Chapter 11 - Appedix: systems risks and controls Flashcards Preview

P3 - Risk Management > Chapter 11 - Appedix: systems risks and controls > Flashcards

Flashcards in Chapter 11 - Appedix: systems risks and controls Deck (41)
Loading flashcards...
1
Q

Sales + distribution systems - risks associated with sales systems:

A
  • Customers being allowed credits that are not genuine
  • Goods being supplied to a poor credit risk
  • Customers being invoiced for wrong amounts
  • Failure to record sales completely in accounting records
  • Goods being supplied to a fraudulent comp or location
  • Debts being written off for inappropriate reasons
2
Q

Sales + distribution systems - controls for ordering and granting of credit:

A
  • Segregation of duties between granting of credit and ordering functions
  • Procedures for granting credit - obtaining trade references, credit checks, authorisation of terms by staff and regular review
  • Controls for manual system orders - pre-numbered order forms, matching of order and dispatch notes
3
Q

Sales + distribution systems - controls over dispatching and invoiving:

A
  • Dispatch only on sales order and examination and recording of goods outwards
  • Customers should sign for deliveries on delivery notes
  • Checks on goods returned
  • Dispatch notes should be matched to invoices
  • Other checks on invoicing = price lists, checks of pricing on individual invoices sequential numbering
4
Q

Sales + distribution systems - controls over recording, accounting and credit control:

A
  • Different staff should be responsible for recording sales and dealing with issue of customer statements
  • Cash receipts and remittance advices should be matched to sales invoices
  • Review of dates of sales should take place to ensure cut-off is maintained and sales are recorded in the correct period
  • Credit control = send statements to customers, reconcile sales ledger control account, review and follow-up on overdue accounts
  • Bad debts to be written off should be authorised by senior managers
5
Q

Purchase + expenses system - Risks associated with purchases system:

A
  • Payments being made without being properly authorised
  • Payments being made for goods that are not received/ wrongly valued
  • Goods being received without liabilities being recorded
  • Suppliers’ accounts being improperly debited/ credited
  • Goods being returned or credit being claimed and not being recorded
  • Payments being made for duplicate/ inflated invoices
  • Payments being made on basis of falsified documentation
  • Suppliers being chosen for inappropriate reasons
6
Q

Purchase + expenses system - controls for ordering:

A
  • Segregation of duties between requisitions and ordering
  • Choice of suppliers determined by central purchasing policy
  • Require evidence of requirements for purchase
  • Orders only made on receipt of official order form
  • Pre-numbering and safeguarding of order forms
  • Orders not received should be followed up
7
Q

Purchase + expenses system - Controls for receipt of goods and invoices:

A
  • Checking quality, quantity and condition
  • Receipts should be recorded on pre-numbered GRN
  • GRN’s should be compared with purchase orders
  • Suppliers invoices should be checked to earlier documentation
  • Procedures for returning goods to suppliers and obtaining credit notes
8
Q

Purchase + expenses system - controls for accounting for purchases

A
  • Segregation of duties between accounting and other functions
  • Maintenance of purchase ledger
  • Statements received from suppliers should be reconciled with purchase ledger balances
  • Purchase ledger balances should be reconciled with purchase ledger account
  • Should be cut-off procedures to ensure purchases are recorded in right year
9
Q

The wages system - Risks associated with wages system:

A
  • Payroll including invalid entries
  • Payments being made to individuals which differ from names or amounts shown on payroll
  • Failure to account for statutory tax deductions correctly
10
Q

What is zero-hours contracts?

A

People only working when they are required

11
Q

What is gig economy?

A

People only being paid for a specific job

12
Q

The wages system - controls for setting of wages and salaries:

A
  • Maintenance of personnel records independent of payroll system
  • Wages + salaries should be regularly reconciled to personnel records
  • Records of hours worked should be regularly reviewed
  • Changes and special arrangements should be fully recorded and changes authorised (e.g. engagement and discharge of employees, amendments to pay rates, overtime etc.)
13
Q

The wages system - controls over payment of wages/ salaries and deductions:

A
  • Cash wages requires security arrangements which covers custody of pay packets and arrangements for safe transit to place of distribution
  • Employees may only collect their own wages and must provide verification of identity
  • Bank transfers should be compared to payroll and between payroll and wages and salaries ledger account
  • Even small discrepancies should be investigated
  • Establishment of adequate controls over calculations and authorising deductions
  • Reconcile deductions
14
Q

The wages system - controls for recording of wages and salaries:

A
  • Preparation of pay sheets should be delegated to a suitable person
  • Segregation of duties
  • Subsequent checks should be available where automatic wage-accounting systems are used
  • Reconciliations with = previous weeks payroll, clock cards /timesheets /job card and costing analyses and production budgets
  • Total of salaries should be reconciled with previous week/month or standard payroll
15
Q

Cash systems and loans - risks associated with cash and loans:

A
  • Misappropriation of cash receipts
  • Failure to record cash receipts and payments
  • Payments being made without authorisation or supporting documentation
  • Payments being made on basis of falsified documentation
16
Q

Cash systems and loans - Controls for cash at bank and in hand (receipts)

A
  • Completeness of recording - without this, insufficient audit evidence will be available
  • Segregation of duties - receiving and recording cash when it arrives in the post should not be same person responsible for banking it
  • Recording of receipts by post - listing amounts received when post is opened and protection of cash and cheques (restrictive crossing)
  • Restrictions on receipts of cash - only by cashiers or salespersons etc.
  • Evidencing of receipt of cash - serially numbered receipt forms
  • Reconciliations - especially agreement of cash collections with till rolls and receipts
  • Any cash shortages and surpluses should be investigated
  • Receipts should be banked daily and make-up and comparison of paying-in slips checked against initial receipt records and cash book
  • EFTPOS (electronic funds transfer point of sale technology) could be used to decrease volume of cash and provide a permanent record of sales
17
Q

Cash systems and loans - controls for safeguarding bank accounts:

A
  • Controls should cover supply and issue, restricting staff allowed to prepare cheques
  • Safeguards over mechanically signed cheques/cheques carrying printed signatures
  • Restrictions on issue of blank or bearer cheques
  • Signed cheques should be dispatched promptly
18
Q

Cash systems and loans - controls for safeguarding cash accounts:

A
  • Limitations on cash floats held
  • Restrictions on access to cash registers and offices
  • Custody of cash outside office hours
  • Surprise cash counts and independent checks on cash floats
19
Q

Cash systems and loans - controls over cash at bank and in hand (payments)

A
  • Segregation of duties - cashier should not be concerned with keeping or writing up books of account
  • Cheque requisitions should be raised, supported by appropriate documentation and approved by senior staff
  • Documentation should be cancelled by crossing/recording cheque number on requisition
  • Signatories should have limitations on authority to specific amounts
  • Payments should be recorded promptly in cash book and general and purchase ledgers
  • Authorisation of expenditure, cancellation of vouchers and limits on cash disbursements
  • Strict controls over cash advances to employees, IOU’s or cheque cashing
20
Q

Inventory system - Risks:

A
  • Misappropriation of inventory
  • Failure to record inventory movements
  • Deterioration in condition and value of inventory due to age, obsolescence or poor inventory holding conditions
21
Q

Inventory system - controls over recording:

A
  • Segregation of duties - responsibilities between those responsible for recording and those responsible for its custody
  • Detailed record held and inventory receipts and issues
22
Q

Inventory system - controls over protection of inventory:

A
  • Restriction of access to stores and controls over temperature etc. in which inventory is held
  • Regular counts of inventory - carried out by persons other that stores function
  • Reconciliation of inventory count record to book records and control accounts
23
Q

Inventory system - control over valuation of inventory:

A
  • Check that calculations are correct

* Procedures to deal with writing down slow moving, damaged and obsolete inventory

24
Q

Inventory system - controls for inventory holding:

A
  • Maximum and minimum inventory levels

* Reorder quantities and levels

25
Q

Revenue and capital expenditure - risks:

A
  • Asset acquisitions and disposals not being authorised
  • Asset acquisitions and disposals not being recorded
  • Asset records including items which have been disposed of, are of negligible value or do not exist
  • Misappropriation of assets
  • Assets being used for private benefit
  • Deterioration in condition or obsolescence of assets
  • Depreciation being charged at too high or too low a rate
  • Depreciation being calculated incorrectly
  • Income form assets not being received or recorded
  • Revenue and capital expenditure being accounted for incorrectly
26
Q

Revenue and capital expenditure - controls over authorisation:

A
  • Controls over purchases also relevant here

* Authorisation of orders and checking of condition when goods received

27
Q

Revenue and capital expenditure - controls over security:

A
  • Restriction of access
  • Controls over environmental conditions
  • Marking ownership of assets
  • Maintain a non-current asset register
  • Non-current asset register should be regularly reconciled to general ledger
28
Q

Revenue and capital expenditure - controls over valuations:

A
  • Senior, qualified staff should judge what appropriate depreciation rates are
  • Revaluations - specification of qualifications of the valuer and scope and objective of valuation
  • Need for write down of assets should be supported by evidence of loss in value
  • Write-downs should be authorised by managers
29
Q

Revenue and capital expenditure - controls for recording:

A
  • Asset register is key recording control
  • General ledger should be regularly reconciled to asset register
  • Staff with appropriate knowledge should maintain sensitive codes in general ledger to confirm revenue and capital expenditure is being allocated correctly
  • Capital budgets should be prepared, actual expenditure compared with budgets and differences investigated
30
Q

Logistics risk:

A
  • Inventory is not being delivered at the right time to the right place in the right condition
  • Inventory is stolen
  • Poor-quality products result in lost sales or damage or injury
  • Business is interrupted
31
Q

Logistics controls:

A
  • Controls over safeguarding of inventory
  • Controls ensuring inventory is available to meet business requirements
  • Adequate planning and forecasting systems
  • Detailed analysis of volume requirements
  • Availability of alternative facilities at short notice
  • Sufficient vehicles to transport inventory
32
Q

Procurement risks:

A
  • Goods not available when required
  • Org pays too much for goods
  • Employees or suppliers defraud the org
33
Q

Procurement controls:

A
  • Rigorous tendering process = Ensure that goods are available when required and that org pays reasonable prices for goods/ services
  • Requirements for goods/ service should be put in writing
  • Auditor should review adequacy f tendering arrangements and check that invoice details can be traced back to written acquisitions
34
Q

Marketing risks:

A
  • Customer requirements are not taken into account
  • Customers do not know about products
  • Prices are not competitive
  • Goods are prices at too low a level, with promotion considerations resulting in excessive discounts
35
Q

Marketing controls:

A
  • Controls + audit required to ensure process is managed efficiently, info is freely available and risks are being managed correctly
  • Should be rigorous requirements for market research
  • Monitor competitor prices and activity
  • Sales against budget
  • Marketing mix should be analysed using return on marketing investment which monitors the success of various media and campaigns
  • Auditors should assess whether adequate research appears to have been carried out, adequacy of decision-making processes
  • Auditors should also review terms and conditions to ensure they comply with company policy
36
Q

HR risk:

A
  • Inadequate staffing
  • Over reliance on certain key personnel
  • Excessive staff turnover
  • Staff being paid the wrong amounts
  • Correct deduction not being made for taxes
  • Staff expenses not being properly documented
  • Staff expenses being unauthorised or excessive
  • Org reimbursing staff for private expenditure
  • Industrial action disrupting the org
  • Org being subject to actions for wrongful dismissal
  • Failing to comply with employment laws
37
Q

HR controls:

A
  • Long-term human requirement plans to ensure long-term succession planning
  • Benchmarking salary against market
  • Appraising staff performance
  • Providing adequate training
  • HR managers should receive training in employment law
  • Ensure company policies are maintained and info is freely available
  • Review all relevant internal records, appraisal and training records and long-term HR plans
  • Internal auditors should consider HR issues on range of other operational audits (e.g. whether department is staffed with staff of sufficient experience)
38
Q

R+D risks:

A
  • R+D effort wasted on projects that will provide no benefits or are not in line with corporate strategy
  • Org’s do not undertake enough R+D, leaving them at risk of being uncompetitive or irrelevant
  • Resources are wasted on duplicated projects
  • Projects do not deliver planned benefits,are late or over budget
  • Loss of data interrupts R+D
39
Q

R+D controls:

A
  • Controls must ensure R+D is properly planned, budgeted, monitored and reported
  • Comply with internal standards and relevant legislation
  • R+D strategy must be decided and reviewed by the board
  • Activities should be co-ordinated centrally
  • Follow common project methodology
  • Progress on projects should be reported regularly
  • Post-implementation reviews
  • Auditors should consider adequacy of org guidelines or R+D projects and test projects to see if they were following guidelines
  • Auditors should check that results of R+D have been regularly communicated to management
  • Auditors should review results of post-implementation reviews and confirm that points arising have been actioned
40
Q

Post-completion audits risks:

A
  • Capital expenditure on a project is greater than expected
  • Project has failed to deliver the anticipated benefits
  • Excessive resources have been utilised on developing the project
41
Q

Post-completion audit controls:

A
  • System for approving and developing new investments
  • Post-completion auditing is partly an audit of controls including weaknesses in budgeting and forecasting system
  • Also examines performance of management, using principles of responsibility accounting