DAC 401: Principles and practices of auditing Lecture notes

1. Page 1 of 30
TYPES OF INTERNAL CONTROLS
The types of controls implemented by management will depend on the control objectives in each
accounting area.
(a) Organizational plans/controls
An organisation should have a pre- planned organisational chart which indicates:
1. Duties and responsibilities of each individual
2. Lines of reporting / lines of authority
3. Identify how duties should be delegated
BENEFITS OF ORGANISATIONAL CHART
i. It minimises conflict
ii. It boosts accountability
iii. It facilitates co-ordination
(b) Segregation of duties
This refers to the separation of duties and responsibilities which if combined create risk of error
and/or intentional manipulation of information i.e separation such that one person cannot process
and record complete transactions from beginning to the end without being checked by another
person. The following functions should thus be separated:
1. Initiation
2. Authorisation
Each levels of management should have authority limits to committing the company’s
resources. The authority limit should depend on the position, integrity, qualifications and
competence. Authorisation should be given to senior staff at each level of management.
3. Execution
4. Custody of the asset- officials authorising/executing a transaction should not have custody to
the assets arising out of the transaction.
5. Recording
(c) Physical controls
These are controls aimed at limiting access of company’s assets to authorized persons at
authorized times. Physical barriers should include barriers to access and use of documentation
which should be numbered and serialized. These controls are important for the following assets:
a) Stock
b) Cash
c) Small portable assets e.g jewelry
d) Computers and such portable peripheral devices

2. Page 2 of 30
Direct measures include:-
a) Lock and key
b) Watchmen or guards
c) Proper fence
d) Mirrors
e) Closed circuit TV’s
(d) Authorisation and approval
Authorization should be done by responsible persons. In other words a transaction that
commits organization’s resources should be subject to authorization and approval by a
responsible official. The limits for authorization should also be specified.
(e) Arithmetical and accounting control.
These are controls used to check the recording function of an organization to ensure that
figures in the financial statements are not only genuine but correct. The measures taken
include:
a) Use of standardised and pre-numbered documents at each level of transaction
b) Periodic checks of receipts
c) Use of trial balance
d) Trailing entries from the books of original entry
e) Reconciliations
f) Drawing control accounts
.
(f) Personnel Controls
Procedures should be designed to ensure that personnel employed by an organization are
competent, qualified and motivated to carry out the tasks assigned to them. These measures
will include:
a) Selection for hire of persons with requisite skills and competence
b) Commensurate pay
c) Career development programmes
(g) Supervision
It should be at all levels to ensure that operations are done as expected and that objectives
are being achieved. Management controls are manager’s non routine supervisory functions.

3. Page 3 of 30
The management should conduct managerial supervison and reviews using such tools as
budgets, forecasts, internal audits feedback etc
(h) Rotation of duties and vacations
Duties should be rotated between personnel at the same level to avoid perpetuation of errors and
fraud and to avoid boredom which may lead to innocent errors. Employees should be encouraged
to go on leave so as to:
a) Boost their moods
b) Minimize errors and fraud
c) Test the efficiency of the personnel on leave.
.
(i) Routine and automatic checks.
These are controls conducted on routine duties and operations to ensure efficiency and
minimize errors and frauds. Checks are done o surprise basis e.g petty cash count, wages
payment, stock control etc.
(j) Control on documents
Important documents should be kept securely under key and lock and used only after
authorization. Important documents include receipts, debit notes, credit notes, cheque
books etc.
(k) Acknowledgement of performance e.g through signatures, rubber stamps etc
Persons performing data processing should acknowledge their activities by means of
signatures, rubber stamps, standard form statements etc. If invoice calculations have been
checked, the person who has checked should sign as checked. This is for accountability
purposes.
(l) Authorization and approval controls
These are controls aimed at ensuring that all company’s transactions are properly
authorized by responsible persons whose authority is well defied e.g to purchase a major
asset such as land, approval has to come from shareholders and the authorizing document
is the minutes ( of AGM)
(k) Internal audit (discussed later)

4. Page 4 of 30
Q&A
How internal controls assist in detecting and preventing errors and frauds
Plan of the organization chart
- Defines accountability
- Flow of Authority entails inter-checking
Segregation of duties
- Account will entails inter-checking and thus fraud and error will be identified with ease.
- A person authorizing a transaction may want to perfect Ionate but the executor may lock the
fraud.
- A person – keeping assets may not agree to keep a fraudulent asset which has been acquired
by fraudulent means.
- Internal manipulation is reduced and this prevents frauds.
3. Physical controls.
Physical barriers such as closed circuit will show actual fraud when they are tempered with.
4. Authorization & Approval
- Unauthorized transactions will be a reflection of a chance of fraud.
- The person approving and authorizing will be able to detect a fraud.
- Exceeding the limits of authority will be an indication of fraud.
5. Arithmetic and Accounting Controls
- If the trial balance fails to balance there is an indication of errors.
- Out of balance accounts is an indication of errors or fraud
- Excessive changes of accounting figures will be queried. When certain information cannot be
received queries will be raised and if the information is not availed that would be a clear
indication of fraud.
6. Personnel
- Qualified people will perform their work competently and may not allow fraud to pass their
way.
- Properly remunerated personnel will expose frauds committed by lower level employees.
- High turnover of qualified personnel will serve as an indication of fraud.

5. Page 5 of 30
7. Supervision
- Supervisors are people of integrity thus they will review fraud perpetrated to avoid being
victimized.
- Managerial reviews out of balance budget will give a crue to frauds
- Strong supervision will ensure that all other controls works concurrently
- Declaration of supervision will leave room to frauds.
- Strong supervision will ensure that all other controls works concurrently.
- Declaration of supervision will leave room to frauds.
8. Relation of duties
- Once a person has been rotated the incoming person will dated any presence of frauds or
errors. This also implies to a person going on leave.
- In the process of handing over frauds may be detected by incoming person.
- Reluctance to be rotated or to go for leave may indicate the presence of frauds.
9. Routine and Automatic checks
- Checking a surprise moments catches perpetrators of frauds unawares.
- Periodic routine and automatic checks will detect errors and frauds perpetrated
- Breakdown in routine duties is a basis of detecting frauds and errors.
10. Control over documents
a) Missing pre-numbered or serialized documents will review fraud.
b) Tampering with kept documents will give clues to frauds
c) Unauthorized documents (forged) will review frauds.
d) Poor documentation e.g. lack of evidence will review frauds.
Advantages of Internal Controls
1. Ensures adherence to management policies.
2. They ensure that the assets and properties of the organization are safeguarded.
3. They ensure that the accounting records are complete for the purposes of preparing financial
statements.
4. They also ensure that the business operates in orderly and ethical manner.

6. Page 6 of 30
5. It boosts the confidence and give assurance to third parties / stakeholders in learning the
organizations operations.
6. It helps the auditor to obtain reliable evidence
7. It minimizes the cost of audit.
8. Facilitates accurate decision making process with accurate information from the controls.
9. Enables the auditor to avail to the management quality advice in the management letter
which will facilitate the company’s operations.
10. They reduce the sample size (number of entries to be checked) in a way that minimizes the
auditor’s workload.
11. Facilitates the growth of the company (viable going concern)
12. It reduces the liability of the auditor for if the systems are working properly the chances are
very high that the auditor will give an appropriate audit report.
13. It boosts the efficiency of the staff by segregation of duties , use of qualified staff and proper
use of organization chart.
Disadvantages/ Limitation of Internal Controls
1. It is expensive to install and maintain especially in small organisations.
2. It may lead to overreliance on the internal control system by the management and thus reduce
its supervision giving room to perpetration of errors and frauds.
3. If rigidly operated bureaucracy may set in making it a decontrol rather than a control
4. If not properly implemented it may lead to delays
5. Integrity competence and quality of management changes and this may lead to changes in the
controls.
6. Management bias – the company’s top management may make it difficult for the internal
controls to work or if in the first place it is no committal in the institution of control.
7. An internal control system may be weakened by environmental factor or poor working
conditions e.g. excessive humidity, noise, etc.
Compliance Testing
In the auditor wishes to place a reliance on the internal control systems, he should first
investigate various aspects of the internal control systems to ascertain.

7. Page 7 of 30
- Whether controls to meet specified objectives actually exists.
- Whether there are controls that prevents or detect particular specified errors or omissions. If
the control exist then the auditor should perform compliance test and this are tests conducted
to obtain reasonable assurance that the controls were functioning both properly and
throughout the period he is auditing. This is because the auditor may wish to place reliance
on the internal control in determining that all transactions have been reflected, accurately and
validity in the accounting records.
INTERNAL CONTROLS IN SPECIFIC AREAS
Most organizations need to put internal controls in the
1. Wages
2. Purchases and trade creditors
3. Sales and debtors
4. Stock and work in progress
5. Cash sales and collections
6. Cash and cheques received by post
7. Fixed assets
8. Investments
9. Payments through the banks
10. Cash balances etc.
The easiest way to design a system of internal control is to consider the following questions
1. Consider what could go wrong?
2. What are the implications? In other words the risks
3. Prevention and detective measures that are required to ensure that the matter does not go
wrong (this are the control procedures)
Wages and Salaries
The internal controls in wages and salaries will vary from organization to organization but the
procedures adopted will generally fall in the following categories.
1. Engagement
2. Promotion
3. Transfer

8. Page 8 of 30
4. Discharge of employees
5. Time attendance and job recording
6. Preparation of payroll and analysis of wages and salaries making up payment of wages
and salaries.
Risks associated with wages and salaries (what could go wrong)
1. Invalid or unauthorized payments
2. Failure to make payment on time.
3. Delays in correcting errors on the payroll
4. Unauthorized access to payroll
5. Fraudulent payment to leavers. Leading to financial loss.
Control objectives
To ensure that
1. Wages and salaries are paid to actual employees at authorized rates of pay.
2. To ensure that all wages and salaries are computed in accordance with records of work
performed e.g. if the payment is on time, rate, then payment should be paid for the actual
time worked.
3. Payrolls are correctly calculated
4. Payments /deductions are correctly accounted for and appropriately paid to third parties
e.g. P.A.Y.E, NSSF, HIF, Premiums, sacco’s.
Control Procedures / Measures Instituted by management
1. Separate record for each employee containing engagement date, age, next of kin, agreed
deductions and pay, skills, department and specimen signature.
2. Procedures for specifying officials responsible for engagements, retirements, dismissals,
fixing and changing pay rates.
Procedures should be laid down for notification of this matters to the personnel and wages
preparation department.
3. Time records should be kept e.g. a supervised clock wehre people clock in and clock out,
overtime should be authorized.
4. Output of piecework records should be properly controlled and authorized.
5. The payroll should be prepared by personnel’s who are unconnected with other wage duties
(another authorities cross checking)

9. Page 9 of 30
6. The wage envelops should be made by personnel independent of the wage roll preparation
team.
7. Unclaimed wages should be subject to special procedures e.g. Recording, custody and
investigation.
8. Make surprise attendance at payments i.e. the internal auditor or the management can make a
surprise visit to the people making payment during the pay session to observe how the
payment is conducted e.g. are the employees identifying themselves with an ID are they
signing when receiving pay etc.
9. Payment by cheque and credit transfers should be subject to special procedures e.g.
maintenance of a separate back account and reconciliations.
10. Deductions e.g. PAY, NHIF, NSSF, pension etc should be paid promptly and the control
totals reviewed, the deductions recorded on cards e.g. tax deduction cards.
11. Regular and independent comparison between personnel records and wages records.
Test of Controls (auditor tests)
1. Select a sample of time cards and test check the calculations against the amounts on the
payroll.
2. Pick a sample of personnel records and check for rates of pay, authorization of rates of pay,
leavers and joiners, personnel details
3. Select on the payroll and check to time, records to ensure that employees are only paid for
work done. Check personnel records to ensure employees exist and are being paid the correct
rate. Test, cast calculations with reference to tax rates and other payments to third parties.
Check to see the deductions are paid to KRA on five and that no unrecorded liabilities exists.
4. If wages are being paid out in cash, then the auditor should carry out the following
procedures.
a) Before the wages are paid compare the payroll with the wage packets to ensure all
employees have a wage pocket.
b) Check that no employee received more than one wage pocket
c) Check entries in the unclaimed wage book with the entries in the payroll
d) Check that reclaimed wages are banked immediately
e) Check whether the unclaimed wage book shows reasons why wages were unclaimed.

10. Page 10 of 30
CASH SYSTEM CONTROL
Control objectives
1. To ensure that all monies received are recorded.
2. All monies received are banked.
3. Cash and cheques are safeguarded against loss of theft.
4. All payments are authorized and are made to the correct paper and recorded.
5. Payments are not made twice for the same liability.
Control procedures
1. For cash received by post
a) Put measures to ensure that the post / parcels are opened by more than one person.
b) Ensure adequate measures are put in place to prevent interception of mails between
receipt and opening.
c) Post should be stamped and dated when they are re received and this helps to prevent
cash being received one day and the banking done days later.
d) All cheques and other negotiable instruments ob e immediately given a restrictive closing
e.g. a/c payee only or not.
e) There should be regular independent comparison of the post office with the banking
records.
f) The cashier and the sales personnel should not have access to receipts before the records
are made relating to the cash received and the cheques and postal orders received. This
records should first be made in a rough cash book.
2. Controls over cash collected by sales people
i) Authority to collect cash should be clearly defined.
ii) The salesmen should be required to remit cash and report sales at regular intervals.
iii) A responsible officer should quickly follow up salesmen who don’t submit up returns as
required by the organisation
iv) Collection should be recorded when received.

11. Page 11 of 30
v) Periodically a responsible officer should check the salesmen on receipt books with cash
book entries.
vi) If the salesmen holds stocks of goods an independent reconciliation of stocks with the
sales and cash received should be made.
vii) Cash received should be reconciled to the eventual banking.
3. Controls over cash sales and collections
a) Cash sales should be recorded when the sale is made normally by the use of a cash sales
invoice.
b) If a cash sale invoice is used, then they should be pre-numbered and a register
maintained. Copies of the cash sales invoice should be retained.
c) Cash received should be reconciled daily with the till roll or the invoice totals
d) Daily banking should be checked against the till roll or invoice total and any difference
investigated.
e) A responsible official should sign cancelled cash sales invoices at the time of
cancellation. All such invoices should be pre-numbered.
f) Customers should be made aware that they must receive a receipt when they buy goods
for cash
g) There should be investigation of short sales and over sales.
h) Describing and limiting the number of persons authorized cash e.g. cashiers or sales
assistants.
i) Appointment of officers with the responsibility of emptying cash registers at prescribed
intervals and agreeing the amount percent with till roll totals.
j) Rotation of duties and cover for employees on holiday or sick leave.
4. Controls over cheque payments
a) Unused cheque should be in safe custody.
b) The person who prepares the cheque should have no responsibility over purchases ledger and
sales ledger functions
c) Cheques should be signed only when evidence of approval of a transaction is availed.
d) Cheques signatories should be restricted to a minimum of two or three.
e) The signing of blank cheques in favour of signatories or any other payee should be
prohibited.

12. Page 12 of 30
f) Supporting documents should be cancelled as paid to prevent the use of the same to support a
further cheque payment
g) Returned cheques may be obtained from the bank and this should be chequed against the
cash book entries and supporting documentation.
5. Controls over petty cash
a) The level of petty cash or float should be laid down formally.
b) There should be restricted access to the floats. Cash should be hold securely in a lock drawer
with restricted access to the keys.
c) The imprest system should be used to reimburse the floats.
d) The recipient of the petty cash should first sign the petty cash vouchers and get approval
through signing from authorized officer
e) Periodically the petty cash should be reconciled by an independent person.
f) Rules should exist to prevent the use of IOUs
g) A maximum amount should be placed on the petty cash to ensure that the petty cashier does
not run out of cash to disburse.
Controls on purchaser and creditors
Cycle of purchasers
Control objectives
Stories raise an
requisition
Payment Purchasing Dept.
raise an order
Record the
invoice
Accounts Dept.

13. Page 13 of 30
1. To ensure that purchases for goods and services are ordered under proper authority and
procedures.
2. To ensure that goods and services are only ordered in quantity’s and quality and at the best
terms available after appropriate requisition and approval.
3. To ensure that purchase of goods and services are only ordered as necessary for the proper
conduct of the business operations and are ordered from suitable suppliers.
4. To ensure that goods and services are properly inspected for quality and quantity when they
are received.
5. To ensure that all goods and services invoiced are properly recorded in the books.
6. To ensure that all invoices are checked against authorized orders and that the receipt of the
subject matter is in a good condition.
7. To ensure that invoices are all related documents are properly checked and approved as being
valid before being entered as trade creditors.
Control procedures over purchases and creditors
a) Orders
i) Requisition notes for purchases should be authorized.
ii) All orders should be authorized by a responsible official whose authority units should be
predefined.
iii) Major expenditure e.g. capital expenditure should be authorized by the board.
iv) All orders should be recorded on official documents showing suppliers name, quantity
ordered and the price.
v) There should be procedures of evaluating the various prospective suppliers in terms of
prices, terms of trade quality, reputation.
vi) A copy of the order should be retained as a method of following up delayed deliveries by
the suppliers.
vii) The LPO’s and requisition note should be kept under key and lock.
b) Receipt of goods
i) Goods inward centres should be identified to deal with receipt of all goods.
ii) All goods received should be checked for quality and quantity.

14. Page 14 of 30
iii) GRN’s should be raised for all goods accepted and the GRNs should be checked by a
responsible official.
iv) GRN’s should be checked against the LPO and procedure should exist to notify the
supplier of under or over deliverances.
v) GRN’s should be sequentially numbered and checked periodically for completeness.
c) Invoicing and returns
I) Purchase invoices should be matched with GRN and should not be processed until this is
done.
II) The invoices should be checked against LPO’s and GRN’s and the cost should be
checked as being accurate and invoices should be signed and approved for payment
by a responsible official independent of ordering and receipt of goods functions.
III) Input VAT should be subtraded form the expense
IV) Batch controls should be maintained over the posting of invoices to the purchases day
book, the nominal ledger and the purchases ledger.
d) Recording
i) A purchases ledger control A/c should be maintained and regularly checked against
balances in the ledger by an independent official.
ii) Purchase ledger records should be kept by persons independent and the ones who actually
do the payment
iii) Statements from supplier should be checked against purchase ledger A/c
7. Credit sales and Debtors.
Control objectives
1. To ensure that customers orders are authorized, controlled and recorded in order to execute
them promptly.
2. To ensure that credit sales are only made to credit worthy customers.
3. To ensure that all sales on credit are invoiced, authorized and that authorized prices are
changed and issues relating to discounts, VAT are taken into account.
4. To ensure that all customers claims are fully investigated before issuing credit notes.
5. To ensure that every effort is made to collect all the debt.

15. Page 15 of 30
Internal control measures or procedures
a) Orders
i) All customers order should be checked against the customer’s account and they should be
widened by
ii) Any new customer should be referred to the credit control department before the order is
accepted. The credit control department should have procedures loud down for verifying
the credit worthiness of the customers be it and individual or an institution.
iii) For the existing customers a credit limit should be present and before an order is accepted
it should be ascertained whether this limit will be exceeded or not if the order is accepted.
If it will be exceeded then the matter should be referred back to the credit control dept.
iv) All customers orders received should be pre-numbered.
v) All orders should be authorized and their goods dispatched.
vi) A sales order should be used to produce a goods dispatch Note (GDN) for the goods
outward department. No. goods should be dispatched without a (GDN)
b) Dispatch
i) Dispatch note should be pre-numbered and a register kept for them.
ii) GDN should be authorized as goods leave and a designated official signing as a prove
that the goods that are in the dispatch note are actually the ones that have left. This
can be done in two stages i.e.
(i) As the goods leaves the store
(ii) As they leave the gate.
iii) Alongside the GDN a delivery note and a packaging note can accompany the
consignment.
Invoicing and credit notes
i) Sales invoices should be authorized by a responsible official and referenced to the
original sales order and GDN.
ii) All invoices and credit notes must be entered i.e. the sales day book and the sales return
day book respectively and the same should be posted to the sales ledger and the
nominal ledger.
Batch control totals should be maintained for their purposes.

16. Page 16 of 30
iii) Sales invoices and credit note should be checked for prices and calculations by a person
other than the one preparing the invoice.
iv) Copies of cancelled invoices should be maintained.
v) Credit notes should be authorized by someone not connected with the dispatch or sales
ledger functions.
vi) Any invoice cancelled should lead to cancellation of the appropriate dispatch note.
vii) Cancellation or changes in the invoices should signed by a responsible official.
Returns
i) Any returns by customers should be checked for obvious damages and when accepted a
document should be raised.
ii) All goods returned should be recorded by means of Goods Return Note and appropriate
credit Note issued to the respective customer.
e)Debtors
i) A sales ledger control account should be prepared regularly and checked with the total
individual sales ledger balances by an independent official.
ii) Statements should be sent regularly to the customers.
iii) Formal procedures should exist for following up overdue debts.
iv) Letters should be sent to customers for collection of overdue debts
f) Bad debts
1. The authority to write off bad debts should come from a responsible official and
adjustments made in the sales ledger.
2. The use of court action or writing off of bad debts should be authorized by an official
independent of cash receipts function.
g) Stocks and WIP
Internal control objective
i) To ensure that stock is protected against loss or misuse.
ii) To ensure that all stock movements are authorized and recorded.
iii) Stock records only include items that belong to the organization
iv) Stocks records includes stocks that exist.
v) The costing system of the values of stock is collect.

17. Page 17 of 30
vi) The levels of stocks held are reasonable
vii) Stock is safeguarded against loss, pilferage, or damage.
viii) Allowances are made for slow moving, damaged or obsolete stock.
Control procedures to achieve the objectives
i) Issues form the stock should be made from properly authorized requisition.
ii) There should be a separate record for each type of stock.
iii) Stock records should be maintained by personnel independent of the staff responsible for
purchasing and custody of the goods.
iv) Documentation should be controlled by use of controlled five numbered forms with
regular sequenced checks.
v) Any receipts and issues should be recorded on stock
vi) Stock levels should be periodically checked against the records by any independent
person
vii) Where continuous stock records are not continually kept a full stock take should be
carried out at least once a year.
viii) Maximum and minimum stock levels should be predetermined and regularly
reviewed.
ix) The recorder quantities should be predetermined and regulation revered for adequacy
x) Separate centres should be established where goods are held.
xi) Delivery of goods from suppliers should pass through the goods inward section to the
stores and all goods should pass through the stores, recorded and checked as received.
xii) Access to the stores should be restricted.
xiii) WIP and finished goods stocked should be valued correctly by including direct
costs such as direct labour, direct material cost, etc.
Fixed Assets Internal Controls Objectives
1. Fixed assets are correctly recorded and properly maintained.
2. Acquisition and disposal of fixed assets are properly authorized.
3. Acquisition and disposal of fixed assets are for most favourable price.
4. Fixed assets are properly recorded and appropriately depreciated and written down
where necessary.

18. Page 18 of 30
Control procedures
1. Such budgets if accepted should be agreed by the board and minted.
2. Application for authority to incur capital expenditure should be submitted to the board of
approach and should contain reasons for the expenditure.
3. Disposal of fixed assets should be authorized and any proceeds from the sales should relate
to the authority.
4. A register of fixed assets should be maintained for each major group of assets.
5. The register should identify each item within the group and container details of cost,
accumulated dept disposals and NBV.
6. A physical inspection of fixed assets should be carried out periodically and checked to the
fixed assets register. Any discrepancies should be noted and investigated.
7. Dept rate should be authorized and a written statement of the policy produced.
8. Department should be reviewed annually to assess the need for changes in the light of profits
/ losses and disposal and new technology.
Control over procurements
Control objectives
1. The business has goods and services when it needs them.
2. The business does not pay too much for the goods and services.
3. The business doesn’t make short term savings on goods and services which lead to long term
losses.
4. Employees or supplier do not defraud the company.
Control
1. The business to always involve tenders for goods and services.
2. Researcher conducted on potential suppliers.
3. No transactions are carried out with employees or connected persons.
Human Resources
Control objectives
1. Sufficiently qualified and capable staff are available who??
2. There is no significant overreliance on key personnel
3. Staff are paid the correct remuneration and on a timely basis

19. Page 19 of 30
4. Staffs are contented and are not prone to industrial action or seeking alternative employment.
5. Employment laws are complied with.
Controls
1. The business has a long-term human resource requirement plan.
2. The salary is benchmarked against the market rates.
3. Performance of staff should be regularly and formally appraised.
4. Lon term succession planning is undertaken.
5. Staff are adequately trained.
ASCERTAINING, RECORDING AND ASSESSING ACCOUNTING AND INTERNAL
CONTROLS SYSTEMS
THE ACCOUNTING SYSTEM
This is defined as a series of tasks and records of an entity by which transactions are processed as
a means of maintaining financial records. The system identifies, assembles, analyses, calculates,
classify, record, summaries and report transactions and other events. The auditor should gain an
understanding of the accounting system sufficient to identify and understand.
a) The major classes of transaction in the entity’s operation
b) How this transactions are initiated.
c) Significant accounting records and supporting documents
d) Accounting and financial reporting processes from…..
Techniques of Ascertaining the accounting & ICS
1. Reference to the existing systems notes.
2. Discussion with the owner or the management
3. Use of internal control questionnaires
4. Obtain the client’s system manual
5. Inspect the client’s systems or format of accounting records including copies of special
forms used.
6. Observation of procedures.
7. Discuss with internal auditors to obtain their explanation and review their programme which
of cause is part of the system.

20. Page 20 of 30
8. Use of walk through tests and this are limited depth tests aimed at ascertaining the existence
and the strength of ICS
NB: In practice the work of ascertaining and recording and evaluating may be done in parallel.
But for study purposes we will separate the three activities.
Recording the system
Techniques of recording the system.
1. Systems notes or narrative notes
2. Descriptive questionnaires
3. Flow charts.
Narrative notes / systems notes
This are short notes on accounting and internal control systems. They describe and explain the
system and at the same time making any comment or criticism which will help demonstrate n
intelligent understanding of the system on the part of the auditor.
Flow charts
This are diagrammatic representations of the company’s procedures designed to show the
movement of documents and accounting functions. Any description in the flow line or blocked
flow indicates a weakness in the ICS.
Methods of flowcharting
1. Document flow chart
2. Information flow chart.
Document flow chart.
This flow chart shows how documents flow from the start to the end and all the operations and
controls are shown.
Information flow chart.
This starts with the entry in the general ledger and work backwards to the actual transaction.
Design of a flowchart.
1. It should be simple.
2. It should conform to standard symbols.
3. Should have no loose ends i.e. should be continuous
4. Connecting lines should only cross when it is absolutely necessary.

21. Page 21 of 30
Advantages of flow charts.
1. Quick to prepare and involve little expenditure.
2. They are easy to follow and review of information is presented in a standard form.
3. Ensures that the system is recorded in its entirely
4. Eliminate extensive narrative.
Disadvantages
1. Used to record the flow of documents and over the records or assets crystalise they can
no longer be used for describing the controls thereafter.
2. Amendments may be difficult without redrawing.
3. Time can be wasted in charting areas that are not of audit significant.
Questionnaires
This are sets of questions posed by the auditor to be answered by the client directly or indirectly.
They require short answers which briefly describes he internal control processes and the
accounting processes. This questionnaires are referred to as internal control questionnaires and
when preparing the internal control questionnaires the following steps should be followed:-
1. Breakdown each section of the system into appropriate sections.
2. Phrasing questions calling for a detailed description of the system.
3. Additionally posing question to assist in the identification of the various controls.
Example of questions dealing with goods received procedures for a purchase system which
will be suitable for inclusion in a descriptive procedure.
1. Are the receipts of goods at all locations recorded?
2. By what means is such a receipt recorded?
3. Who prepares the receiving records?
4. How many copies are there for receiving records and to whom are they dispatched?
5. Are receiving records prenumbered?
6. What system is there for ensuring that all goods received have been properly ordered?
7. Are goods received examined for quality and quantity and what evidence is there for such
an examination.

22. Page 22 of 30
Evaluating or assessing the strength of internal control and the Accounting systems.
Techniques.
1. Internal control questionnaires
2. Use of systems notes
3. Use of third party confirmation (circularization)
4. Use of compliance tests.
5. Use of substantive tests
6. Observations
7. Flow charts
8. Analytical reviews
9. Use of depth tests / audit in depth
10. Use of walk through tests.
INTERNAL CONTROL QUESTIONNAIRES (ICO)
This is a set of questions posed by auditors and to be answered by the client and they require
very short answers such as yes/no/ not applicable. Where a yes answer is given it indicates the
strength of ICS and no answers OR n/a indicates the weakness of ICS. There are two types of
question.
1. ICQ
2. Internal control evaluation questionnaire (ICEQ)
ICQ
1. This questions ask whether there are control which meets specific control objectives.
ICEQ
This are questions asked to determine whether these are controls which prevent or detect specific
errors or and omissions that could occur at each phase of appropriate cycle if controls are weak
e.g.
Ordering and granting of credit
ICQ’s

23. Page 23 of 30
1. Are references obtained for all new customers?
2. Have all new accounts on the sales ledger being authorised by senior staff?
3. Are debtors statements prepared and sent out regularly?
4. Are overdue accounts follow up?
5. Does management authorized all bad debts written off?
ICEO’s
1. Is there a reasonable assurance that goods are sold on credit to credit worthy customers?
2. Is there a reasonable assurance that sales are properly authorized?
3. Is there a reasonable assurance that debtors statements are prepared and sent?
4. Is there a reasonable assurance that bad debts are authorized?
Advantages of ICQ & ICEQ
1. Ensures that all controls are considered.
2. Quick to prepare
3. Easy to use and control
Disadvantages
1. The client may overstate the control
2. They may contain a large number of irrelevant controls.
3. May not include unusual controls.
4. They give the impression that all controls there equal weights.
Systems Notes
This is a record of ICS which describes the operation of the entire ICS and outlines where the
ICS is weak and
EVIDENCE
1. Use of Third Party Confirmation (circularization)
An auditor uses such a source to gain valuable and reliable information from such sources as
debtors, creditors, bankers, lawyers, valuers etc. any difference between third party evidence and
the evidence from the company’s own ledger is a sign of a weak ICS. Normally evidence from
third parties (external evidence) is more reliable than the ICS.
2. Use of compliance tests

24. Page 24 of 30
This are tests which will analyse the clients records and reconciled systems to ascertain whether
they are working as described.
3. Substantive tests.
This are tests on balances designed to test the accuracy and reliability and validity of the
company’s balances that have been included in the books of accounts mostly in the balance
sheet.
4. Observations
This techniques reveal deviation for normal usual conduct of operations e.g. variance, deviations
from budgets or other policies.
5. Flow charts
This are diagrammatic representations of the company’s procedure designing the movement of
documents and accounting functions. Any disruption in the flow liens or blocked flow lines is an
indication of weakness in the ICS.
6. Analytical Reviews
This are trend measurements aimed at analysing the company performance using ratios to
determine the changes. This could use averages, percentages etc to ascertain changes in
performance which if not justified could indicate weakness in the ICS e.g. G.P. margin, G.P.
Markup, rate of stock
7. Use of Depth Test /Audit in Depth
This entails the checking of a transaction through the various stages of recording analysing each
stage to ascertain whether the controls are working throughout such stages.
8. Use of walk through tests.
This are limited depth tests aimed at ascertaining strength or weakness of an ICS.
Internal check: internal audit come here.
Action to be taken by the Auditor if the IS weak.

25. Page 25 of 30
1. He should bring such weaknesses to the attention of the management immediately and
request correction measures to this effect.
2. He should change his audit approach in the areas where the ICS is weak from systems based
audit to vouching audit together with audit in depth where such weaknesses are pronounced.
SYSTEM BASED AUDITING
Is an approach is auditing used by the auditor if the ICS are found to be strong. It involves
ascertaining recording and evaluating the ICS and if the evaluation of ICS is strong apply tests to
confirm that the system is being followed and is operating throughout the period. This tests are
defined as compliance tests follow up with a limited number of substantive tests which are
defined as tests of transactions and balances and other procedures such as analytical reviews
which seek to provide audit evidence as to the completeness and validity of information
contained in the accounting or in the financial statements.
Vouching Approach
This is the examination and analysis of each transactions of a business together with the
supporting documents and this is done to satisfy the auditor that the transactions.
Another approach is the risk based auditing.
The auditor should increase the substantive tests i.e. check more balances to avoid proud in such
balances.
QUESTION : (Q &A)
Write a management letter indicating the specific areas of weaknesses and
recommendations.
1. Increase the sample size
2. If the weakness persists inform the shareholders.
3. Record the weakness in his working papers so that in subsequent audits he will know w
here it concentrate his audit effort in future.
4. Change the timing of the audit procedures so that he starts early to allow him time to do
more tests.
5. Use sufficient audit evidence i.e. gather more than one audit evidence for areas where the
internal control are weak

26. Page 26 of 30
6. If the internal controls are too weak then qualify the audit report.
Purposes of management letter
1. To report to the management the weaknesses in respect to the ICS.
2. To provide recommendations for the corrections
3. To identify the implications of the weaknesses on the financial statement true and fair
view.
Contents of management letter
1. Description of the internal weaknesses in the ICS.
2. The implication of the weakness in future audits
3. The implication of the weakness on the financial statements
4. The suggested recommendations to correct the weakness.
The management letter is sent by the auditor to the client management on the completion of the
audit work, after the accounts have been adopted by BOD and after the representation letter have
been received by the auditor.
AUDITORS USE OF ICS
The auditors objective in evaluating the testing the ICS is to determine the degree of reliance
which may place on the information contained in the accounting records. If he obtains reasonable
assurance by means of compliance test that the internal controls are effective in ensuring the
completeness and accuracy of the records and the validity of the entries therein he may limit the
extent of substantive test.
Internal checks
This are defined as the independent automatic routine check whereby
1. The work carried out by the officer is automatically checked by another officer for
authenticity, completeness and accuracy.
2. The officer checking the work must be a senior officer and it not senior should be more
experienced.
3. Internal check system is part of the ICS.
Differences between ICS and internal check system

27. Page 27 of 30
ICS
1. This is a broad spectrum of controls aimed at ensuring that the organization is running
efficiently.
2. It can be manned by one person
3. It is necessary for all businesses regardless of their size.
4. It is operated by qualified and competent personal
5. A weak ICS may lead to a qualified report.
INTERNAL CHECK SYSTEM
1. This is aimed at mainly preventing errors and fraud.
2. Requires a minimum of 2 people to be effectively cared out
3. Ideal for large companies which requires strong segregation of duties
4. Can be manned by any person regardless of his qualification
5. A weak internal check system may not lead to a qualified report.
Internal Auditing
Internal audit is a department which is set up and maintained by the management to assist them
carrying on the business in an efficient and orderly manner. Internal auditing is an independent
objective assurance and consulting activity designed to add value and improve the organizations
operations. It helps the organizational accomplish its subjective by brining a systematic
disciplined approach to evaluate and improve the control governance process. It is an
independent appraisal of activities within an organisation aimed at ensuring management
operates efficiently so as to manage the business better. It is a managerial tool which acts as a
watchdog over the company’s entire ICS.
Areas falling under internal auditing
1. Independent appraisal of activities.

28. Page 28 of 30
When an organisation is large with many depts., there is need to ensure that everything is
running on well. This can only be done by an impartial assessor. For the internal auditor to be
effective in this area he must be:
i) Free to review the company’s operations independently
ii) He must enjoy everyone’s support
iii) He should report to the BOD and should not be involved in developing any of the
systems he is appraising so that he can be independent but he can give his advice and
recommendations on various systems developments.
2. Role within t he management.
He has a role of appraising and advising the management.
3. Review of operations
He reviews the financial and accounting activities and assist his managers discharge their
responsibilities by giving them objective analysis, appraisals and recommendations. The
internal audit department review show far the company has follow the laid down procedures
and reviews the actual performance against standards such as budgets. Reviews the quality of
performance of different departments and also reviews the safeguard of the company’s assets
and the reliability of the data provided to the management for decision making.
4. In the area of services to the management
Besides appraising and advising the management the internal auditor is an aid to the
management. He enables the management to manage the business better by
i) Instigating collective action.
ii) Reviewing data processing department
iii) Being available on demand to all departments for consultative purposes and suggestions.
For him to do the above effectively he should be familiar with corporate policies and the nature
of controls in the organization and he must have a holistic approach view of the company.
Duties of An internal Auditor
1. Appraising financial and accounting activities
2. Assessing the extent to which the company’s procedures and policies are being adhered
to or followed.

29. Page 29 of 30
3. Review the ICS and the accounting system. NB: He should not be involved in
developing it but he only give recommendations and advise.
4. He acts as a preventive measure against errors and fraud through consistent checks.
5. Acts as a feedback to the management regarding the success so failure of the company’s
operations and procedures.
6. Conducts investigations to fraud and error
7. He does routine jobs such as examining the books of accounts verification of assets and
liabilities etc.
8. Issuing reports to the management on findings and giving suggestions
9. Monitors the effective working of ICS.
Relevance of Internal Auditors Work of the External Auditors.
Factors to be considered by the external auditor before placing reliance on the internal auditors
work.
1. The professional qualification and professional due care. The external auditor should
consider whether the work of the internal auditor appears to be done in a professional
manner.
2. Technical competence. The external auditor should also consider the technical
3. Degree of independence. An internal auditor must be independent and communicate freely
with the external auditor who should be able to receive all internal audit reports he requires.
4. Scope and objective of internal audit.
The internal auditor should consider the scope and the extent of the work performed in specific
arrears by the internal auditor and assess the sufficiency for the work to yield a good report.
5. Reporting standards.
A useful internal auditor will provide high standard reports which are well planned, supervised
and well documented. If the reporting standards portrayed are high then the external auditor can
use the internal auditors work.
6. Level of resources available. Consider if the internal auditor had adequate resources.
(Q&A) The work of internal auditor that can be used by external auditor:

30. Page 30 of 30
1. Preparation of supporting schedules e.g. debtors and creditors schedules.
2. The external auditor can use the internal auditor to provide him with details of known
problems e.g. errors and frauds suspected.
3. The internal auditor will give the external auditor a wider coverage in the audit work by
visiting branches, attending stock take, etc.
4. Pinpointing the weak areas of the ICS.
5. The external auditors can use the internal auditor’s working papers to gather audit evidence
concerning the company’s operations and programmes.
6. The presence of the internal auditor in an organization
7. He can undertake verification of assets particularly ones that the external auditor may not
have a chance to verify.
8. He can assist in making queries.
(Q&A)
Reasons for the fast growth of internal auditor department
1. The growth in size of businesses
2. Increase in the need to comply with legislative requirements.
3. Increase in the use of electronic data processing (EDP)
4. Changes its environment leading to necessary changes in the management attitude. The
appraisal is effectively done by the internal auditor.
5. The growing need of a company to have established means of controlling and improving
situations so as to remain competitive.
6. The increase in mergers and acquisitions requiring expert control in consequently formed
companies and the internal auditor provides such controls.