Devy L.

Garcia BSA-3

1.
Internal Control Questionnaire (ICQ) Method

Internal control questionnaires are the most efficient means of gathering information about the
controls. A series of questions about the controls in each audit area is listed. The questions may be open
or close-ended. Generally, the close-ended questions elicit a yes or no response, where the yes/no
indicates the presence or absence of a control. The auditor may answer N/A (not applicable) for
questions that do not apply to this specific entity. A more open-ended questionnaire may be used to
focus the auditors attention onto certain control objectives.

Advantages
The ability to thoroughly cover each audit area
It is also an efficient way of delegating responsibility to junior audit team members
A desirable way of reminding the auditor of the different types of controls that should exist

Disadvantages
Do not provide an overall view of the controls in the system being examined
May also be inapplicable to certain audit clients

Narrative Memorandum Method

Narratives are written descriptions of the entitys internal controls. A properly prepared
narrative has the same elements as a flowchart. It should show the origin and disposition of every
document and record in the system. It should also show where processing takes place. The narrative
should describe controls relevant to assessing control risk.

Advantages
Tailor-made for engagement
Requires a detailed analysis and thus forces auditor to understand functioning of structure
Often a cost-effective way of documenting unsophisticated internal controls
Often sufficient if the auditor decides to assess control risk at maximum (100%) and Intends to
place no reliance on internal controls to restrict substantive testing

Disadvantages
May become very long and time consuming
Weaknesses in structure not always obvious
Auditor may overlook important portions of internal control
Not as effective as flowcharts in describing the characteristics of a system.
Not as effective at showing separation of duties








Flowchart Method

Flowcharts are a symbolic, diagrammatic, or pictorial representation of the entitys documents
and their flow within the organization. Flowcharts depict a significant class of transactions from
inception to processing to disposition. A properly prepared flowchart of an accounting system and
related controls has certain characteristics. It shows the origin of every document and record in the
system. It shows where the documents come from and how they are generated. It shows where all
processing takes place, by department, individual job function or computer program, as well as the
frequency of operations. It shows details of significant accounting procedures and control activities,
including segregation of duties and monitoring activities. The disposition of every document and record
should also be shown. It shows what ultimately happens to the documents: the documents are filed,
mailed or sent outside, shredded or otherwise destroyed.
The flowchart indicates controls relevant to assessing control risk. Information in flowcharts is
frequently organized by areas of responsibility within the system. For instance, segregation of duties
may be shown by indicating which job functions are responsible for authorizing or recording
transactions. The flow of transactions is generally from top-left to bottom-right.

Advantages
It provides a concise overview of the entitys system.
It is useful as an analytical tool in the auditors evaluation of controls.
With the aid of computer software, it is easy to create and update flowcharts.
Easier from the users perspective as it is generally easier to follow a diagram than it is to read
narrative descriptions.
May be especially helpful for subsequent year auditors in understanding and updating the
system.
Disadvantages
Preparation is time-consuming
Weaknesses in structure not always obvious (especially to inexperienced auditor)
2.
A. The auditor should assert whether the records of transactions pertaining to the inventories are
complete and assess the existence of such assets. To satisfy such assertions, the auditor would
test the effectiveness of the controls by performing audit procedures which are inquiry of
appropriate client personnel and observation of the application of such controls. If the results
indicate that such internal controls are not effective, the auditor would perform extensive
substantive tests to be able to identify possible material misstatements in the financial
statements.

B. If the incompatible functions are being performed by two different employees and the auditor
believes that further consideration of the controls would not restrict the extent of substantive
tests to be performed, then the auditor must still do test such controls irrespective of their
effectiveness to obtain evidence that they are working properly as his first assessment might
suggests. He then uses the results to assess the level of control risk. Together with the control
risks level assessed and the assessed level of inherent risk, the auditor would determine the
acceptable level of detection risk which has an inverse relationship with the other two risks. He
should then modify the nature, timing, and extent of substantive tests to be performed as the
acceptable level of detection risk being determined.

3. What is the auditors responsibility in communicating deficiencies in internal control structure?

Although an auditor is not required to search for internal control weaknesses, the auditor is
obliged to report to the appropriate level of management the material weaknesses in the design or
operation of the accounting and internal control systems when these weaknesses have come to the
auditors attention during the performance of the audit. This communication can be in writing and
should be done at the earliest opportunity so that appropriate corrective actions may be taken as soon
as possible. Oral communications could also be made provided these are adequately documented in the
working papers of the audit.

4. Discuss the inherent limitations of Internal Control that made absolute assurance probably not
possible.

Override by management and/or executives. Because of the authority and responsibility of
officials high up in the organizational structure, the risk encompasses that they can easily
override the internal control system.

Fatigue. The operation of an internal control system can induce fatigue amongst
employees/officials and lead to other operational inefficiencies. The system becomes
burdensome and this induces fatigue.

Collusion. Lack of integrity and dishonesty of employees and officials can lead to collusion
amongst two or more people to evade the internal control system. For example, employees who
are stealing goods and selling them as their own, or channeling the income from sales to false
accounts.


5. Site at least 5 indications of possible breakdown in the internal control structure and discuss.

A culture that does not reinforce the value of internal controls

If all of the policies and procedures of the management are present yet not
implemented well, or are not given importance, the entitys goals would be impossible to meet.

Staff taking short-cuts instead of following procedures

We all take shortcuts whenever possible to save time and effort but taking it at work
might cause trouble and would be a sign of undermining the policies and procedures tailored by
an organization. Organizations set such procedures as they seem proper for their employees and
for their own safety also. For example, taking shortcuts during maintenance of an airplane of an
aviation company instead of procedures set forth by the entity might cause troubles later on or
worst crash and malfunctions which would make for the entity to incur costs and possible loss.

Absent or inadequate segregation of duties within a significant account or process

Segregation of duties is important for an effective internal control. Separation of
incompatible functions is critical like of controlling of accounting records and safeguarding of
assets because if such functions are on the hand of one person, chances are he could commit
falsified acts like stealing assets and falsify accounting records. When it cannot be separated, a
detailed supervisory review of related activities is required as a compensating control activity.

The absence of an internal process to report deficiencies in internal control to management on
a timely basis

If there is no process of reporting the deficiencies in internal control to the
management, then possible solutions to such deficiencies would not be communicated and
would result to possible breakdown of its internal control system.

Inadequate design of information technology (IT) general and application controls

Such controls prevent the information system from
providing complete and accurate information consistent with financial reporting objectives
and current needs. Organizations today gather, process, store, and handle a vast collection of
data on their IT systems. They also depend on those systems to process the vast majority of
their business and financial transactions. If the integrity or reliability of these IT systems is
compromised, it could have an immediate impact on the accuracy of an organization's financial
information.