Audit and Assurance Exam - Internal Control Deficiencies and Recommendations
VerifiedAdded on 2023/06/18
|7
|1313
|354
AI Summary
This article discusses internal control deficiencies in the bookkeeping system at Ace Ltd, their consequences, and recommendations to address them. It also covers good internal control examples and compliance testing by the auditor.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
AUDIT AND ASSURANCE
EXAM
EXAM
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
TABLE OF CONTENTS
TABLE OF CONTENTS................................................................................................................2
PART- A..........................................................................................................................................1
a) i) Four internal control deficiencies within the bookkeeping system at Ace Ltd....................1
a) ii) Consequences of the internal control deficiencies..............................................................1
a) iii) Recommendations to address the deficiencies...................................................................1
b) i) Examples of good internal control within the scenario.......................................................2
b)..................................................................................................................................................2
c) i) and ii)...................................................................................................................................3
REFERENCES................................................................................................................................5
TABLE OF CONTENTS................................................................................................................2
PART- A..........................................................................................................................................1
a) i) Four internal control deficiencies within the bookkeeping system at Ace Ltd....................1
a) ii) Consequences of the internal control deficiencies..............................................................1
a) iii) Recommendations to address the deficiencies...................................................................1
b) i) Examples of good internal control within the scenario.......................................................2
b)..................................................................................................................................................2
c) i) and ii)...................................................................................................................................3
REFERENCES................................................................................................................................5
PART- A
a) i) Four internal control deficiencies within the bookkeeping system at Ace Ltd.
The first and the foremost is that post the purchase transactions have been entered in the
bookkeeping system the invoices of the same are being shredded away by the in-charge
to serve the purpose of confidentiality. This is a deficiency as the invoice has to
maintained in the company as the proof for the future legal requirements.
The negotiation with the suppliers is directly done by Mr Stanley who is the purchase in-
charge, but on the other hand he is excluded from the payment process. This brings
lagging in the internal control process and can lead to communication gap.
The bookkeeping data is backed on the off-site cloud server and the updation is made in
every three months by the officials of the company (Off-site backup, 2021). But this is the
deficiency of the internal control in the organization as it should be frequently updated.
The whiteboard in the company is displayed which shall be portraying the details of the
member in the finance team, annual leaves and the passwords of them. This is the major
deficiency as the password is the confidential detail and must not be publicly presented.
a) ii) Consequences of the internal control deficiencies
If the documentary evidence are being shredded just after the recording of the transaction
then it can cause the legal objections for not complying with the law of maintaining
documents for three years.
There shall be the communication gap as the suppliers are decided by one person and also
the same shall be negotiating. These terms and conditions are not communicated to the
finance person making the payment.
The data is transferred in every three months and if between that the disaster, ransomware
accidents, hacking etc. happens at the company location then the important data of the
company shall be lost.
Through the whiteboard representation of passwords the unauthorized users can access
the data and can manipulate the same or leak it posing threats for the company.
a) iii) Recommendations to address the deficiencies
The invoices of the purchase shall be confidentially maintained in the company for at-
least three years that is required by law.
1
a) i) Four internal control deficiencies within the bookkeeping system at Ace Ltd.
The first and the foremost is that post the purchase transactions have been entered in the
bookkeeping system the invoices of the same are being shredded away by the in-charge
to serve the purpose of confidentiality. This is a deficiency as the invoice has to
maintained in the company as the proof for the future legal requirements.
The negotiation with the suppliers is directly done by Mr Stanley who is the purchase in-
charge, but on the other hand he is excluded from the payment process. This brings
lagging in the internal control process and can lead to communication gap.
The bookkeeping data is backed on the off-site cloud server and the updation is made in
every three months by the officials of the company (Off-site backup, 2021). But this is the
deficiency of the internal control in the organization as it should be frequently updated.
The whiteboard in the company is displayed which shall be portraying the details of the
member in the finance team, annual leaves and the passwords of them. This is the major
deficiency as the password is the confidential detail and must not be publicly presented.
a) ii) Consequences of the internal control deficiencies
If the documentary evidence are being shredded just after the recording of the transaction
then it can cause the legal objections for not complying with the law of maintaining
documents for three years.
There shall be the communication gap as the suppliers are decided by one person and also
the same shall be negotiating. These terms and conditions are not communicated to the
finance person making the payment.
The data is transferred in every three months and if between that the disaster, ransomware
accidents, hacking etc. happens at the company location then the important data of the
company shall be lost.
Through the whiteboard representation of passwords the unauthorized users can access
the data and can manipulate the same or leak it posing threats for the company.
a) iii) Recommendations to address the deficiencies
The invoices of the purchase shall be confidentially maintained in the company for at-
least three years that is required by law.
1
The complete negotiation process, payment and the settlement of the dues must be
addressed by one official to avoid the miscommunication in the organization.
The data needs to be transferred to the off-site cloud server either daily or maximum
weekly so that the security and privacy of the information can be efficiently maintained.
The details of finance team shall not be mentioned manually but in the electronic form on
the system which is password protected so that the unauthorized access can be avoided.
b) i) Examples of good internal control within the scenario
Some examples of the good internal control are:-
The segregation of the duties must be efficiently organized so that risks of
miscommunication can be reduced (What are Internal Controls? 2017).
The reconciliation should be timely conducted so that the due balances can be identified.
The information processing controls in the company should also be appropriately
maintained so that data privacy and security are ensured.
Physical control in terms of quality of the products must be regarded to avoid legal suites.
b)
ii) Conduct of the compliance test by the auditor
The internal control of the company is very good. The auditor can follow the given steps to carry
out the test of controls:
The auditor can carry out the compliance risk assessment which may involve the IT
compliance testing which will reveal whether the system is in compliance or not.
By developing the testing methodologies will help in gaining better insight into the
various areas of compliance.
Identifying the assertions tested which is embodied within the financial statements and is
then used by the auditor for the purpose of considering various types of significant
misstatements. A brief explanation pertaining to the various assertions are required which
helps in making sure that every key aspect has been taken note of.
Analysing the audit procedures which is being used by the auditor so that level of
accurate information gained can be determined.
Reviewing the compliance audit report helps in getting insight into the company’s
2
addressed by one official to avoid the miscommunication in the organization.
The data needs to be transferred to the off-site cloud server either daily or maximum
weekly so that the security and privacy of the information can be efficiently maintained.
The details of finance team shall not be mentioned manually but in the electronic form on
the system which is password protected so that the unauthorized access can be avoided.
b) i) Examples of good internal control within the scenario
Some examples of the good internal control are:-
The segregation of the duties must be efficiently organized so that risks of
miscommunication can be reduced (What are Internal Controls? 2017).
The reconciliation should be timely conducted so that the due balances can be identified.
The information processing controls in the company should also be appropriately
maintained so that data privacy and security are ensured.
Physical control in terms of quality of the products must be regarded to avoid legal suites.
b)
ii) Conduct of the compliance test by the auditor
The internal control of the company is very good. The auditor can follow the given steps to carry
out the test of controls:
The auditor can carry out the compliance risk assessment which may involve the IT
compliance testing which will reveal whether the system is in compliance or not.
By developing the testing methodologies will help in gaining better insight into the
various areas of compliance.
Identifying the assertions tested which is embodied within the financial statements and is
then used by the auditor for the purpose of considering various types of significant
misstatements. A brief explanation pertaining to the various assertions are required which
helps in making sure that every key aspect has been taken note of.
Analysing the audit procedures which is being used by the auditor so that level of
accurate information gained can be determined.
Reviewing the compliance audit report helps in getting insight into the company’s
2
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
adherence to the regulatory guidelines. It will provide information about the strength,
access controls and the risk management procedures doing the compliance audit.
Thus, following the above stated few steps for the test of controls will result into gaining
evidence that the internal control systems of the organization is running effectively.
c) i) and ii)
E-mail
To: Finance Director at Ace Ltd
From: Audit Team
Subject: Internal and external auditor’s responsibility in respect of the legal dispute.
Dear Sir,
Hope you are doing well and with respect to the above subject I would like to draw your
attention towards the responsibility of the external auditor pertaining to the legal disputes. With
reference to ISA 250 which mainly deals with the auditor’s responsibility in the audit of financial
statements of the company pertaining to laws and regulations. Following are the key auditor’s
responsibilities:
Determine the misstatement within the financial statements because of the non-
compliance but it is important to note that auditor is not responsible for preventing non-
compliance or is expected to detect it (SA 250 Consideration of Laws and Regulations in
an Audit of Financial Statements. 2018).
To obtain the reasonable assurance that the financial statements as a whole are free from
the material misstatements irrespective of whether it is caused because of fraud and error.
Auditor shall generate basic understanding of the legal and regulatory framework which
is applicable to the business. This will help in better analysing the financial statements of
the business and identifying whether the company is meeting with the required legal laws
and regulations.
3
access controls and the risk management procedures doing the compliance audit.
Thus, following the above stated few steps for the test of controls will result into gaining
evidence that the internal control systems of the organization is running effectively.
c) i) and ii)
To: Finance Director at Ace Ltd
From: Audit Team
Subject: Internal and external auditor’s responsibility in respect of the legal dispute.
Dear Sir,
Hope you are doing well and with respect to the above subject I would like to draw your
attention towards the responsibility of the external auditor pertaining to the legal disputes. With
reference to ISA 250 which mainly deals with the auditor’s responsibility in the audit of financial
statements of the company pertaining to laws and regulations. Following are the key auditor’s
responsibilities:
Determine the misstatement within the financial statements because of the non-
compliance but it is important to note that auditor is not responsible for preventing non-
compliance or is expected to detect it (SA 250 Consideration of Laws and Regulations in
an Audit of Financial Statements. 2018).
To obtain the reasonable assurance that the financial statements as a whole are free from
the material misstatements irrespective of whether it is caused because of fraud and error.
Auditor shall generate basic understanding of the legal and regulatory framework which
is applicable to the business. This will help in better analysing the financial statements of
the business and identifying whether the company is meeting with the required legal laws
and regulations.
3
The internal auditor may assist the Board of Directors pertaining to the legal compliance as it is
the duty of the internal auditor to ensure that the company complies with the relevant laws and
regulations. In addition to this, the internal auditor can evaluate the internal control and make
suggestions on improving it further. In this way, internal auditor can help in meeting with the
legal requirements.
Hope this will be helpful to you in carrying out the audit.
Thanks & Regards
4
the duty of the internal auditor to ensure that the company complies with the relevant laws and
regulations. In addition to this, the internal auditor can evaluate the internal control and make
suggestions on improving it further. In this way, internal auditor can help in meeting with the
legal requirements.
Hope this will be helpful to you in carrying out the audit.
Thanks & Regards
4
REFERENCES
Books and Journals
Online
Off-site backup. 2021. [Online] Available through:
<https://searchdatabackup.techtarget.com/definition/off-site-backup>
What are Internal Controls? 2017. [Online] Available through:
http://www.wiu.edu/internal_auditing/internal_controls/
SA 250 Consideration of Laws and Regulations in an Audit of Financial Statements. 2018.
[Online]. Available Through:< https://www.sbsandco.com/blog/sa-250-consideration-of-
laws-and-regulations-in-an-audit-of-financial-statements>.
5
Books and Journals
Online
Off-site backup. 2021. [Online] Available through:
<https://searchdatabackup.techtarget.com/definition/off-site-backup>
What are Internal Controls? 2017. [Online] Available through:
http://www.wiu.edu/internal_auditing/internal_controls/
SA 250 Consideration of Laws and Regulations in an Audit of Financial Statements. 2018.
[Online]. Available Through:< https://www.sbsandco.com/blog/sa-250-consideration-of-
laws-and-regulations-in-an-audit-of-financial-statements>.
5
1 out of 7
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.