Construction of an ICQ

<< Flow Charts and Internal Control Questionnaires

Audit evidence through Audit Procedures >>

Fundamentals of Auditing ACC 311

Lesson 19

INTERNAL CONTROL QUESTIONNAIRE

Having ascertained, confirmed and recorded the system, the auditor now needs to carry out a preliminary

evaluation of the system in order to make a decision as to whether he will:

· Rely on internal controls and adopt a systems audit approach, or,

· Perform extensive substantive testing. Using a verification approach to the audit.

Internal Control Questionnaire

An ICQ is a formal and usually standardized document which comprises:

3. A list of internal controls in existence and

4. Highlights any weaknesses.

Features:

· Used in large company audit

· Used to place reliance on internal controls

· Used to design audit approach

Objectives:

(i)

To ascertain a clients systems of accounting and internal control

(ii)

To evaluate the control system thus recorded, and hence

(iii)

To identify those controls which indicate strengths in the system upon which the auditor

will seek to place reliance, and

(iv)

To identify those areas over which there are weak or no controls and which therefore

must be subjected to more extensive substantive testing and reported by inclusion in the

Management Letter.

Construction of an ICQ

(I) It is good practice when designing ICQs to state, as a brief introduction:

(a) a list of control objectives which each sub-system under consideration should seek to achieve

(b) any business considerations specific to the enterprise under review which should be taken into

account.

The reason for this is essentially to highlight for the audit staff key areas for their consideration to the audit

staff.

II) The questions in an ICQ should be designed to ascertain whether the control objectives are being

achieved and should therefore cover such aspects as:

(a) instructions given to staff in the performance of their duties

(b) authorization procedures

(d) recording procedures

(e) sequence of procedures

(f) custody procedures

(g) relative independence of the persons involved at each stage of a transaction (i.e. segregation of

duties).

(III) The questions should be framed such that a Yes/No answer is given, with a No answer usually

indicating a control weakness.

(IV) An ICQ should carry such basic information as:

(a) the name of the document (ICQ)

(b) the system to which it relates (e.g. purchasing cycle)

(d) the accounting period under review

(e) evidence of who has prepared and reviewed the document

(f) the provision of columns for:

- Yes and No answers

- comments where neither Yes or No are applicable

- indicating the significance or otherwise of apparent weaknesses

Fundamentals of Auditing ACC 311

- references to audit programs

- references to Management Letters.

Example of part of an ICQ

INTERNAL CONTROL QUESTIONNAIRE

Prepared by: ________

Date: ________

CLIENT: ___________

PERIOD: _____

Reviewed by:________

Date: ________

THE PURCHASING CYCLE

(a) Control objectives.

(b) Business considerations.

a) Control objectives

To ensure that:

(i) Purchased goods/services are ordered under proper authorities and procedures

(ii) Purchased goods/services are only ordered as necessary for the proper conduct of the business

operations and are ordered to suitable suppliers

(iii) Goods/services received are effectively inspected for quality, quantity and condition

(iv) Invoices and related documentation are properly checked and approved as being valid before

being entered as trade payables

(v) All transactions relating to trade payables are valid (suppliers invoices, credit notes and

adjustments), and only those valid transactions should be accurately recorded in the accounting

records.

b) Business considerations

Points

Effect on audit procedures and on financial statements

(i) Nature of the company's

- Auditor must be aware of the

purchases.

Varying nature of goods purchased.

(ii) The existence of a

- As far as possible ordering should

purchasing department.

be centralized.

(iii) The company's

- The fixing of minimum/maximum

purchasing policy.

Inventory and re-order levels should ensure efficient control. However,

buying in bulk, with resulting higher inventory levels may be part of a

company policy to reduce unit costs, in which case inventory

obsolescence and storage cost problems may arise.

(iv) The selection of suppliers. - The purchasing department should maintain a supplier's register to

record past purchases, prices, and satisfaction received etc. The constant

seeking of alternative sources of supply at keener prices is an indication of

efficient management

Fundamentals of Auditing ACC 311

Yes/ No

Comments References

Initiation and authorization

Are standard (Purchase) order

forms (SOFs) issued showing

names of suppliers, quantities

ordered and prices?

Are copies of SOFs retained on

file?

Who authorizes orders and

what are their authority limits?

Are the persons in 3 above

independent of those who issue

requisitions?

Is a record kept, of orders placed

but not executed? (If yes, specify

type of record kept and filing

sequence).

Custody

Are goods from suppliers

inspected on arrival as to quantity

and quality?

How is the receipt of supplies

recorded (e.g. by Goods Received

Notes)?

Are these records prepared by a

person independent of those

responsible for:

- ordering functions?

- processing and

- recording?

Criticism on ICQs

· ICQs represent an attempt at a formalized, systematic, approach to the audit of large complex

organizations.

· It is however increasingly apparent that such questionnaires can become too complex, lengthy and

detailed for meaningful evaluation of accounting systems.

· There is a danger that ICQs can provoke too formalized an approach to an assignment; that will be

concentrating as they do on the controls themselves rather than upon the fraud or irregularity that the controls

are designed to prevent.

Internal Control Evaluation Checklists

To overcome the above discussed possible shortcomings, many auditing practices have amended their

approach to internal control evaluation by the adoption of a different type of document, Internal Control

Evaluation Checklists (ICEC).

The ICEC is designed to determine; whether desirable internal controls are present?, using key control

questions to ascertain where specific frauds or errors are possible.

It is normally employed where system's information has already been recorded (usually in the form of

flowcharts).

Key questions are asked in an ICEC, the answers to which prompt further supplementary questions.

Reference is made to a supporting flowchart which is the means of ascertaining the existing systems. This

makes the ICEC document shorter and less complex, but it may require more skill and judgment on the

part of the auditor to interpret the completed form.

Note that virtually all the rules applicable to the construction of an ICQ apply to the construction of an

ICEC.

Fundamentals of Auditing ACC 311

Example of ICEC

INTERNAL CONTROL EVALUATION CHECKLIST

Prepared by: ________

Date: ________

CLIENT: ___________

PERIOD: _____

Reviewed by:________

Date: ________

PURCHASES PAYABLES PAYMENTS

(a) Control objectives.

(b) Business considerations.

a) Control Objectives

As per ICQ

b) Business Consideration

As per ICQ

c) The Checklist

1 Purchases

Comments

Reference

1.1 Can goods be purchased without authority?

(a) purchase requisitions and order approvals?

(b) limit of buyers authority to order?

accounts payable and inventory records?

(d) un issued orders safeguarded against loss?

1.2 Can liabilities be incurred although goods

not received?

(a) receiving segregated from purchasing,

accounts payable and inventory records?

(b) are all goods passed directly to stores?

(d) adequate comparison with order, claims for

short shipment etc?

(e) invoices, GRNs, direct to accounts payable not

purchasing?

(f) invoices checked to order and GRNs, prices

checked?

(g) check of extensions, additions, discounts?

(h) documents cancelled to prevent re-use?

(i) unmatched documents investigated regularly?

(j) freight checked, bills matched to

consignments?

(k) purchase returns and allowances controlled -

follow-up?

(I) forward purchases controlled?

1.3 Can cut-off errors occur?

(a) time lapse from receipt of goods to invoice processing?

(b) valuation of unmatched GRNs?

1.4 Can invoices be wrongly allocated?

(a) nominal ledger analysis?

(b) analysis independently checked?

(d) independent and regular review?

Fundamentals of Auditing ACC 311

1.5 Can liabilities be recorded for goods or services not ordered?

(a) goods received without authority?

2 Payables

2.1 Can liabilities be incurred but not recorded?

(a) payables balances agreed periodically?

(b) suppliers statements independently reconciled?

(d) forward contracts?

(e) order backlog follow up?

(f) debit balances controlled?

3 Payments

3.1 Can payments be made if not properly supported?

(a) discounts taken?

(b) control over invoices before validating complete?

preparation?

(d) signatories examine support for payment,

check completeness, cancel support?

(e) control over signature plates or pre-signed

cheques?

(f) control where one signature?

(g) frequency with which cheques mailed?

(h) independent regular bank reconciliation, with

cheques directly from bank and review

reconciliation?

(i) cheques crossed account payee only,

continuity accounted for, control over unused

cheques?

(j) bank transfers controlled - standing orders?

(k) issue of bearer or cash' cheques?

(I) advances and loans controlled?

(m) bank transfer payments, traders credits, direct

debits?

3.2 Can payments for non-routine purchases be made if not authorized or properly

supported?

(a) services, expense accounts, taxation payments

in advance, staff purchases and goods on

consignment?

3.3 Can non-current assets be acquired or removed without proper authorization and recording?

(a) approved work orders for non-current assets

and major repairs?

(b) approval of cost over-runs?

(d) detailed non-current asset register, regular

physical inspection and review of values?

(e) periodic insurance appraisals, adequate

coverage?

(f) control over loose tools?

Limitations of the effectiveness of Internal Control

It is possible to reduce the volume of transaction testing required in conducting an audit if the internal

controls are sound and are operating effectively, but it is not likely that an auditor will be able to rely on

internal controls entirely. This is because all control systems have inherent limitations such as:

The need to balance the cost of the control with its benefits

Fundamentals of Auditing ACC 311

The fact that internal controls are applied to regular, recurring transactions, not one off year

end adjustments or unusual transactions, which are often large and subject to error.

The potential for human error

The possibility of fraudulent collusion (two or more persons operating together) to `get round'

controls that segregate duties. For example; the supervisor responsible for checking and

authorizing overtime claims could collude with employees, to enable excess overtime payments

to be claimed.

The abuse of authority and override of controls by senior managers or the owners of the

business. Abuse of authority might involve ordering personal goods through the firm. It is very

easy for directors and managers of organizations of any size to instruct staff to bypass normal

procedures such as the requirement for authorization for payments.

The obsolescence of controls which have not changed to reflect changes in the business

activities or organization.

In practice, the training of auditors always involves a warning never to rely on internal controls entirely, no

matter how effective they may appear to be. Hence some verification of transactions is always carried out as

part of the auditor's work.

Table of Contents: