Suggest some segregation of duties regarding Auditing Help

(a) Fixed assets
(b) Inventories
(c) Payroll
(d) Sales

(a) Fixed assets
Following duties should be segregated
Approval of acquisition and disposal of fixed assets
Maintenance of fixed assets register
Custody of assets

(b) Inventories
Following duties should be segregated
Approval of purchases
Physical inventory taking
Safe custody
Master file maintenance
Maintain inventory records

(c) Payroll
Following duties should be segregated
Time recording
Preparation of payroll
Disbursement of payroll

(d) Sales
Following duties should be segregated
Approval of sales order
Maintain inventory records
Dispatching goods
Accounts receivable records
Collection from customers
Approval of bad debts and allowances
Approval of changes in master file.

What do you understand by “Risk assessment procedures”

Risk assessment procedures comprise audit procedures performed to obtain understanding of the entity, its environment including its internal controls. ‘The objective of risk assessment procedures is to identify and assess the risk of material misstatement in the financial statements. The misstatements may exist at assertion level or at financial statement level as a whole.

What does an understanding of the entity and its environment Constifute?

(a) Industry, regulatory and other external/actors including IFRS
(i) Market, demand. capacity, competition
(ii) Seasonal activity
(iii) Accounting policies
(iv) Taxation
(v) Government policies including foreign exchange controls, tariffs, trade restriction policies.
(vi) .Environmental requirements
(vii) General economic conditions
(viii) Interest rate
(ix) Availability of finance
(b) Nature of entity
(i) Operations

– Source of revenue
– ECommerce
– Methods of production
– Industry and geographical segments
– Location of factories and warehouses
– Major customers, competitors and suppliers
– Transactions with related parties

(ii) Ownership

– Governance structure
– Directors

(iii) Type of investments

– Recent acquisitions
– Investment in subsidiaries, joint ventures, associates and non-consolidated entities for example partnership, special purpose entities.

(iv) Financing

– Debt structure
– Finance leases

(v) Financial reporting

– Accounting policies
– Industry – specific practices

(c) Selection and application of accounting policies
(i) Changes in accounting policies
(ii) New applicable accounting standards
Objectives, strategies and business risks
Objectives are overall plans of the entity. Strategies are the approaches to attain the objectives. Threats that the objectives may not be achieved are called business risks. Management’s responses to address the business risks are part of internal controls.
Risks of material misstatements is an integral part of business risks.
Examples of business risks are:

Measurement and review of entity’s financial performance

Performance of an entity is regularly measured by those charged with governance and outsiders. Such measurement creates pressure on management. As a result, either the management works hard to attain the targets or is tempted to falsify the accounts to show better performance. Consequently, the risk of material misstatement due to fraud increases. Performance measures include:

(a) Key ratios
(b) Period – to period trend analysis
(c) Comparison with budgets
(d) Incentives to attain performance, for example bonus based on performance.
(e) Comparison with other companies in the same industry
(f) External credit rating.

Performance measures may indicate unusual ratios. For example, an unexpectedly low gross profit ratio as compared to other companies in the same industry may indicate misstatement in financial statements to save income tax.

Discuss nature of internal controls.

Internal controls comprise policies and procedures designed to attain entity’s following objective:

(a) Reliability of financial statements
(b) Efficient and effective use of entity’s resources
(c) Compliance with laws and regulations

Put it differently, internal controls are policies and procedures designed o reduce business risks that threaten the achievement of the above objectives of an entity.

Enumerate limitations of internal controls. 

Limitations of internal control are:
(a) Management’s usual requirement that the cost of control should not exceed its benefits.
(b) Human error
(c) Collusion, i.e., understanding of two or more persons, within or outside the entity, for a fraudulent intention.
(d) Controls are directed to routine transactions only
(e) Management override of controls
(f)Controls may become obsolete with changes ill operations, unless updated.


Control environment means the attitude, awareness and actions of top management towards entity’s internal controls. Some of the control environment elements have pervasive effect over other components of internal control. For example, control activities and information system is influenced by active participation of Board of directors.

It should be noted that a strong control environment does not in itself prevent frauds and errors. However it is useful for auditors o make a preliminary assessment of control risk.

A strong control environment is evidenced by following elements:

(a) Communication and enforcement of integrity and ethical values

The entity’s code of ethics should be communicated to all employees and their implementation should be monitored. The objective is to reduce temptation for dishonest, illegal and unethical acts.
(b) Commitment to competence
Only competent employees be hired, and duties should be assigned in accordance with their capabilities, knowledge n and skills.
(c) Participation by those charged with governance
Active participation by those charged with governance to overview the entity’s operations and compliance of internal control are essential for good control environment. In particular, the Board should be independent from management for effective evaluation of their actions. The Board should also have adequate understanding of business transactions and financial reporting framework.
(d) Management’s philosophy and operating style
This relates to management’s action to risk managemen and attitude towards control activities and financia reporting.
(e) Organization structure
The entity should be departmentalized for effective planning and controlling the operations.
(f) Assignment of authority and responsibility
Every employee should be given detailed job descripti setting out what is expected from him, who should repo to him and to whom the employee should report. employees should be aware as to how their action interrelate and contribute to the objectives of the entity
(g) Human resource policies
HR policies should be in writing and communicated to employees as regards, training, recruitment, compensation, promotions, incentives and bonuses.

Posted on November 3, 2015 in Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment

Share the Story

Back to Top