CHAPTER 15

BASIC CONCEPTS AND ELEMENTS

OF INTERNAL CONTROL

I. Review Questions

1. Refer to page 548, 3rd paragraph and page 549, 1st paragraph of the textbook.

2. Internal control systems are defined as “. . . the process by which an entity’s

board of directors, management and/or other personnel obtain reasonable
assurance as to the achievement of specified objectives.”

3. The basic elements of internal control are:

a. Control environment, and
b. Control procedures.

4. All internal control systems, due to the human factor, contain certain inherent
limitations. Because of these inherent limitations, internal control provides
reasonable, but not absolute, assurance as to the achievement of control
objectives.

5. Management support of internal control is prerequisite to its effectiveness. That

is, no matter how sound the other components, the system will not be effective if
management does not support it and communicate that support throughout the
organization. An organizational awareness that management takes internal
control seriously, helps to maximize the effectiveness of the control activities.

A management operating style that supports proper ethical behavior also

enhances the effectiveness of the entity’s internal control. If employees perceive
that management conducts itself in accordance with proper ethical behavior,
such conduct will tend to reflect itself throughout the organization. Proper
ethical behavior, in turn, minimizes the probability that financial statements will
be intentionally misstated.

6. A centralized, efficient human resources function, an integral part of the control

environment, enhances competence by placing the right people in the right jobs
and training them properly to perform their assigned tasks.

7. An effective set of internal controls requires a careful analysis of decision

alternatives, and the assumption of high risk only where warranted. A
management attitude geared toward excessive risk-taking hampers goal
attainment and thereby compromises control.
11-2 Solutions Manual - Principles of Auditing and Other Assurance Services
8. Monitoring affects all of the other controls by assuring their effectiveness over
time. “Ongoing” monitoring is recurring and somewhat automatic. An example
is the periodic analysis of cost variances and follow-up control where the
variance is material and controllable. “Separate evaluation” applies to those
controls not conducive to ongoing monitoring. Integrity, ethical values, and
competence, for example, cannot be monitored on a “real-time” basis, but
require periodic review for effectiveness.

9. Fixing of responsibility enhances control by providing accountability for assets.

The person responsible for prelisting incoming cash receipts, for example, will
be initially accountable for any discrepancy between such prelisting and the
receipted deposit ticket obtained from the bank. Knowledge of such
accountability, in turn, will encourage care in preparing the prelisting and in
transferring the cash receipts to the person designated as responsible for
preparing and making bank deposits.

10. Any internal control system, regardless of how sound it is, has certain inherent
limitations. The system can be circumvented by collusion among two or more
employees; management can override the structure; and the procedures can
break down temporarily causing a lag in the adaptation of the controls. For
these reasons, an effective system of internal control provides reasonable, but
not absolute assurance as to the prevention and detection of material errors or
irregularities. Auditors, therefore, must not rely totally on a sound control
system as support for their audit opinion. Rather, they must recognize the
inherent limitations and, at the very least, perform a minimum amount of
substantive audit testing.

11. Small entities, typically, cannot afford the degree of separation of functional
responsibilities existing in larger firms. Also, small firms, typically, cannot
support a separate internal audit staff. For these reasons, compensating controls
are necessary in smaller organizations. Such compensating controls ordinarily
require that the owner/manager assume an active role in reviewing transactions,
examining documents, reconciling bank accounts, and otherwise performing
many of the tasks normally done by internal auditors in larger organizations.

12. Separating recordkeeping from custody of the related assets provides an

independently maintained record which may periodically be reconciled with
assets on hand. This independent record holds the personnel of a custodial
department accountable for assets entrusted to their care. If the accounting
records were maintained by the custodial department, opportunity would exist
for that department to conceal its errors or shortages by manipulating the
records.

13. Most controls can be classified as either prevention controls or detection

controls. A control environment, for example, that reflects strong
 A Risk-based Audit Approach – Part II 11-3
management support of effective control activities and proper ethical
behavior, will encourage organizational personnel to be conscientious in
performing their assigned tasks, and thereby assist in preventing errors or
irregularities. Periodic inventories and comparisons, on the other hand, will
assist in detecting errors or irregularities which have already occurred.
Both types of controls are vital to an effective system of internal control.

14. A company control procedure is an action taken for the purpose of preventing,
detecting, or correcting errors and irregularities in transactions.

15. Examples of periodic comparisons:

Count of cash on hand.
Reconciliation of bank accounts.
Count of securities.
Confirmation of accounts receivable.
Confirmation of accounts payable.
Physical count of inventory.

16. Four kinds or functional responsibilities that should be segregated:

1. Authorization to execute transactions.
2. Recording of transactions (bookkeeping).
3. Custody of assets.
4. Periodic reconciliation (comparison) of existing (real) assets to
recorded amounts.

17. Key factors in protecting against losses through embezzlement include an

adequate internal control structure, fidelity bonds, and regular audits by
independent public accountants.

18. Assuming that the general category of transaction has already been authorized
by top management, at least three employees or departments should usually
participate in each transaction to achieve strong internal control. One employee
approves the transaction after determining that the details conform to company
policies, another employee records the transaction in the accounting records, and
the third employee executes the transaction by releasing and/or taking custody
of the related assets. (Note: the approval function may be omitted in an
extremely simple transaction such as a cash sale not involving a check).

19. Refer to page 557 of the textbook.

II. Multiple Choice Questions

1. d 4. d 7. b 10. a
2. d 5. d 8. a 11. c
3. b 6. b 9. d 12. c
11-4 Solutions Manual - Principles of Auditing and Other Assurance Services
III. Comprehensive Cases
Case 1.
RELEVANT TO ASSERTION HOW
AUDIT? AFFECTED AFFECTED?
a. Yes Completeness Year-end adjustments for accruals
Valuation and/or allocations may be
overlooked.
b. Yes Existence Customers may be billed for goods
Valuation not shipped. If so, customer
accounts may not be valid.
c. No N/A N/A
d. Yes Valuation Debits and credits to incorrect
Presentation accounts are likely to cause
materiality errors.
e. Yes No assertions are adversely affected, given the
compensating control of conducting an annual physical
inventory
f. Yes Completeness Some cash receipts may not be
deposited.
Valuation Cash in bank and/or accounts
receivable may be overstated,
depending on whether or not
undeposited cash was recorded.
g. Yes Presentation Trade accounts receivable should
be kept separate from nontrade
receivables. Credit balances in
customer accounts should be
reported as current liabilities.
h. Yes Existence Invoices may be submitted a
Valuation second time for payment and the
signed disbursement checks
misappropriated. The result may
be debits to inventory or other
accounts for nonexistent goods or
services.
i. No N/A N/A
 A Risk-based Audit Approach – Part II 11-5
Case 2.
INHERENT OR CONTROL TYPE OF INHERENT OR
WEAKNESS CONTROL REMEDY
a. Inherent Temporary breakdown: environmental
changes not accompanied by revised
controls.
b. Control Chart of accounts and accounting
manuals; training of personnel who
determine debits to various expenditure
accounts; review of account distribution
by second person; internal auditor
review of transactions on a test basis.
c. Inherent Management override.
d. Control Bills of lading evidencing shipment of
goods should be prenumbered and
signed by the carrier. A copy should be
forwarded to accounts receivable and
should trigger the mailing of an invoice
to the customer. The numeric sequence
of used bills of lading should be
accounted for periodically and bills of
lading should be matched with customer
invoices on a test basis.
e. Control Billing clerks should not handle cash
receipts. Incoming cash receipts should
be prelisted and compared with daily
deposits. Credits to customer accounts
should be made from remittance advices.
Checks should be forwarded directly to
the treasurer (cashier) for deposit.
Writeoffs of customer accounts should
require approval by the credit manager
or some other responsible officer.
f. Inherent Collusion

Case 3. a. The planned assessed level of control risk is the level the auditors intend to
use in performing the audit for a particular financial statement assertion.
For example, after obtaining the understanding of internal control necessary
to plan the audit, the auditors will project a planned assessed level of
control risk based on their understanding of the internal control structure.
The assessed level of control risk is the level of risk based on the tests of
controls performed to evaluate control risk for an assertion. Control risk is
the actual, but unknown, level of risk pertaining to an assertion.
11-6 Solutions Manual - Principles of Auditing and Other Assurance Services
b. While obtaining an understanding of the internal control structure, the
auditors may determine a planned assessed level of control risk for the
existence of accounts receivable which requires them to test a sample of
sales transactions. Based on the results of the tests of controls for sales, the
auditors may arrive at an assessed level of control risk that is either higher
or lower than the level planned. The actual level of control risk for
existence of receivables is, as always, at an unknown level.

Case 4. a. After obtaining an understanding of the internal control structure, the

auditors assess control risk. At this point they may or may not have
performed some tests of controls. When they believe that a lower level of
assessed control risk may be possible, and that the related reduction of
substantive tests may be cost justified, the auditors will perform additional
tests of controls. Finally, when the additional tests of controls have been
performed, the auditors will reassess control risk and design substantive
tests.

b. Obtain an understanding Prepare flowchart

Prepare checklists
Prepare questionnaires
Perform walk-through of transactions
Perform some tests of controls
Determine the planned assessed
level of control risk Analyze results obtained
Perform additional tests
of controls Perform inquiry procedures
Inspect documents for performance
Observe application of procedures
Reperform application of procedures
Reassess control risk and
design substantive tests Analyze results obtained

Case 5. Since Vasquez’s consideration of the internal control structure shows that
controls are very weak, he may omit performing tests of controls. He must,
however, have an adequate understanding of internal control to plan the
remainder of the audit. At a minimum, Vasquez should obtain a basic
understanding of the control environment, accounting system, and important
control procedures. He should document this understanding, and also document
that control risk is assessed at the maximum level.

Case 6. a. (1) The primary advantage of the internal control questionnaire is that
control weaknesses, including the absence of control procedures, are
prominently identified by the “no” answers. Another advantage of the
questionnaire is its simplicity. If the questions have been
 A Risk-based Audit Approach – Part II 11-7
predetermined, as is usual, the auditors’ responsibility includes the
completion of the questionnaire with yes-or-no answers, and written
explanations are required only for the “no” or unfavorable answers.
Also, the comprehensive list of questions provides assurance of
complete coverage of significant control areas.
(2) An advantage of the written narrative approach in reviewing internal
control is that the description is designed to explain the precise controls
applicable to each examination. In this sense, the working paper
description is tailor-made for each engagement and thus offers
flexibility in its design and application. A second advantage is that its
preparation normally requires a penetrating analysis of the client’s
system. In requiring a written description of the flow of transactions,
records maintained, and the division of responsibilities, the
memorandum method minimizes the tendency to perform a perfunctory
review.
(3) The use of a flowchart in documenting internal control offers the
advantage of a graphic presentation of a system or a series of sequential
processes. It shows the steps required and the flow of forms or other
documents from person to person in carrying out the function depicted.
Thus, the tendency to overlook the controls existing between functions
or departments is minimized. Another advantage is that the flowchart
method avoids the detailed study of written descriptions of procedures
without sacrificing the CPA’s ability to appraise the effectiveness of
internal controls under review. An experienced auditor can gain a
working understanding of the system much more readily by reviewing
a flowchart than by reading questionnaires or lengthy narratives.
Information about specific procedures, documents, and accounting
records can also be located more quickly in a flowchart. Because of
these advantages, flowcharting has become the most widely used
method of describing internal control in audit working papers.

b. Even though internal control appears to be strong, the auditors are required
to conduct tests of controls. Just because policies and procedures are prescribed
does not mean that the client’s personnel are adhering to those requirements.
Employees may not understand their assigned duties, or may perform those
duties in a careless manner, or other factors may cause the internal controls
actually in place to differ from those prescribed.

Through tests of controls the CPAs obtain reasonable assurance that the
internal control policies and procedures are in use and are operating as
planned, and they may detect material errors of types not susceptible to
effective internal control. In addition, such testing enables the CPAs to
comply with the third standard of field work which calls for obtaining
sufficient competent evidential matter to provide a reasonable basis for an
opinion.
11-8 Solutions Manual - Principles of Auditing and Other Assurance Services
Note to instructor – Auditors may forego tests of controls if they conclude
that internal controls are so weak as to provide no basis for assessing
control risk at a level lower than the maximum.

Case 7.
PURPLE CORP.
Raw Materials Recording and Transferring System Flowchart
December 31, 2003

ACCOUNTING
STORES INVENTORY CLERK MANUFACTURING

Start

Clerk
Prepares
Goods
Stock-in Requisition
from
Report
Supplier

Posts Inventory Requisition

Storeskeeper 1
Prepares Perpetual Records at 2
Stock-in Inventory Standard
Report Records Cost

Supervisor
Approves
Stock-in Filed Requisition
Report 1 by
2
2 date

Approved Approved
Filed Requisition 1
Requisition
1 by 2
date

Reviews
for
Completeness
Filed
by Job
3
Order

Posts Transfer to Inventory

Perpetual Records at
Inventory Standard
Records Cost

Filed
4 by
date
 A Risk-based Audit Approach – Part II 11-9
Case 8. a. The quantity of serially numbered tickets issued during the shift of each
cashier is multiplied by the price per ticket to determine the amount of cash
which the cashier should have on hand at the end of the shift.

Two employees participate in each transaction. The withholding cash

receipts would require collusion between the cashier and the door attendant
because the door attendant does not have access to cash and the cashier
cannot cause a patron to be admitted without issuing to him a serially
numbered ticket.

b. The following steps should be taken by the manager to make these controls
work effectively:
(1) Maintain careful control over unused rolls of tickets.
(2) Make a record of the serial number of the first and last ticket issued on
each cashier’s shift.
(3) Count the cash in possession of cashier at beginning and end of shift.

In addition to these regular routines, the manager should take the following
steps at unannounced intervals:
(4) Observe that the cashier never has loose tickets in his or her possession
and does not sell tickets in any manner other than ejecting them from the
ticket machine.
(5) Verify by inspection of tickets being presented by patrons to the door
attendant that only recently issued tickets (current serial numbers) are
being used.

c. Collusion by the cashier and door attendant to abstract cash receipts often
consists of the door attendant pocketing whole tickets presented by patrons
rather than tearing the ticket in half. He or she may then give these unused
tickets to the cashier; the cashier may then resell the tickets to customers at the
box office rather than punching out new tickets on the machines. The cashier
withholds the cash received from sales of these “used tickets” and divides it with
the door attendant.

d. Observation on a surprise basis by the manager of the serial numbers of

tickets being presented at the door by customers may reveal that these
tickets are not freshly issued ones. Observation of the cashier’s work may
reveal that this employee is handling loose tickets.