CIA Test Preparation Part I Study Unit Five: Specific Controls June 2012
Agenda: Accounting Cycles and Associated Controls Management Controls
5.1 Accounting Cycles and Associated Controls Internal auditors apply engagement (audit) procedures to obtain sufficient, reliable, relevant, and useful information (evidence) to achieve the internal audit engagement s objectives. Substantive Testing Test of account balances to verify the correctness of the amounts. (1) tests of transactions (often conducted with compliance tests) (2) tests of balances (3) analytical review procedures. Test of Controls Test of the adequacy and effectiveness of controls to determine the effectiveness of accounting and control system procedures. Note: In the auditing phase, the auditor first carries "test of controls" to verify if the organisation's financial statements are worth relying upon. If the auditor is not satisfied with this, he then carries "substantive test" which is a comprehensive analysis.
Level of Comprehension Internal auditors should be proficient in analysis, synthesis, and evaluation. This principle applies not only in selecting procedures and evaluating controls but also in every other aspects of engagement work Analysis Results in understanding of situation, set of circumstances, or process. Analysis is a mean of understanding a whole by studying its parts and their relationships to each other and to the whole. Synthesis Developing standards and generalizations for a situation, set of circumstances, or a process. It is a means of combining individual components or parts to produce a whole. Evaluation Relating a situation, set of circumstances, or process to predetermined or synthesized standards. Evaluation usually include both analysis and synthesis.
Segregation of Duties The structure of the organization and the assignment of job duties should segregate responsibilities so that one individual is not able to perpetrate and conceal errors or fraud. For any given transaction, the following three functions should be performed in different areas of the organization. Authorization of the transaction Recording of the transaction Custody over the assets associated with the transaction
Organizational Hierarchy In a medium-sized or larger organization, adequate segregation of duties can be achieve by separating the responsibilities of the following corporate-level executives VP of Operations CAO (Controller) CFO (Treasurer) VP of Admin VP of HR Sales AR Cash Receipt Mail Room HR Purchasing Billing Cash Disbursement Warehousing AP Credit Receiving Shipping Production GL Inventory Cost Acct Payroll
Accounting Cycles Accounting process can be described in terms of five cycles: Sales to customers on credit and recognition of receivables Collection of cash from customer receivables Purchases on credit and recognition of payables Payment of cash to satisfy trade payables Payment of employee for work performed and allocation of costs In small-and-medium-sized entities, some duties must be combined. The internal auditor must assess whether organizational segregation of duties is adequate.
Sales-Receivables Cycle
Cash Receipts Cycle
Purchases-Payables Cycle
Cash Disbursement Cycle
Payroll Cycle
Key Concept: Internal auditors should be proficient in analysis, synthesis, and evaluation The following are cycles in the accounting process: 1. Sales-Receivables 2. Cash Receipts 3. Purchases-Payables 4. Cash Disbursements 5. Payroll
5.2 Management Controls Sawyer provides definitions of control and lists the means of achieving control. The following is a definition of control from an internal auditor s perspective: The employment of all the means devised in an enterprise to promote, direct, restrain, govern, and check upon its various activities for the purpose of seeing that enterprise objectives are met. These means of control include, but are not limited to, form of organization, policies, systems, procedures, instructions, standards, committees, charts of accounts, forecasts, budgets, schedules, reports, records, checklists, methods, device, and internal auditing.
Organization Organization, as a means of control, is an approved intentional structuring of roles assigned to people within the entity so that it can achieve its objectives efficiently and economically. 1. Responsibilities should be divided so that no one person will control all phases of any transaction. 2. Manager should have the authority to take the action necessary to discharge their responsibilities 3. Individual responsibilities always should be clearly defined so that it can be neither sidestepped nor exceeded 4. An official who assigns responsibility and delegates authority to subordinates should have an effective system of follow-up. 5. The individual to whom authority is delegated should be allowed to exercise that authority without close supervision. 6. People should be required to account to their superiors for the manner in which they have discharged their responsibilities. 7. The organization should be flexible enough to permit changes in its structure. 8. Organization structures should be as simple as possible. 9. Organization charts and manuals should be prepared.
Policies A policy is any stated principle that requires, guide, or restricts action. Policies should follow certain principles. 1. Policies should be clearly stated in writing in systematically organized handbooks, manuals, or other publications, and properly approved. 2. Policies should be systematically communicated to all officials and appropriate employees of the organization. 3. Policies must conform with applicable laws and regulations 4. Policies should be designed to promote the conduct of authorized activities in an effective, efficient, and economical manner. 5. Policies should be periodically reviewed. They should be revised when circumstances change.
Procedures Procedures are methods employed to carry out activities in conformity with prescribed policies. 1. Policies should be clearly stated in writing in systematically organized handbooks, manuals, or other publications, and properly approved. 2. Policies should be systematically communicated to all officials and appropriate employees of the organization. 3. Policies must conform with applicable laws and regulations 4. Policies should be designed to promote the conduct of authorized activities in an effective, efficient, and economical manner. 5. Policies should be periodically reviewed. They should be revised when circumstances change.
Personnel People hired or assigned should have the qualifications to do the jobs assigned to them. The best form of control over the performance of individuals is supervision. Hence, high standards of supervision should be established. 1. New employees should be investigated as to honesty and reliability. 2. Employees should be given training that provides the opportunity for improvement and keeps them informed of new policies and procedures. 3. Employees should be given information on the duties and responsibilities of other segments of the organization. 4. The performance of all employees should be periodically reviewed to see whether all essential requirements of their jobs are being met. Superior performance should be given appropriate recognition.
Accounting Accounting is the indispensable means of financial control over activities and resources. It is a framework that ban be fitted to assignments of responsibility. Moreover, it is the financial scorekeeper of the organization. 1. Accounting should fir the needs of managers for rational decision making rather than the dictates of a textbook or check list. 2. Accounting should be based on lines of responsibility. 3. Financial reports of operating results should parallel the organizational units responsible for carrying out operations. 4. Accounting should permit controllable costs to be identified.
Budgeting A budget is a statement of expected results expressed in numerical terms. As a control, it sets a standard for input of resources and what should be achieved as output and outcomes. 1. Those who are responsible for meeting a budget should participate in its preparation. 2. Those responsible for meeting a budget should be provided with adequate information that compares budgets with actual events and shows reasons for any significant variances. 3. All subsidiary budgets should tie into the overall budget. 4. Budgets should set measurable objectives. 5. Budgets should help sharpen the organizational structure.
Reporting In most organization, management functions and makes decisions on the basis of reports it receives. Thus, reports should be timely, accurate, meaningful, and economical. 1. Reports should be made in accordance with assigned responsibilities 2. Individuals or units should be required to report only on those matters for which they are responsible. 3. The cost of accumulating data and preparing reports should be weighted against the benefits to be obtained from them. 4. Reports should be as simple as possible and consistent with the nature of the subject matter. 5. When appropriate, performance reports should show comparisons with predetermined standards of costs, quality, and quantity. 6. When performance cannot be reported in quantitative terms, the reports should be designed to emphasize exceptions or other matters requiring management attention. 7. For maximum value, reports should be timely. 8. Report recipients should be polled periodically to see whether they still need the reports they are receiving or whether the reports can be improved.
Imposed control and self-control Imposed Control Imposed control is the traditional, mechanical approach. It measures performance against standards and then takes corrective action through the individual responsible for the function or area being evaluated. Self-Control Self-Control is an increasingly important approach. It evaluates the entire process of management and the functions performed. Thus, it attempts to improve that process instead of simply correcting the specific performance of the manager.
Key Concept: Sawyer lists the following means of control: 1. Organization 2. Policies 3. Procedures 4. Personnel 5. Accounting 6. Budgeting 7. Reporting
Thank you Alisa Glankwamdee, CIA E-mail : pangalisa@gmail.com Mobile: 081-949-4638