
• Fundamental Concepts – Definition of controls,
Objectives, Characteristics, Limitations
• The importance of internal control to auditor – the
relationship between internal control and audit evidence
• Review and documentation of the system and control
• Assessment and consideration on the control systems
• Compliance tests for internal control in transaction cycle
• Final assessment of the internal control by the auditor
• Internal control limitation
• Definition of internal control by COSO

2
Accounting System and Internal Control:
Company’s Management Responsibility
Management is responsible for maintaining an adequate
accounting system and incorporate parallel various
internal controls to the extend that it is appropriate to the
size and nature of the business.
An accounting system supplemented by effective internal
control can provide management with reasonable
assurance that assets are safeguarded from
unauthorized use or disposition and that financial
records are reliable to permit the preparation of financial
information.
The internal control system augments the degree of
reasonable assurance in relation to the completeness,
accuracy, and validity of transactions from the outset up
to the final phase of preparing the FS.

3
Accounting System and Internal Control:
Company’s Management Responsibility
ISA 400 (AI 400), Risk Assessment and Internal Control, paragraph 7
defines accounting system:
“…the series of tasks and records of an entity by which transactions are
processed as a means of maintaining financial records. Such system
identify, assemble, analyse, calculate, classify, record, summarize and
report transactions and other events.”

Accounting system is essentially a recording procedure that comprises:

documents as source evidence that the transactions did in fact occur;
journals and subsidiary ledgers act as diaries that record in details of the
occurred transactions;
general ledger shows the summarized transactions that finally enable the
preparation of FS.

Internal control system will ensure the contents of the documents,

accounting records, and other records, including the registers are
complete, accurate, and valid.

4
 Importance of Internal Control for
Small and Large Companies
• Small company:
(1) Owner/Manager relationship:
- The BOD is composed of the shareholders. They as
management, loosely monitor or participate in the
operation of the company itself.
(2) Management Reliance on Internal Control:
- management has less need to depend on formal
internal controls from the reliability of the records and
other information.
- the FS are prepared to substantiate existing
knowledge on the business’s performance and financial
position.
5
 Importance of Internal Control for
Small and Large Companies
• Large company:
(1) owner/manager relationship:
- shareholders are separated from the BOD. Due to size of the
business, the management could not personally ensure the
completeness, accuracy, and validity on most of the transactions
carried out by their staff.
(2) management reliance on internal controls:
- management have to depend on formal internal controls for the
reliability of the records and other information. Therefore,
management has to ensure the adequacy of segregation of duties
(authorisation, recording, custody of assets).
- Fs are prepared to increase existing knowledge about the
company’s performance and financial position.

6
 What is Internal Control?
AI 400, paragraph 8, states:
“Internal control system means all the policies and
procedures (internal controls) adopted by the
management of an entity to assist in achieving
management’s objective of ensuring as far as
practicable, the orderly and efficient conduct
of its business, including adherence to
management policies, the safeguarding of
assets, the prevention and detection of fraud
and error, the accuracy and completeness of
accounting records, and the timely
preparation of reliable financial information.”
7
 Basic Rules of Internal Control
The system of internal control should have the following features:
2 Organisational structure
- facilitate delegation of duties, coordination of activities, control the action of
employees, clearly defined hierarchy to identify who is responsible for
what.., official title of persons, job description, formalised detailed duties
and responsibilities
2 Segregation of duties
- no one should be in a position to mix the three primary functions of
authorisation, recording, and custody of assets at any one time
3 Authorisation controls
- all transactions should require authorisation or approval by persons with
responsibility (to prohibit the recording of both erroneous and fraudulent
types of transactions, to control deletions or amendments to existing
accounting documents and records)
4 Recording controls
- to ensure only authorised transactions are entered (validity), to ensure all
authorised transactions are entered (completeness), to ensure all
authorised transactions are entered in the accounting records in the correct
classification of account, at correct date, with correct amount (accuracy)

8
 Basic Rules of Internal Control
continued

1 Custody controls
- to prevent unauthorised access to physical assets, to prevent
unauthorised access and alteration to documents and records
6 Personnel Hiring and Training Policy
- employ competent and honest staff, in addition to being qualified
- training programs conducted for new recruitment as well as experienced
staff, to ensure knowledge, duties, improve existing skills, in a structured
manner
7 Supervision
- carried out on a regular basis and continuous basis
8 Management
- responsible for devising and maintaining the system of internal control
- review the adequacy of the internal control on regular basis to ensure
that all significant controls are operating effectively (delegate this
responsibility to internal auditors)
- set up an audit committee to strengthen the internal audit function
- carry out their function on an ‘exception basis’

9
 Inherent Limitations of Internal
Control
Internal control can only provide reasonable assurance that
management’s objectives are attained. The internal control are
effective in reducing errors and fraud only to a certain extent.
This is due to the following inherent limitations of internal control:
1 circumvention of control – collusion between staff with incompatible
function
2 circumvention of control – abuse of authority by the management
3 cost – control against cost benefit, i.e., the benefit derived from the
control must justify the cost of having staff with incompatible
function
4 cost-control limited to anticipated types of transactions especially the
recurring transactions
5 employee inefficiency, compliance has deteriorated
6 employee negligence, human error
7 old and outdated system due to changes in company size and
activities result in inadequate control procedures
10
 Study and Preliminary Evaluation of Accounting
System and Related Internal Controls: Auditor’s
Responsibility
The auditor needs reasonable assurance that the accounting system is
adequate and that all accounting information which should be
recorded has in fact been recorded. Internal controls normally
contribute to such assurance.
The auditor should gain an understanding of the accounting system
and related internal controls and should study and evaluate the
operation of those internal controls upon which he wishes to rely in
determining the nature, timing, and extent of other audit
procedures.
An audit is the independent examination of a company’s financial
information, and as such must be conducted with the view to
express an opinion on the truth and fairness of the financial
information.
Therefore, in all audit engagements, the auditor needs to study and
understand:
(5) The flow of transactions through the accounting system, and
(6) The internal controls relating to the accounting system.
11
 Study and Preliminary Evaluation of Accounting
System and Related Internal Controls: Auditor’s
Responsibility continued
The internal controls are incidental to the audit
because it enables the auditor to assess the
control risk.
The auditor has a duty to ensure that companies
have maintained proper books and records as
laid down by the CA 1965 (in relation to the
accounting systems).
The auditor has a separate and distinct
responsibility to give an opinion as to the
adequacy of the accounting records for the
purpose of complying with the provision of S174,
CA 1965.
12
 How Does the Auditor Study and Understand the
Accounting System and Related Internal Controls?
The auditor’s way of study, in order to gain understanding on the accounting
system and related internal controls consists of the following steps:
(2) By Ascertaining:
– gain knowledge of the system by:
(a) reviewing organisation chart
(b) interviewing the accountant and authorised personnel at various
organisational levels, or discuss with internal auditors
(c) reviewing procedural manual, job description
(d) observe the physical procedures in action
(e) read previous year audit files – permanent and current audit files

In ascertaining the system, the auditor will be looking for the following types of
control:
(11) segregation of duties,
(12) documents involved in executing the transactions,
(13) documents are serially numbered,
(14) recording of documents are done in sequence,
(15) physical assets, and documents and records are safeguarded,
(16) authorisation,
(17) internal verification
13
 How Does the Auditor Study and Understand the
Accounting System and Related Internal Controls?
(2) By Recording:
– document the system and information flow, by using the following techniques
of recording:
(a) internal control questionnaires (ICQ) – ask a series of questions about the
internal control in each audit area, requiring a YES or NO answer
(b) narrative notes - in an essay format, describing the accounting system and
internal controls, with the following headings:
(i) segregation of duties – state the adequacy of segregation of duties
(ii) origin of documents (input) – state the name of the document, number of
copies, whether serially numbered, basis of preparation and authorisation
(iii) recording of documents (processing) – state the books of prime entry,
double entry
(iv) disposition of documents and records (output) – state the filing of
documents, despatch procedures to third party, safe keeping of documents and
records
(c) flowcharts – diagrammatical presentation of the client’s accounting system,
with the related internal control (show flow of documents in correct sequence
from the initiation to the recording and disposition)

14
 How Does the Auditor Study and Understand the
Accounting System and Related Internal Controls?
(3) By Confirming:
– the correctness of the flowchart via the walk-through test (aka,
cradle-to-grave test, or sample of one test).
The cradle-to-grave test is performed from the very first document to
the recording process and ultimately filing or despatch to third party.
The sample of one test indicates that the auditor focuses on one or
two transactions the most in order to confirm the flowcharts.
Therefore, the purpose of the walk-through test are as follows:
(a) to provide better understanding of the accounting system and
related internal controls
(b) to ensure with confidence that the system has been correctly
recorded
(c) to evaluate any weakness of the accounting system and internal
controls
(d) to provide evidence to support the understanding.

15
 References
• Lecture Notes
• Tutorial Questions
• Past Examination Questions
• ACCA Articles
• Text – Chapter 6: Internal Control in a
Financial Statement Audit

16