Session 12

Tests of Control

FOCUS
This session covers the following content from the ACCA Study Guide.

C. Internal Control
3. Tests of control
a) Describe computer systems controls including general IT controls and
application controls.
b) Describe control objectives, control procedures, activities and tests of control in
relation to:
i) The sales system
ii) The purchases system
iii) The payroll system
iv) The inventory system
v) The cash system
vi) Non-current assets

Session 12 Guidance
Understand the difference between general controls and application controls and the various
classifications within each (s.1).
Learn when controls will be tested to assess their effectiveness (s.2.1) and understand the
implications if controls are found to be effective or ineffective (s.2.3).
Learn the procedures used in tests of control (s.2.2).

(continued on next page)

F8 Audit and Assurance (INT) Becker Professional Education | ACCA Study System

Ali Niaz - ali.niaz777@gmail.com

VISUAL OVERVIEW
Objective: To describe computer systems controls and control objectives, procedures and
tests of control for the main transaction cycles.

COMPUTER SYSTEMS CONTROLS

• General Controls
• Application Controls

TESTS OF CONTROL
• Auditor's Consideration
• Nature, Timing and Extent
• Results of Tests of Control
• Reliance on Past Results

EXAM SKILLS FOR TESTS

OF CONTROL
• Key Skills
• Transaction Cycles

REVENUE CYCLE INVENTORY CYCLE

• Control Objectives • Control Objectives
• Internal Control Examples • Internal Control Examples
• Tests of Control • Tests of Control

PURCHASES CYCLE CASH CYCLE

• Control Objectives • Control Objectives
• Internal Control Examples • Internal Control Examples
• Tests of Control • Tests of Control

PAYROLL CYCLE NON-CURRENT ASSETS CYCLE

• Control Objectives • Control Objectives
• Internal Control Examples • Internal Control Examples
• Tests of Control • Tests of Control

Session 12 Guidance
Understand the conditions under which reliance can be placed on results of tests in previous
years (s.2.4). Attempt Example 1.
Learn the five key skills needed to answer examination questions regarding internal controls (s.3.1).
Work through Illustration 2 and Example 2.
Learn the control objectives, control activities and tests of control for the transaction cycles
(s.4–s.9).

© 2014 DeVry/Becker Educational Development Corp. All rights reserved. 12-1

Ali Niaz - ali.niaz777@gmail.com

Session 12 • Tests of Control F8 Audit and Assurance (INT)

1 Computer Systems Controls

1.1 General Controls

General controls—the policies and procedures that relate to many Virtually all business
applications and support the effective functioning of application systems and financial
controls by helping to ensure the continued operational integrity and systems involve
security of data and information systems. computerised
information
systems to some
extent. In the
1.1.1 Purpose
examination, assume
 General controls aim to establish a framework of overall that the system
control and commonly address the risks previously noted, for is computerised
example, controls over: (including Internet
applications) unless
 the data centre and network operations; told specifically
 system software acquisition (off-the-shelf, shrink-wrapped, otherwise.
bespoke, tailor-made);
 change and maintenance;
 development of computer applications;
 access security (e.g. to buildings and equipment);
 system/hardware acquisition, development and
maintenance.

1.1.2 Classifications
 Examples of general controls, which can be classified as
administration controls and systems development controls,
include:

Administration Controls Systems Development Controls

 Segregation of duties** between  Standard procedures and
development (analysts/programmers), documentation, including feasibility
maintenance (librarian) and operation. study and systems specification with
 Logical access controls (e.g. flowcharts or data flow diagrams.
passwords)** to enter systems.  Systems and program testing (test
 Automatic computer log of program and actual data). Usually pilot
changes (independently reviewed by operation.
IT manager).  File conversion: requires a complete
 Restricted physical access** (e.g. to a printout and check of file contents
computer room). before setting up operational master
 Firewall and virus update protection. files.
 Regular file copying ("dumping").  Acceptance and authorisation
procedures (e.g. by a responsible
 Job scheduling.
official of the project steering
 Backup power resources. committee).
 Disaster recovery procedures.  Training of user staff.
 Maintenance and insurance.
** Often classified as physical controls

12-2 © 2014 DeVry/Becker Educational Development Corp. All rights reserved.

Ali Niaz - ali.niaz777@gmail.com

F8 Audit and Assurance (INT) Session 12 • Tests of Control

 An alternative classification is:

1.2 Application Controls

Application controls—manual or automated procedures that

typically operate at a business process level. Can be preventive or
detective in nature and are designed to ensure the integrity of the
accounting records. Relate to procedures used to initiate, record,
process and report transactions or other financial data.

1.2.1 Purpose
 Application controls provide reasonable assurance that
all transactions are authorised, recorded and processed
completely, accurately and on a timely basis.

Note that there can be overlap between the various classifications.

Passwords can be a general control (e.g. granting access to
buildings) and also an application control (e.g. granting access to a
system via its operating system or to specific programs).
Some classifications include processing controls (e.g. control totals,
check digits, range, comparability, existence, sequence and exception
checks) as input validation controls (as input can be considered an
aspect of processing).
In the examination, state not only the control but what it aims to
achieve and give an example of its use.

© 2014 DeVry/Becker Educational Development Corp. All rights reserved. 12-3

Ali Niaz - ali.niaz777@gmail.com

Session 12 • Tests of Control F8 Audit and Assurance (INT)

1.2.2 Classifications

APPLICATION CONTROLS

INPUT PROCESSING OUTPUT MASTER FILE

Accuracy Accuracy Accuracy • Periodic print-
out of standing
• Validation checks • Check digits • Checking control data and
• Error investigation • Reasonableness totals comparison to
and feedback ("range") checks • Investigating independent
procedures • Existence checks rejected items control totals
• Batch totals • Format checks and data
Completeness
• Authorisation
Completeness Completeness • Reviewing accounts of master file
• Batch totals • Sequence checks and trial balances standing data
• Document counts • Mismatch reports updates
("file no data" or • Exception
"data no file") reporting (and
• "Run-to-run" authorisation)
controls to ensure of all changes
no data lost made to
standing data

 Validation checks over input, which can also function as

processing controls, include:
 Limit tests to ensure that a numerical value does not exceed
a predetermined value;
 Range or reasonableness tests to ensure that the value in a
field falls within an allowable range of values;
 Sequence checks to determine if data is input in proper
numerical or alphabetical sequence;
 Field tests to ensure that a field includes only acceptable
numeric or alphabetic characters; and
 Sign tests to check that data in a field has the correct
arithmetic sign.
 Check digit verification is an accuracy check that computes a
numeric value to provide assurance that the original value was
not changed.
 An alternative classification is:

Transaction Controls File Controls

Aim to ensure: Aim to ensure:
 completeness;  file continuity;
 accuracy; and  asset protection; such as:
 validity —keys, security-coded entry;
of transactions (and hence —approval and recording;
existence of assets and liabilities. —data security (e.g. library)
procedures.
 Mnemonic "CAVe".

12-4 © 2014 DeVry/Becker Educational Development Corp. All rights reserved.

Ali Niaz - ali.niaz777@gmail.com

F8 Audit and Assurance (INT) Session 12 • Tests of Control

2 Tests of Control

2.1 Auditor's Consideration of Internal Control

ISA 315 requires that the auditor:

 Obtain an understanding of the design and implementation of
relevant controls (see Session 9); and
 Design and perform further audit procedures, including substantive
procedures (see Session 15) and, when appropriate, tests of
control.

Tests of control—audit procedures designed to evaluate the

operating effectiveness of controls in preventing, or detecting and
correcting, material misstatements at the assertion level.
Substantive procedures—audit procedures designed to detect
material misstatements at the assertion level (see Session 15).

 Testing the operating effectiveness of controls includes

obtaining evidence regarding:
 whether controls were applied at relevant times;
 how controls were applied;
 the consistency with which controls were applied; and
 by whom the controls were applied.
 Tests of control are performed when:
 the auditor's risk assessment is based on an expectation
that controls are operating effectively (i.e. the auditor
intends to rely on the operating effectiveness of controls in
determining the nature, timing and extent of substantive
procedures); or
 when substantive procedures alone do not provide sufficient
appropriate audit evidence.*

*For example, when an entity makes extensive use of IT, the auditor
will, as a minimum, perform tests of computer systems controls (i.e.
relevant general and application controls).

Tests of control cannot be used to eliminate entirely the need to

perform substantive procedures. Substantive procedures must
be performed for all material account balances, transactions and
disclosures (Session 15).

© 2014 DeVry/Becker Educational Development Corp. All rights reserved. 12-5

Ali Niaz - ali.niaz777@gmail.com

Session 12 • Tests of Control F8 Audit and Assurance (INT)

 The following chart shows the relationship between the

auditor's understanding of internal controls, tests of control
and substantive procedures:

Risk assessment and

understanding internal controls

Potential for No reliance

reliance to be made

Test
effectiveness

Report to
Evaluate Not effective
management

Effective

Remaining assurance from All assurance from

substantive procedures substantive procedures

 A "fully substantive" approach (i.e. all assurance comes from

substantive procedures) is adopted where:
 following the risk assessment, controls do not appear to be
satisfactory; or
 testing controls shows them to be ineffective; or
 the auditor does not seek to place reliance on controls.
 A fully substantive approach requires a high level of testing of
transactions, balances and disclosures (see Session 15).

12-6 © 2014 DeVry/Becker Educational Development Corp. All rights reserved.

Ali Niaz - ali.niaz777@gmail.com

F8 Audit and Assurance (INT) Session 12 • Tests of Control

2.2 Nature, Timing and Extent of Tests

of Control
 Auditor judgement is used to determine:
 the relevant controls to test; and
 the nature, timing and extent of tests of control.
2.2.1 Nature of Tests of Control

Tests of control will use the following procedures:*

 Inquiry
 Observation
 Inspection
 Re-performance

*The nature of such tests is exactly the same as when used

to understand the design and implementation of the control
(Session 9). The major differences are in their timing and extent.

 All may be used for assessing the operating effectiveness of

control activities at the assertion level:
 Performance reviews (e.g. analytical procedures,
reperformance, observation);
 Information processing (e.g. inspection, recalculation,
reperformance);
 Physical controls (e.g. observation, inquiry, reperformance,
analytical procedures);
 Segregation of duties (e.g. observation, inspection,
reperformance);
 Authorisation (e.g. inspection, inquiry, confirmation).*

*Control activities can

be remembered using
the mnemonic "PIPSA".

© 2014 DeVry/Becker Educational Development Corp. All rights reserved. 12-7

Ali Niaz - ali.niaz777@gmail.com

Session 12 • Tests of Control F8 Audit and Assurance (INT)

2.2.2 Timing of Tests of Control

 Testing a control at a point in time only provides evidence
of its effectiveness (and implementation) at that time.
Depending on the objective of the test, it is often necessary
to test the effectiveness of controls over a period of time. For
example:
 Year-end inventory counts only require testing of control
(and substantive procedures) at the year-end, since no
reliance is placed on day-to-day controls.
 Controls over continuous inventory systems will need to be
tested throughout the year (e.g. regular test counting of
key inventory items, discrepancy reports followed up and
acted upon) if reliance is to be placed on inventory records
at the year-end.
 An efficient approach to testing controls is to conduct, wherever
possible, procedures during the interim audit. By doing so, the
auditor is able to reassess the audit approach, if necessary,
prior to the year-end audit (rather than discovering at the last
minute that the audit approach needs to be changed).
 When an interim audit is carried out, the approach to auditing
the remaining period to the year-end must be considered.
Factors to take into account include:
 the significance of the assessed risks of material
misstatement during the remaining period;
 the length of the remaining period (e.g. four months of
transactions will be more material than just one month);
 the control environment; and
 significant changes made to the internal control system
since the interim audit.

Illustration 1 Interim Audit

 An interim audit is carried out two months before the year-end. The
results show that there is a high degree of operating effectiveness.
 During the remaining two months, a change is made to the
procurement procedures. This is considered to be significant.
 Understanding and risk assessment is based on this change in control.
The operational effectiveness of the change and its effect on the
procurement system will be tested from the date of its introduction.
 As the monitoring of controls was assessed as effective at the interim
audit, the auditor decides that a review of the control monitoring
procedures during the last two months, supported by analytical
procedures, will be sufficient to cover the remaining internal controls
relevant to the audit and will not be affected by the change.

12-8 © 2014 DeVry/Becker Educational Development Corp. All rights reserved.

Ali Niaz - ali.niaz777@gmail.com

F8 Audit and Assurance (INT) Session 12 • Tests of Control

2.2.3 Extent of Tests of Control

 The extent of tests of control should consider:*
 The frequency of the performance of the control by the
entity during the period.
 The length of time during the audit period that the auditor is
relying on the operating effectiveness of the control.
(This will generally be the whole period.)
 The relevance and reliability of the audit evidence to be
obtained.
 The extent to which audit evidence is obtained from tests of
other controls related to the same assertion.
 The extent to which the auditor plans to rely on the
operating effectiveness of the control in the assessment of
risk (and thereby reduce substantive procedures).
 The expected deviation (i.e. number of errors) from the
control. If the expected deviation is zero, any deviations
may result in increased substantive procedures.

*If the system is changed partway through a year (e.g. from a

manual to a computer-based system), effectively two systems will
need to be fully assessed and tested, depending on the length of time
each system has been in operation (e.g. if the change occurred during
the last month, detailed analytical procedures may provide sufficient
audit evidence for the last month). In addition, as discussed in
Session 12, integrity of data transfer from the old to the new system
will be of particular importance, and the auditor must ensure that this
process did not result in any material error in the new data set.

© 2014 DeVry/Becker Educational Development Corp. All rights reserved. 12-9

Ali Niaz - ali.niaz777@gmail.com

Session 12 • Tests of Control F8 Audit and Assurance (INT)

2.3 Results of Tests of Control

2.3.1 Errors Found During Tests of Control
 The concept of materiality does not apply when dealing with
control test errors. If the expected deviation is zero, any error
(regardless of its monetary value) means that the control
did not work. It is important that the auditor determines the
reason for the error(s).
 If there was only one (or very few) errors in a sample,
this may indicate an isolated error (e.g. no purchasing
authorisation for a day because the buying manager was sick).
 A review should be undertaken to see if the error was
repeated at any other time, (e.g. at what other times was
the manager ill and were alternative controls in place?)
together with analytical procedures on purchases actually
made on those days.
 It may then be concluded that, if there is no material effect
on the financial statements, substantive procedures may not
need to be increased.
 A report of the weakness and potential effect must still be
made to the client.
 If several or numerous deviations are found, the conclusion
will usually be that the controls are not effective and
substantive procedures must be extended accordingly.
Reason(s) for the failure in control must be established and
reported to management (see Session 13).

2.3.2 Conclusions From Tests of Control

Conclusion Implication

  Controls are operating effectively. Remaining assurance must be obtained through

reduced substantive procedures. This could mean
lower sample sizes for testing transactions and
balances and the use of substantive analytical
procedures.

  Controls are not operating effectively. All audit assurance must be obtained through
increased substantive procedures (e.g. tests of
details and larger sample sizes) on transactions,
balances and disclosures.

 If the risk assessment or results of testing indicate that

controls are not satisfactory:
 a report to management on the significant deficiencies
found must be made (see Session 13); and
 the audit strategy and plan must be updated (and approved
by the partner) to take into account the increased assurance
to be obtained from substantive testing (e.g. through changes
in the nature, timing and extent of substantive procedures).

12-10 © 2014 DeVry/Becker Educational Development Corp. All rights reserved.

Ali Niaz - ali.niaz777@gmail.com

F8 Audit and Assurance (INT) Session 12 • Tests of Control

2.4 Reliance on Past Results

2.4.1 General
 Audit evidence on the operating effectiveness of controls in a
prior period may be relied on as audit evidence for the current
period, subject to the following conditions:
 inquiries, observations and inspections confirm that no
changes were made in the current period;
 if an individual control, that control is tested at least once
every three years;
 if a number of controls, a sufficient portion of them are
tested each year and each control is tested at least every
three years;
 the control does not relate to a significant risk.

2.4.2 Significant Risks

 For significant risks, the operating effectiveness of controls
must be tested annually. Although prior-year audit evidence
relating to the design of such controls may be relied on (in the
absence of changes), the evidence of its implementation and
operating effectiveness must be assessed each year.
 The higher the risk of material misstatement, or the greater
the reliance on the control, the greater the need for that
control to be tested annually. Factors to consider include:
 the effectiveness of other elements of internal control; the
control environment, monitoring of controls and the entity's
risk assessment process;
 the risks arising from the characteristics of the control (e.g.
if manual or automated);
 the effectiveness of general IT controls, if applicable;
 the effectiveness of the control and its application, including
the nature and extent of deviations in its application (from
tests of operating effectiveness in prior audits);
 whether the lack of a change in a control poses a risk due to
changing circumstances;
 the risk of material misstatement and the extent of reliance
on the control.

Example 1 Prior Period Audit Evidence

Suggest FIVE reasons for the auditor NOT to rely on audit evidence obtained in prior periods.

Solution

1.

2.

3.

4.

5.

© 2014 DeVry/Becker Educational Development Corp. All rights reserved. 12-11

Ali Niaz - ali.niaz777@gmail.com

Session 12 • Tests of Control F8 Audit and Assurance (INT)

3 Exam Skills for Tests of Control

3.1 Key Skills

5 Key Skills

SPECIFY SPECIFY SUGGEST TESTS IDENTIFY MAKE

CONTROL CONTROL OF CONTROL CONTROL RECOMMEN-
OBJECTIVES ACTIVITIES WEAKNESSES DATIONS
• "Ideas list"
• To ensure • Control – inquiry • Deficiencies • Be specific
that environment – observation in control – Who?
something • Risk – inspection components – What?
good assessment – reperformance – When?
happens/ procedures
something • Information
bad does not systems
• Monitoring

3.1.1 Control Objectives Relating to Financial Statements

 At the financial statement assertion level, control objectives
aim to ensure that only:
authorised (Valid—V) transactions are

 promptly recorded (Complete—C) in the
 correct (Accurate—A) amount in the
 appropriate (A) accounts in the
 proper (Correct Cut-off—C) accounting period and that
 recorded assets exist (Existence—E).
 Mnemonic CAVE
 For example, the overall control objective over purchases may
be stated as being "to ensure that payments are only made
for goods and services actually received and required by the
entity". This may be broken down into sub-objectives (e.g.
"to ensure that goods are only received for orders placed").
 This requires control activities over placing the order, receipt
and acceptance of the goods/services, recording and analysing
the invoice and settling the liability for the overall control
objective to be achieved.

12-12 © 2014 DeVry/Becker Educational Development Corp. All rights reserved.

Ali Niaz - ali.niaz777@gmail.com

F8 Audit and Assurance (INT) Session 12 • Tests of Control

Illustration 2 Sales Cycle

Consider the sales cycle. Identify the overall control objective (that all goods
despatched are correctly recorded in the general ledger), break down transaction into
components (i.e. the flow of documentation) and ask, "What could go wrong?"—that
is, what would be an appropriate control objective for that element (e.g. to ensure
that goods cannot be despatched without the correct authorisation)? Effectively,
devise control objectives at each stage.

Customer order

Can goods be despatched

Sales order
without authorisation?
Can invoices be
raised when no Despatch note
goods despatched? Can goods be despatched
but not invoiced?
Invoice
Can invoices be raised
Sales daybook but not recorded?
General Ledger
Dr Receivables Can goods be despatched
control a/c Receivables or charged to the wrong
Cr Sales ledger customer?

Then ask yourself what control activities need to be in place to achieve the control
objective (e.g. authorisation, completeness checks, reconciliations, analytical review,
pre-numbering of documents, segregation of duties, etc).
Compare your ideas with what the question scenario has; any differences will form
the basis of your answer.

 In the examination, be prepared for a "practical theory"

question, where you are presented with a scenario and have to
identify internal control weaknesses (or strengths). Basically
place the ideal "framework" over the scenario and identify the
errors/gaps.
 Ensure you fully understand the difference between the control
objective (e.g. what does the control aim to achieve?) and
the control activities (e.g. what actions have to take place to
ensure the objective is achieved?).

© 2014 DeVry/Becker Educational Development Corp. All rights reserved. 12-13

Ali Niaz - ali.niaz777@gmail.com

Session 12 • Tests of Control F8 Audit and Assurance (INT)

Example 2 Purchases Cycle

Break down the purchases cycle into components and generate FOUR key control
questions.

Solution

12-14 © 2014 DeVry/Becker Educational Development Corp. All rights reserved.

Ali Niaz - ali.niaz777@gmail.com

F8 Audit and Assurance (INT) Session 12 • Tests of Control

INVENTORY
(Session 23)

REVENUE

PAYROLL
PURCHASES
NON-CURRENT
ASSETS
CASH (Session 22)
(Session 26)

3.2 Transaction Cycles

 Audits are generally performed by transaction cycle. Auditing
by transaction cycle enables the auditor to gather evidence
for related account balances, transactions and disclosures
simultaneously.
 The transaction cycles relevant to the F8 examination are:
 Revenue
 Purchases
 Payroll
 Inventory
 Cash
 Non-current assets
 The sections that follow outline, for each transaction cycle:
 the control objectives;
 control activities; and
 tests of control.

© 2014 DeVry/Becker Educational Development Corp. All rights reserved. 12-15

Ali Niaz - ali.niaz777@gmail.com

Session 12 • Tests of Control F8 Audit and Assurance (INT)

4 Revenue Cycle

4.1 Control Objectives

To ensure that . . .

. . . entity only deals with

Stage 1 creditworthy customers.

. . . despatches are valid and

Stage 2 adequately recorded.

. . . invoices are raised for all

Stage 3
despatches and accurate.

. . . information is complete,
Stage 4 accurate and up to date ( credit
control).

. . . receipts are recorded/banked

Stage 5 promptly and intact (reduces risk of
misappropriation).*

* "Complete", "accurate," and "valid" are key words in accounting

control objectives. "Prompt" is a more commercial objective.

12-16 © 2014 DeVry/Becker Educational Development Corp. All rights reserved.

Ali Niaz - ali.niaz777@gmail.com

F8 Audit and Assurance (INT) Session 12 • Tests of Control

4.2 Internal Control Examples

4.2.1 Sales Orders
< Sales orders should be authorised and show evidence of
authorisation (e.g. sales manager's signature).
< Sequentially numbered sales orders should be used to ensure
completeness (i.e. pre-numbered or generated in strict
numerical sequence) and regular sequence checks should
be performed.
< An "open sales order" file should be maintained and
periodically reviewed to ensure that all orders are ultimately
fulfilled.
< Sales orders should be validated for price, quantity, goods
availability and customer creditworthiness.

4.2.2 Despatches
< Despatches should be matched to authorised sales orders.
< Sequentially numbered despatch notes should be raised.
Regular sequence checks should be performed to confirm
completeness.
< Proof of delivery (e.g; customer signature) should be obtained
(e.g. on a copy of the despatch note).
< Sequentially numbered goods returned notes should be used
to ensure completeness of recording of sales returns.

4.2.3 Sales Invoices

< Sequentially numbered sales invoices should be used.
Regular sequence checks should be carried out to ensure
completeness.
< Sales invoices should be matched to despatch notes and sales
orders to confirm accuracy of product description and quantity.
< Arithmetic accuracy of sales invoices should be verified.
< Prices on sales invoices should be agreed periodically against
authorised price list.
< Trade discounts applied should be agreed (e.g. to contracts
with customers or authorised price list) to ensure that the
correct discount has been applied to the quantity sold.

4.2.4 Recording
< Invoices should be "pre-listed" (e.g. in a sales day book)
to enable control accounts to be prepared and confirm
completeness and accuracy of postings to the customers'
accounts in the sales ledger.
< A sales/trade receivables ledger control accounts should be
maintained and the balance reconciled monthly to a list of
amounts due from customers.
< Monthly statements should be sent to customers and disputes
handled independently.

© 2014 DeVry/Becker Educational Development Corp. All rights reserved. 12-17

Ali Niaz - ali.niaz777@gmail.com

Session 12 • Tests of Control F8 Audit and Assurance (INT)

4.2.5 Cash Receipts

< Where money is received by post, "mail opening procedures"
should include two staff members (segregation of duties).
< Cheques should be restrictively endorsed when received and a
pre-listing of receipts prepared.
< All monies received should be banked intact on that business day.
< Entries in the cash receipts book should be proved by regular
(usually monthly) reconciliations of the bank account balance
in the general ledger to the bank statement.
< Bank reconciliations should be reviewed on a regular basis by
a responsible official independent of the recording function.

4.2.6 Overall Controls

< There should be segregation of duties between:
= Order recording
= Order authorisation
= Despatch of goods
= Invoice preparation
= Handling of cash receipts
= Ledger posting
= Supervision

4.3 Tests of Control

< Test a sample of sales invoices for the presence of authorised
sales orders and despatch notes.
< Review and test (e.g. by reperformance) the client's
procedures for accounting for the numerical sequences of
sales orders, despatch notes and sales invoices.
< Review and observe the client's procedures for opening
mail and handling complaints and disputes about monthly
statements.
< Examine sales invoices for evidence that mathematical
accuracy was verified.
< Examine the open sales order file for evidence of review.
< Review client's procedures for giving credit terms to
customers.
< Examine sales orders for evidence of credit approval.
< Review reconciliations of the sales ledger control account to
the list of customer balances for evidence of having been
checked and agreed (e.g. a signature).

12-18 © 2014 DeVry/Becker Educational Development Corp. All rights reserved.

Ali Niaz - ali.niaz777@gmail.com

F8 Audit and Assurance (INT) Session 12 • Tests of Control

Example 3 Tests of Control

Using the schedule which follows:

(a) For each sales-cycle key control question, identify a key control (i.e. one which prevents/
detects promptly material errors).
(b) For each key control identified, suggest an appropriate test of control.
Solution
Key control question (a) Types of key (b) Possible test
control of control

1. Can goods be despatched but not

invoiced?

2. Can invoices be raised but omitted from

the sales daybook?

3. Can invoices be raised but not recorded in

the sales ledger or the general ledger?

4. Can receivables be improperly credited

by fictitious or incorrect credit notes,
journals, bad debt write-offs, cash
receipts, etc?

© 2014 DeVry/Becker Educational Development Corp. All rights reserved. 12-19

Ali Niaz - ali.niaz777@gmail.com

Session 12 • Tests of Control F8 Audit and Assurance (INT)

5 Purchases Cycle

5.1 Control Objectives

To ensure that . . .

. . . requisition is for valid and

Stage 1 necessary business expense.

. . . ordering is efficient and cost

Stage 2 effective.

. . . goods are not damaged/wrong

Stage 3
items, etc.

. . . suppliers do not overcharge

Stage 4 (e.g. fail to recognise discounts).

Stage 5 . . . management has timely

information concerning liabilities.

. . . payments are made to bona

Stage 6
fide suppliers for goods received.

12-20 © 2014 DeVry/Becker Educational Development Corp. All rights reserved.

Ali Niaz - ali.niaz777@gmail.com

F8 Audit and Assurance (INT) Session 12 • Tests of Control

5.2 Internal Control Examples

5.2.1 Requisitions
 Orders should be requisitioned by the user department and
authorised by the head of department.
 Sequential numbering should be checked for completeness.
 A buyer should coordinate requisitions (to secure value for
money).
 An economic order quantity (EOQ) inventory system or checks
on physical quantities held (to prevent overstocking).

5.2.2 Purchase Orders

 Purchase orders should be raised in an order ("buyer")
department which is independent of all other departments.
 Purchase orders must be authorised order forms which are
sequentially pre-numbered. Orders must be authorised and
the sequence periodically checked for completeness.
 Pending (unfulfilled) orders should be reviewed regularly to
ensure that purchasing requirements are met.

5.2.3 Goods Received

 Goods should be inspected when received (product
description, quantity and quality) before being accepted.
 Documentation accompanying goods received (e.g. the *An incomplete order
supplier's despatch note) should be matched to a purchase may be accepted
order to confirm that the goods were ordered.* rather than refused.
However, any shortfall
 Sequentially numbered goods received notes (GRNs) should must be documented.
be raised for all goods received and periodically reviewed for
completeness.

5.2.4 Purchase Invoices

 Invoices should be recorded promptly (e.g. in purchase
daybook) and sequentially numbered on receipt.
 Invoices should be arithmetically checked and matched to the
GRN and purchase order.
 Performance of these checks should be evidenced on each
invoice (e.g. by initials in a "grid stamp"). *A control total may
be a monetary total
5.2.5 Recording (e.g. of the amounts of
the purchase invoices)
 Batch control over input (i.e. a control total of a batch of or a meaningless
invoices is pre-determined and agreed after processing) to "hash" total (e.g.
ensure accuracy and completeness.* the sum of supplier
account numbers).
 Maintenance of a purchase ledger control account, monthly
Either would confirm
reconciliation to a list of trade payable balances and
completeness of
independent review thereof. processing but only
 Monthly reconciliation of balances in the trade payables ledger a monetary total can
to suppliers' statements to ensure complete and accuracy of confirm accuracy.
postings of invoices.

© 2014 DeVry/Becker Educational Development Corp. All rights reserved. 12-21

Ali Niaz - ali.niaz777@gmail.com

Session 12 • Tests of Control F8 Audit and Assurance (INT)

5.2.6 Cash Payments

< The person who signs cheques or bank drafts should not
be involved in the authorisation, recording and custodial
functions.
< Two signatures should be required for larger payments.
< All cheques should be issued in sequential order and their
sequence should be controlled.
< Unused cheque books should be kept under lock and key.
< Spoiled or cancelled cheques should be retained.
< No cheque or other payment order should be raised without
supporting documentation, including the invoice, GRN, and
purchase order.
< Invoices and requisitions should be stamped "PAID".
< The payments system should be supervised by a
responsible official who oversees and reviews monthly bank
reconciliations.

5.2.7 Overall Controls

< The buyer should be independent of the bookkeeping
functions, inventory handling and recording and payment
functions (i.e. segregation of duties).

5.3 Tests of Control

< Verify authorisation of sample of purchase requisitions and
purchase orders and agree purchase orders to requisitions.
< Scan the unfilled purchase order file for evidence of review.
< Scrutinise all tenders received, where applicable, in respect
of a sample of transactions and verify authorisation of
selected tender.
< Test sequence of purchase requisitions, purchase orders and
GRNs and enquire into those missing.
< Test a sample of GRNs for evidence that goods were inspected
and matched to purchase order when received.
< Test sample of invoices for evidence of recalculation and
matching to purchase orders and GRNs.
< Test a sample of cash payments to supporting documentation
(invoices, GRNs, purchase orders, and purchase requisitions).
Confirm that approval for payment was given by authorised
official.

12-22 © 2014 DeVry/Becker Educational Development Corp. All rights reserved.

Ali Niaz - ali.niaz777@gmail.com

F8 Audit and Assurance (INT) Session 12 • Tests of Control

Example 4 Internal Control Deficiencies

Miller Co is a pharmaceutical manufacturer. The purchasing department is managed by

Mr Wurm, the buyer, and his assistant Walter Green. The value of purchases annually is about
$3 million. When goods are required the inventory records clerk, Frederica, sends a purchase
requisition to Mr Wurm, who requires Walter to type out a purchase order. Walter manually
enters a sequential number onto the purchase order and photocopies the order. The original is
sent to the supplier and a copy is kept in a file.
When the goods arrive, they are stored in the warehouse and the supplier's despatch note is
sent to Walter from the warehouse supervisor. Walter then marks off the items received on the
order and sends the despatch note to Frederica, who uses it to update the inventory records
before filing it in chronological sequence.

Required:
(a) Identify FIVE deficiencies in the system and state their implications.
(b) Suggest recommendations to improve the system, assuming that Miller Co has
sufficient resources to implement suitable recommendations.
Solution
Deficiency Implication Recommendation

© 2014 DeVry/Becker Educational Development Corp. All rights reserved. 12-23

Ali Niaz - ali.niaz777@gmail.com

Session 12 • Tests of Control F8 Audit and Assurance (INT)

6 Payroll Cycle

6.1 Control Objectives

To ensure that . . .

only bona fide employees are paid

Stage 1 for work done.

Stage 2 . . . calculations are accurate.

. . . amendments (e.g. starters

Stage 3 and leavers) are valid.

Stage 4 . . . deductions for personal

income tax, social contributions,
etc are accurate.

. . . payments are made to those

Stage 5 entitled to receive them.

. . . amounts are correctly posted

Stage 6 to G/L a/cs.

6.2 Internal Control Examples

6.2.1 Clock Cards
*Supervision may be
 Safe custody and restricted issue of clock cards and/or physical observation
security passes. of employees arriving
to and leaving from
 Supervision of employees as they clock in and clock out.*
the workplace or
 All time records should be checked and overtime approved and automated (e.g. swipe
approval should be documented. card barriers).

12-24 © 2014 DeVry/Becker Educational Development Corp. All rights reserved.

Ali Niaz - ali.niaz777@gmail.com

F8 Audit and Assurance (INT) Session 12 • Tests of Control

6.2.2 Payroll Preparation

 Details of new employees to be put on the payroll should be
authorised (e.g. by the line manager or department head).
 All hours of overtime should be authorised before inclusion in
the payroll run.
 Any sickness or holiday leave should be authorised.
 The payroll should be checked for accuracy of detail of names,
hours paid, rates of pay and calculations of gross pay by
people who are independent of payroll preparation.
 A responsible official independent of the recording and
authorisation function should formally approve the payroll by
signing it.
 Documentation of starters and leavers should be
independently maintained (e.g. by the HR department) and
periodically compared against the payroll.

6.2.3 Cash Payments

 Where employees are paid in cash the exact sum for net
payment should be withdrawn from the bank.
 Wage packets should be prepared by at least two people in
advance of the payout. Wage packets must be kept securely.
 Handing out of cash payments must be witnessed.
 Receipt of wage packet must be evidenced (e.g. by employee's
signature).*
 Uncollected wages should be recorded, placed in safe custody
by a responsible official and rebanked after a reasonable
period of time. *Specific written
authority should be
6.2.4 Recording required for a person
to collect a wage
 Control accounts should be maintained for wages, salaries and packet on behalf of an
related taxes. employee.
 Payments of tax liabilities (including social deductions) should
be agreed to the source payroll.

6.2.5 Overall Controls

 A record should be kept for each employee containing, in
writing, proof of engagement, dismissal, changes in pay rates,
etc. Any changes in detail should be evidenced in writing by a
responsible official.
 The payroll should be independently scrutinised (e.g. month-
on-month) to identify any unexpected deviations.
 Duties should be segregated between the personnel
management functions, the payroll recording functions, the
cash payment functions and overall supervision of the payroll
system.
 A responsible official should supervise the recording of payroll
and the regular discharge of payroll-related liabilities.

© 2014 DeVry/Becker Educational Development Corp. All rights reserved. 12-25

Ali Niaz - ali.niaz777@gmail.com

Session 12 • Tests of Control F8 Audit and Assurance (INT)

6.3 Tests of Control

< Review employee files and verify that all engagements,
dismissals or status changes are in writing and authorised by a
responsible official.
< Examine records of bonus, overtime payments and similar for
agreement with related accounting records and authorisation
by a responsible official.
< For a sample of employees, verify that approval of payroll
changes is documented in payroll file.
< Review payrolls to verify that all checks or calculation
preparation and authorisation have been done.
< Observe preparation of wage packets.
< Examine a sample of wage packets for evidence of receipt
(e.g. employee signature).
< Verify that liability accounts have been set up for personal
income tax, social contributions and pension contributions and
that such sums are paid over on due dates.
< Observe the use of time clocks.
< Observe payroll distribution unannounced.

12-26 © 2014 DeVry/Becker Educational Development Corp. All rights reserved.

Ali Niaz - ali.niaz777@gmail.com

F8 Audit and Assurance (INT) Session 12 • Tests of Control

7 Inventory Cycle

7.1 Control Objectives

To ensure that . . .

. . . damaged goods are not

Stage 1 accepted.
. . . goods cannot be
misappropriated.

Stage 2 . . . all movements are accurately

recorded.

. . . management has accurate/

Stage 3 timely information concerning
inventory levels.

7.2 Internal Control Examples

7.2.1 Goods Received
 See internal controls over goods received in the purchases cycle.
7.2.2 Goods Despatched
 See internal controls over goods despatched in the revenue cycle.
7.2.3 Inventory on Hand
 Appropriate physical safeguards. For example:
 gate controls over access to the warehouse;
 environmental controls (e.g. controlled temperature, fire
alarms);
 emergency equipment (e.g. sprinker systems);
 security guards and/or CCTV.
 Periodic (at least annual) comparison of goods on hand (as
determined by a physical count) with quantities shown in
inventory records.
 Senior personnel should physically inspect inventory for
obsolete, slow-moving, damaged or excess inventories.
 Raw materials, components, etc should be transferred to
production using pre-numbered materials requisitions and
sequence checks should be performed periodically.
 Goods sold awaiting collection or delivery should be held
securely in an area designated for that purpose.

© 2014 DeVry/Becker Educational Development Corp. All rights reserved. 12-27

Ali Niaz - ali.niaz777@gmail.com

Session 12 • Tests of Control F8 Audit and Assurance (INT)

7.2.4 Inventory Records

< GRNs and DNs used to update inventory records.
< GRNs and DNs evidenced as processed (e.g. stamped) and
filed numerically.
< Regular physical inventory counting, comparison of "book" v
actual quantities and investigated for discrepancies.

7.2.5 Overall Controls

< Duties should be segregated between:
= Purchasing
= Receiving
= Management of inventory on hand
= Despatch

7.3 Tests of Control

< Observation of regular physical inventory counts, including
performance of test counts.
< Tests of control over inventory purchases and sales were
covered in the sections on the revenue and purchases cycles.
< Review and test procedures for issuing materials to production
departments.
< Observe the physical safeguards over inventory.
< Review and test procedures for identifying obsolete, slow-
moving, or excess inventory.
< Review the comparison and reconciliation of book v actual
quantities.

12-28 © 2014 DeVry/Becker Educational Development Corp. All rights reserved.

Ali Niaz - ali.niaz777@gmail.com

F8 Audit and Assurance (INT) Session 12 • Tests of Control

8 Cash Cycle

8.1 Control Objectives

To ensure that . . .

Stage 1 . . . payments are only requested

for valid business expenses.

Stage 2 . . . payments are accurate and

take advantage of credit terms.

. . . cash/cheques are not

Stage 3
misappropriated.

. . . management has accurate/

Stage 4 timely information concerning cash
position.

8.2 Internal Control Examples

8.2.1 Request for Payment
 Standardised cheque requisition form should be used.
 Cheques or bank drafts should be prepared only after all
source documents have been independently approved.

8.2.2 Payment Authorisation

 Vendor statements should be reviewed and reconciled to
accounts payable record before payment is authorised.

8.2.3 Payment Made/Receipts

 See internal controls related to cash receipts from the
revenue cycle and cash payments related to the purchases
and payroll cycles.

8.2.4 Recording
 Monthly bank reconciliations should be prepared on a regular
basis (at least monthly).
 Bank reconciliations should be independently reviewed.

© 2014 DeVry/Becker Educational Development Corp. All rights reserved. 12-29

Ali Niaz - ali.niaz777@gmail.com

Session 12 • Tests of Control F8 Audit and Assurance (INT)

8.3 Tests of Control

< Inspect bank reconciliations and verify independent review.
< Observe preparation of prelisting of cash and/or cheques
received from customers.
< Test a sample of cash payments to supporting documentation
(invoices, GRNs, purchase orders and purchase requisitions)
for evidence of matching and authorisation of payment.
< Examine bank statements to verify that cash is deposited on
a daily basis.
< Review and test client's procedures for mailing statements
and handling disputes and complaints from customers.
< Review and test client procedures for the numerical sequence
of cheques.

12-30 © 2014 DeVry/Becker Educational Development Corp. All rights reserved.

Ali Niaz - ali.niaz777@gmail.com

F8 Audit and Assurance (INT) Session 12 • Tests of Control

9 Non-current Assets Cycle

9.1 Control Objectives

 Control objectives for the non-current asset cycle include the
control objectives for the purchases cycle, plus the following:
 To ensure that all material capital acquisitions and disposals
are approved by management and/or the board.
 To ensure that only capital expenditure is recognised as
an asset.
 To ensure that tangible and intangible non-current assets are
properly depreciated or amortised.
 To ensure that impairments are identified and accounted for.

9.2 Internal Control Examples

 Internal controls include the internal controls for the purchases
cycle, plus the following:
 Annual capital expenditure ("capex") budgets approved by
the board of directors.
 Detailed records including asset description, location,
acquisition date, cost, depreciation/amortisation method.*
 Periodic physical inspection of assets and comparison with
the asset register.
 Approval of useful lives and depreciation/amortisation *Typically this is
methods used. recorded in an
asset register (see
 Regular maintenance and servicing by suitably qualified Session 22).
engineers.
 Adequate appropriate insurance (e.g. buildings against fire
or flood, equipment against breakdown and vehicles against
accidents).
 Safekeeping of documents of title (e.g. title deeds to
property kept by the bank, vehicle registration documents
kept in a locked safe).

9.3 Tests of Control

 Test of controls include those for the purchases cycle, plus the
following:
 For a sample of material non-current assets acquired
confirm that approval is evidenced (e.g. signed capex
request or board minute). *For example, delivery
 Review asset register to confirm that it is up-to-date
vehicles leaving and
returning to depots,
and evidences regular physical inspection (e.g. date of or laptop computers
inspection and comment on physical condition). taken from the office
 Observe procedure of recording physical assets leaving/ to work from home.
being removed from the client's premises.*

© 2014 DeVry/Becker Educational Development Corp. All rights reserved. 12-31

Ali Niaz - ali.niaz777@gmail.com

 Summary
 General controls establish a framework for overall controls. They relate to many
applications and support the functioning of application controls.
 Application controls are manual or automated controls over transactions (input, processing
and output) and files. They can be preventive or detective and are designed to ensure that
transactions are authorised, recorded and processed correctly.
 Tests of control are audit procedures designed to evaluate the operating effectiveness of
internal controls.
 Tests of the operating effectiveness of controls must be performed when the auditor decides
to place reliance on them or when substantive procedures alone are not sufficient.
 Some substantive procedures must be carried out for all material account balances,
transactions and disclosures (regardless of the reliance on controls).
 The procedures used to test control effectiveness are inquiry, observation, inspection and
re-performance.
 Control testing only provides evidence of effectiveness at a point in time.
 When errors are found during control testing, the auditor must determine how they arose,
whether they are isolated or whether substantive procedures should be extended.
 Each control to be relied on must be tested at least once every three years and must be
tested in the current year if it has changed or relates to a significant risk.
 To answer exam questions related to internal controls, be able to specify control
objectives and control activities, suggest tests of control, identify weaknesses and make
recommendations.
 The relevant transaction cycles for F8 are revenue, purchases, payroll, inventory, cash and
non-current assets.

12-32 © 2014 DeVry/Becker Educational Development Corp. All rights reserved.

Ali Niaz - ali.niaz777@gmail.com

 Session 12

Session 12 Quiz
Estimated time: 30 minutes

1. Give examples of general controls. (1.1)

2. Give examples of application controls. (1.2)

3. Describe the relationship between tests of control and substantive procedures. (2.1)
4. List the procedures most commonly used when considering the operating effectiveness of
controls. (2.2)
5. Describe the purpose of control objectives. (3.1)
6. Draw a typical purchase cycle, listing the control objectives. (5.1)

Study Question Bank

Estimated time: 2 hours, 40 minutes

Priority Estimated Time Completed

Q15 Knits 40 minutes

Q16 Ibson 40 minutes

Q17 Eastwood Engineering 40 minutes

Q18 SHW 40 minutes

© 2014 DeVry/Becker Educational Development Corp. All rights reserved. 12-33

Ali Niaz - ali.niaz777@gmail.com

EXAMPLE SOLUTIONS
Solution 1—Prior Period Audit Evidence

 A weak control environment.

 Weak monitoring of controls.
 A significant manual element to the relevant controls.
 Personnel changes that significantly affect the application of
the control.
 Changing circumstances that indicate the need for changes in
the control.
 Weak general IT controls.

12-34 © 2014 DeVry/Becker Educational Development Corp. All rights reserved.

Ali Niaz - ali.niaz777@gmail.com

Solution 2—Purchases Cycle

Purchase requisition
Can goods be
received without Can goods be ordered
Purchase order
authorisation? without authorisation?

Goods received note Can a liability be raised

Can goods be for goods not received?
received without
Invoice
a liability being Can a liability be recorded
raised? for the wrong amount?
Purchase daybook
General Ledger Can a liability be raised
Dr Purchases for the wrong supplier?
Payables ledger
Cr PLC a/c

Key control question (a) Types of key (b) Possible test

control of control
1. Can goods be despatched but not Goods despatch note and Check cross-reference to
invoiced? invoice part of same set invoice for a sample of
(or otherwise matched) despatch notes and check
and sequence checked. for evidence of sequence
Regular reconciliation of check.
inventory per physical Check for evidence of
count to records regular reconciliations
and investigation of and ensure that they
differences. appear reasonable (i.e. no
unexplained differences).
2. Can invoices be raised but omitted from Posting to sales daybook Check initials/grid stamp
the sales daybook? evidenced on invoice (e.g. on a sample of invoices.
by grid stamp). Check for evidence of
Sales daybook entries sequence check (e.g.
are sequence checked evidence of investigation
to ensure all invoices of missing items).
entered.
3. Can invoices be raised but not recorded in Regular reconciliation of Review reconciliations
the sales ledger or the general ledger? total balances per sales and ensure that they
(i.e. receivables) ledger appear reasonable (i.e.
accounts and sales (i.e. no differences brought or
receivables) ledger control carried forward).
account balance.
4. Can receivables be improperly credited Authority for credit notes, Check for evidence of
by fictitious or incorrect credit notes, journal entries and bad authority on a sample of
journals, bad debt write-offs, cash debt write-offs evidenced. credit entries in the sales
receipts, etc? Regular reconciliations ledger.
of balances per sales Review reconciliations and
ledger accounts and sales ensure that they appear
ledger control account and reasonable.
bank reconciliations (and
differences investigated).

© 2014 DeVry/Becker Educational Development Corp. All rights reserved. 12-35

Ali Niaz - ali.niaz777@gmail.com

Solution 3—Tests of Control
Key control question (a) Types of key (b) Possible test
control of control
1. Can goods be despatched but not Goods despatch note and Check cross-reference to
invoiced? invoice part of same set invoice for a sample of
(or otherwise matched) despatch notes and check
and sequence checked. for evidence of sequence
Regular reconciliation of check.
inventory per physical Check for evidence of
count to records regular reconciliations
and investigation of and ensure that they
differences. appear reasonable (i.e. no
unexplained differences).
2. Can invoices be raised but omitted from Posting to sales daybook Check initials/grid stamp
the sales daybook? evidenced on invoice (e.g. on a sample of invoices.
by grid stamp). Check for evidence of
Sales daybook entries sequence check (e.g.
are sequence checked evidence of investigation
to ensure all invoices of missing items).
entered.
3. Can invoices be raised but not recorded in Regular reconciliation of Review reconciliations
the sales ledger or the general ledger? total balances per sales and ensure that they
(i.e. receivables) ledger appear reasonable (i.e.
accounts and sales (i.e. no differences brought or
receivables) ledger control carried forward).
account balance.
4. Can receivables be improperly credited Authority for credit notes, Check for evidence of
by fictitious or incorrect credit notes, journal entries and bad authority on a sample of
journals, bad debt write-offs, cash debt write-offs evidenced. credit entries in the sales
receipts, etc? Regular reconciliations ledger.
of balances per sales Review reconciliations and
ledger accounts and sales ensure that they appear
ledger control account and reasonable.
bank reconciliations (and
differences investigated).

12-36 © 2014 DeVry/Becker Educational Development Corp. All rights reserved.

Ali Niaz - ali.niaz777@gmail.com

Solution 4—Internal Control Deficiencies*

*Only FIVE were asked for.

Deficiency Implication Recommendation

Purchase orders are numbered  Orders could be placed on  Use pre-numbered purchase
manually. duplicated purchase order orders to ensure that all
numbers. These could orders can be sequentially
be placed with a supplier controlled (including those
without authorisation. that are cancelled before
the order despatch). Regular
sequence checks should
be carried out to identify
unfulfilled orders so that
appropriate action can
be taken.

Only a photocopy of the original  If a copy is not made or  Multi-part, pre-numbered

purchase order is made. is subsequently altered, order sets should be used:
incorrect quantities of goods 1. Retained in the
or incorrect goods may purchasing department;
be accepted. 2. Sent to the inventory
clerk to confirm the order
has been placed;
3. Sent to the warehouse;
and
4. Sent to the accounts
department

The warehouse has no  The warehouse may accept  The warehouse should
notification of what has been goods that have not been receive a copy of the
ordered. ordered. This would incur purchase order.
additional liabilities and/or  The warehouse manager
costs in returning goods. should agree goods received
(description and quantity) to
an authorised purchase order
before accepting them.

Orders do not show the agreed  Incorrect prices charged by  The agreed price for
price of the goods from the suppliers may go unnoticed the goods ordered (e.g.
supplier. and result in overpayment according to the supplier's
for the goods received. catalogue) should be
recorded on the purchase
order. A higher price on a
purchase invoice can then be
disputed.

Purchase orders are placed  Unauthorised or incorrect  Mr Wurm should sign orders
without authorisation. purchases could be made as evidence of authorisation.
committing the company to This should mean that the
goods it does not require goods are required (e.g.
or unfavourable payment from requisitions, budgets,
terms. inventory records) and that
the price is agreed.

© 2014 DeVry/Becker Educational Development Corp. All rights reserved. 12-37

Ali Niaz - ali.niaz777@gmail.com

Solution 4—Internal Control Deficiencies (continued)

Goods are stored on receipt  The company may incur  Goods should be physically
before any checks are made. liability for goods that have inspected by the warehouse
not been ordered (e.g. supervisor and agreed to the
an over delivery) or are purchase order before they
damaged. Costs will be are accepted.
incurred unnecessarily to  The warehouse supervisor
rectify such situations. should complete a pre-
numbered, multi-part Goods
Received Note (GRN):
1. to update order files so
that outstanding orders
can be identified;
2. to be agreed to the
purchase invoice; and
3. to update the inventory
records.

Inventory records are updated  Inventory records will be  Inventory records should
on the basis of suppliers' inaccurate if goods and/or be updated on the basis of
despatch notes. quantities according to the actual goods received as
despatch notes do not agree confirmed by the GRN raised
to those physically received. by the warehouse supervisor.
• Understated inventory
quantities may result
in goods being ordered
that are not needed
(incurring costs of holding
unnecessary excess);
• Overstated inventory
quantities may result in
"stock-outs" (incurring
costs of emergency
replenishment).

12-38 © 2014 DeVry/Becker Educational Development Corp. All rights reserved.

Ali Niaz - ali.niaz777@gmail.com

NOTES

© 2014 DeVry/Becker Educational Development Corp. All rights reserved. 12-39

Ali Niaz - ali.niaz777@gmail.com