[AA/F8] Audit and Assurance (Kiểm toán và Các dịch vụ đảm bảo)
  1. SAPP Knowledge Base
  2. Tự học ACCA (Association of Chartered Certified Accountant)
  3. [AA/F8] Audit and Assurance (Kiểm toán và Các dịch vụ đảm bảo)

[AA/F8: Tài liệu ôn thi] Part C: Internal Control

Part C sẽ ôn lại 7 dạng bài tập quan trọng môn Audit & Assurance (F8) với chủ đề Internal Control.

1. Tổng quan:

    Topic

    Question types

    Question index

       

    MCQ

    Case



    Internal Control

    1. Internal control components

    1,3,4,6,7

    2,5

    2. Test of controls

    8 - 15

     

    3. Communication on internal control

    4. Internal control in a computerized environment

    16 - 18

     

    5.  Internal audit assignments

    19, 20, 22

    21

    6. Internal audit vs external audit

    23 - 26

     

    7. Outsourcing internal audit

    27

    28

    Reference: BPP ACCA F8 - Audit & Aussurance StudyText

    Knowledge Base: [AA/F8: Tóm tắt kiến thức] Lesson 9: Kiểm soát nội bộ (Internal control)

    2. Dạng bài tập chi tiết:

    2.1. Dạng 1: Internal control components

    Mức độ: Quan trọng

    OTQ & OT Case

    Câu 1: (3.6m) (Dễ)

    Question:

    Which of the following is NOT a component of an entity’s internal control?

    A.  The selection and application of accounting policies
    B.  The control environment  
    C.  Control activities relevant to the audit
    D.  The information system relevant to financial reporting

    Guidance: 5 components of internal controls

    References:

    Answer: A

    The selection and application of accounting policies is not a component of an entity’s internal control.

    Câu 2: (9m) (Dễ) (Đọc thêm)

    Learning outcome: 

    Nhận định được các components của hệ thống kiểm soát nội bộ

    Question:

    State the FIVE components of an entity’s internal control and give a brief explanation of each component.

    Answer: 

    Internal control components

     (i) Control environment

    The control environment includes the governance and management functions and the attitudes, awareness, and actions of those charged with governance and management concerning the entity’s internal control and its importance in the entity. The control environment sets the tone of an organisation, influencing the control consciousness of its people.

    The control environment has many elements such as communication and enforcement of integrity and ethical values, commitment to competence, participation of those charged with governance, management’s philosophy and operating style, organisational structure, assignment of authority and responsibility and human resource policies and practices.

    (ii) Entity’s risk assessment process

    For financial reporting purposes, the entity’s risk assessment process includes how management identifies business risks relevant to the preparation of financial statements in accordance with the entity’s applicable financial reporting framework.

    It estimates their significance, assesses the likelihood of their occurrence, and decides upon actions to respond to and manage them and the results thereof.

    (iii) Information system, including the related business processes, relevant to financial reporting, and communication

    The information system relevant to financial reporting objectives, which includes the accounting system, consists of the procedures and records designed and established to initiate, record, process, and report entity transactions (as well as events and conditions) and to maintain accountability for the related assets, liabilities, and equity.

    (iv) Control activities relevant to the audit

    Control activities are the policies and procedures that help ensure that management directives are carried out. Control activities, whether within information technology or manual systems, have various objectives and are applied at various organizational and functional levels.

    (v) Monitoring of controls

    Monitoring of controls is a process to assess the effectiveness of internal control performance over time. It involves assessing the effectiveness of controls on a timely basis and taking necessary remedial actions.

    Management accomplishes the monitoring of controls through ongoing activities, separate evaluations, or a combination of the two. Ongoing monitoring activities are often built into the normal recurring activities of an entity and include regular management and supervisory activities.

    Câu 3: (3.6m) (TB)

    Question:

    One of the control objectives of the sales system of B Co is to ensure that goods and services sold to credit-worthy customers. Which of the following control activities would assist B Co in achieving this objective?

    A.  Credit limits are checked before sales orders are accepted.
    B.  All sales orders are based on authorized price lists. 
    C.  Sales invoices are reconciled to the daily sales report.
    D.  The aged-debt listing is reviewed by the finance director on a monthly basis.

    Guidance: 

    You can use the control activities definition of “control activities are those policies and procedures that help management achieve control objective” as a guidance to choose appropriate control activities.

    There is no specific way to identify appropriate control activities, but seeing examples of them can help you easier to do that. You can see them in F8 BPP Chapter 10: Tests of controls or ACCA past exam.

    Answer: A

    Control activities

    Control objectives

    Credit limits are checked before sales orders are accepted (Option A) 

    To ensure that goods and services are only supplied to customers with good credit ratings.

    => True

    All sales orders are based on authorised price lists (Option B)

    To ensure that goods and services are provided at authorised prices

    => False

    Sales invoices are reconciled to the daily sales report (Option C)

    To ensure that all goods and services sold are correctly invoiced

    => False

    The aged-debt listing is reviewed by the finance director on a monthly basis (Option D)

    To ensure that overdue debts are followed up on a timely basis.

    => False

    Câu 4: (3.6m) (TB)

    Question:

    B Co maintains perpetual inventory records. Which of the following control activities would contribute to the auditor's confidence that inventory recorded in the financial statements exists?

    1. Procedures to identify obsolete and damaged inventory
    2. Physical safeguards to protect inventory from theft
    3. Sequential numbering of goods dispatched notes
    4. Reconciliation of inventory records to results of inventory counts
      A.  (1) and (2)
      B.  (2) and (4)
      C.  (2) and (3)
      D.  (1) and (3)

      Answer: D

      Control activities

      Control objectives

      Statement 1 

      To ensure that all inventory movements are recorded (existed)

      => True

      Statement 2

      To ensure that inventory included on the statement of financial position physically exists

      => False

      Statement 3

      To ensure that all inventory movements are recorded (existed)

      => False

      Statement 4

      To ensure that all purchases and sales of inventory have been recorded in the accounting system

      => False

      Câu 5: (7.2m) (Dễ) (Đọc thêm)

      Learning outcome:

      Hiểu được các loại hoạt động kiểm soát khác nhau

      Question:

      Describe FOUR different types of control activities and, for each type, provide an example control a company may implement.

      Answer: Control activities

      Segregation of duties – assignment of roles or responsibilities to ensure the tasks of authorising and recording transactions and maintaining custody of assets are carried out by different people, thereby reducing the risk of fraud and error occurring. For example, the purchase ledger clerk recording invoices onto the purchase ledger, and the finance director authorising the payment of those purchase invoices.

      Information processing – controls including application and general IT controls, which ensure the completeness, accuracy, and authorization of information being processed. For example, the use of batch control totals when entering transactions into the system.

      Authorisation – approval of transactions by a suitably responsible official to ensure transactions are genuine. For example, authorisation by a responsible official of all purchase orders.

      Physical controls – restricting access to physical assets as well as computer programs and data files, thereby reducing the risk of theft. For example, cash being stored in a safe which only a limited number of employees are able to access.

      Performance reviews – comparison or review of the performance of the business by looking at areas such as budget versus actual results. For example, the review by department heads of monthly results of actual trading to budget and prior year, with analysis of variances.

      Câu 6: (1.8m) (Trung bình)

      Learning outcome: 

      Hiểu được các inherent limitation của hệ thống kiểm soát nội bộ

      Question: 

      Which of the following is NOT an inherent limitation of internal control systems?

      A.  Insufficient segregation of duties
      B.  Possibility that employees may collude together fraudulently
      C.  Possibility of human error in undertaking tasks

      Answer: A

      A is incorrect as it is not an inherent limitation of an internal control system; rather it is an internal control deficiency.

      References: F8 BPP Chapter 9: Internal controls phần 1.7 Limitations of accounting and control systems

      Câu 7: (3.6m) (Trung bình)

      Question:

      Who is ultimately responsible for a company's system of internal controls?

      A.  External auditors
      B.  Board of directors
      C.  Internal auditors
      D.  Audit committee

      Answer: B

      Internal control is the process designed, implemented, and maintained by those charged with governance, management, and other personnel to provide reasonable assurance about the achievement of an entity's objectives with regard to the reliability of financial reporting, effectiveness, and efficiency of operations, and compliance with applicable laws and regulations.

      Reference: F8 BPP Chapter 9: Internal control system phần 1 Internal control systems

      2.2. Dạng 2+3: Test of controls + Communication on internal control

      Mức độ: Quan trọng

      OTQ & OT Case

      Câu 8: (3.6m) (Trung bình)

      Question: 

      Which of the following statements about the nature and extent of tests of controls are true?

      1. Inquiry alone is not sufficient to test the operating effectiveness of controls
      2. The auditor must perform test of controls if substantive procedures alone cannot provide sufficient appropriate audit evidence
        A.  Nether (1) nor (2)
        B.  (1) only
        C.  (2) only
        D.  Both (1) and (2) 

        Answer: D

        1. Other audit procedures must be performed in combination with inquiry to test the operating effectiveness of controls.
        2. Substantive procedures alone may not provide appropriate audit evidence (e.g. in IT systems). In such a case, the auditor must perform a test of relevant controls.

        References: F8 BPP Chapter 9: Internal control system phần 3 The evaluation of internal control components

        Câu 9-11:

        Cherry Blossom Co (Cherry) manufactures custom made furniture and its year-end is 30 April.

        You are the audit supervisor of Poplar & Co and are developing the audit programs for Cherry's forthcoming interim audit.

        You have ascertained that Cherry purchases its raw materials from a wide range of approved suppliers. When production supervisors require raw materials, they complete a requisition form and this is submitted to the purchase ordering department. Requisition forms do not require authorisation and no reference is made to the current inventory levels of the materials being requested.

        Cherry has an internal audit department that has provided you with details of the internal controls around the non-current assets cycle. One such control is that upon receipt of a new asset, each asset is assigned a unique serial number and this is recorded on the asset and in the non-current assets register.

        Câu 9: (3.6m) (TB)

        Which TWO of the following statement are DEFICIENCIES of purchases system of Cherry?

        A.  Cherry purchases its raw materials from a wide range of approved suppliers.
        B.  Raw materials are being ordered without reviewing inventory levels
        C.  The lack of authorization
        D.  Cherry has an internal audit department

        Guidance:

        To identify deficiencies you should look for information that indicates: 

        • Controls are missing;
        • Controls are not effective.

        Answer: B+C

        Options A and D are control activities

        Options B and C are deficiencies (Controls are missing)

        Câu 10: (3.6m) (Trung bình)

        Learning outcome: 

        Nhận diện được consequences của internal control deficiency.

        Đề bài:

        Which of the following are the most likely consequences of the internal control deficiency described in the requisition system for raw materials?

        1. Fraudulent purchases may be made, leading to funds being diverted to third parties for illegal purposes.
        2. Stock-outs may occur, resulting in the company being unable to meet orders and lost revenue.
        3. Unnecessary purchases may be made, resulting in excess obsolescent raw materials accumulating in inventory requiring to be written down.
        4. Raw materials of poor quality may be purchased, resulting in low quality products being produced, customer goodwill being lost and going concern risks.
          A.  1 and 3
          B.  2 and 3
          C.  1 and 4
          D.  2 and 4

          Answer: B

          Risk of raw materials are being ordered without reviewing inventory levels 

          => Both stock-outs and excess obsolescent inventory are likely to occur => Option B + C are true

          (The lack of authorisation means that fraudulent purchases could be made, but there is an approved supplier list and money-laundering risks seem far-fetched.

          Likewise, poorer quality goods may be ordered but the approved supplier list does act as a control here – and going concern risks are irrelevant.) => Giải thích thêm với đáp án sai

          Câu 11: (3.6m) (Trung bình)

          Learning outcome: 

          Nhận diện các assertion

          Question:

          While reviewing Cherry's purchases cycle, you identified that goods received notes for raw material purchases are not sequentially numbered.

          Which of the following areas would you consider to be most at risk of material misstatement, as a result of this internal control deficiency?

          A.  Rights and obligations of inventory
          B.  Valuation of payables
          C.  Existence of inventory
          D.  Completeness of payables

          Answer: D

          The fact that goods received notes (GRNs) are not sequentially numbered means that GRNs may be omitted from accounting records and it would be difficult to trace the unrecorded GRNs. As a result, the risk is that payables (and inventory) are understated. 

          Câu 12: (3.6m) (Trung bình)

          Question

          In relation to the control relating to the receipt of a new asset, which TWO of the following describe the MOST RELIABLE audit procedures which enable the auditor to assess whether this control is operating effectively?

          1. Select a sample of capital additions on-site, agree that a serial number is recorded on the asset, and confirm it is included in the non-current assets register
          2. Select a sample of assets recorded on the non-current assets register, confirm that it includes a serial number for each asset and agree the number to the physical asset
          3. Inspect the non-current asset register and verify that there are no duplicated serial numbers
          4. Observe the receipt of assets to confirm that serial numbers are assigned and recorded
            A.  1 and 3
            B.  2 and 3
            C.  1 and 4
            D.  2 and 4

            Guidance:

            To be able to identify a test of control, you need to understand the cycle relate to the scenario and control activities designed by clients. You can your definition of a test of controls “an audit procedure designed to evaluate the operating effectiveness of controls in preventing, or detecting and correcting, material misstatements at the assertion level” as a guide to identify test of controls. 

            There is no specific way to identify tests of controls, but seeing examples of them can help you easier to do that. You can see them in F8 BPP Chapter 10: Tests of controls or ACCA past exam. 

            Answer: A

            Control activities: Upon receipt of a new asset, each asset is assigned a unique serial number and this is recorded on the asset and in the non-current assets register.

            Select a sample of capital additions on-site, agree that a serial number is recorded on the asset, and confirm it is included in the non-current assets register helps the auditor to ensure serial number is recorded on both asset and register. => 1 is true 

            Statement (2) is not a reliable procedure because it doesn’t test the effectiveness of this control activity.   

            Reviewing the non-current register to identify duplicate serial numbers will identify instances when the serial numbers assigned were not unique. => Statement (3) is true 

            Observation is a valid audit procedure, but it provides a weak form of audit evidence since it does not assure the auditor that the control would be operated when the auditor is not there to observe it. => 4 are false

            Câu 13-15:

            Primrose Co has recently upgraded its computer system to enable greater automation of transaction processing. The new system has integrated the sales, inventory, and purchasing systems resulting in minimal manual entry. 

            Sales orders are entered into the system manually. The inventory system is automatically updated to reflect that inventory has been allocated to an order. The system will flag if there is insufficient inventory to fulfill the order. The inventory system is linked to the purchasing system so that when inventory falls to a minimum level a purchase order is automatically created and sent to the purchasing manager for authorization. Once the manager clicks ‘authorised’ the order is automatically sent electronically to the approved supplier for that item. The system is backed up daily to ensure minimal loss of data in the event of a system failure. 

            Primrose Co’s internal auditors were present during the implementation of the new system and performed tests during the process to ensure the information transferred into the new system was free from error. The internal audit plan of work has been updated to include regular tests of the system throughout the year to ensure it is working effectively. 

            The external auditor of Primrose Co is planning to use automated tools and techniques during the audit for the first time this year as a result of the new system and is also planning to use the work of Primrose Co’s internal audit department if possible. 

            Câu 13: (3.6m) (TB)

            Question:

            Which of the following is NOT a test of control in respect of Primrose Co’s system?

            A.  Trace a sample of purchase orders through to the approved supplier list to ensure the supplier used is approved
            B.  Trace a sales order through to the system and into the sales day book to ensure it is recorded
            C.  Review a sample of purchases orders in the system to ensure they are authorised within the system
            D.  Inspect copies of the back‐ups taken to ensure these are taken on a daily basis

            Answer: B

            Tracing a transaction through the system to ensure it is recorded in the sales day book is a substantive procedure testing the assertion of completeness.

            Câu 14: (3.6m) (TB)

            Question: 

            Select whether the following controls identified in Primrose Co’s systems are general or application controls?

            Daily backups of the system

            General

            Application

            Authorization of purchase orders

            General

            Application

            Minimum order quantities

            General

            Application

            Automatic updating of inventory once goods are sold

            General

            Application

            Answer:

            Daily backups of the system

            General

             

            Authorization of purchase orders

             

            Application

            Minimum order quantities

             

            Application

            Automatic updating of inventory once goods are sold

             

            Application

            Backups relate to the whole computer system therefore are a general control. Authorisation, minimum order quantities and automatic updating of inventory related to individual aspects of the purchasing and inventory systems, therefore, are application controls.

            References: F8 BPP chapter 9: Internal controls phần 4 Internal Controls in a computerized environment

            Câu 15: (3.6m) (TB)

            Question:

            Which can be tested by placing a dummy sales order for a large quantity of goods into the system? Select all that apply.

            Control

             

            The inventory system is automatically updated to reflect that inventory has been allocated to a sales order

             

            The system will flag if there is insufficient inventory to fulfill the order

             

            When inventory falls to a minimum level a purchase order is automatically created and sent to the purchasing manager for authorization

             

            The purchase order is automatically sent electronically to the approved supplier for that item 

             

            Answer: 

            Control

             

            The inventory system is automatically updated to reflect that inventory has been allocated to a sales order

            The system will flag if there is insufficient inventory to fulfill the order

            When inventory falls to a minimum level a purchase order is automatically created and sent to the purchasing manager for authorization

            The purchase order is automatically sent electronically to the approved supplier for that item 

            As all of the controls stated are computerized controls, a dummy order can be used to test them.

            2.3. Dạng 4: Internal control in computerised environment

            Mức độ: Quan trọng

            Câu 16: (3.6m) (Dễ)

            Question: 

            Which TWO of the following are application controls?

            1. Password protection of programs
            2. Batch controls
            3. One for one checking
            4. Regular back up of programs
              A.  1 and 4
              B.  3 and 4
              C.  1 and 2
              D.  2 and 3

              Answer: D

              One-for-one checking (3) and batch controls (2) are application controls. They apply separately to each application.

              Password protection of programs (1) and Regular backup of programs (4) are general IT controls

              Câu 17: (3.6m) (Dễ)

              Question:

              General IT controls are policies and procedures that relate to many applications and support the effective functioning of application controls. Which two of the following are general IT controls?

              1. Testing procedures using test data
              2. Arithmetic checks 
              3. Disaster recovery procedures
              4. System software acquisition 
                A.  (1) and (4)
                B.  (1) and (3)
                C.  (2) and (4)
                D.  (3) and (4)

                Answer: D

                Disaster recovery procedures (3) and System software acquisition (4) are general IT controls that relate to many applications.

                Testing procedures using test data (1) and Arithmetic checks (2) are application controls.

                Câu 18: (3.6m) (trung bình)

                Question:

                Fox Industries Co (Fox) manufactures engineering parts. It has one operating site and a customer base spread across Europe. The company’s year-end was 30 April 2013. 

                While evaluating the purchasing system of Fox, you realized that Purchase invoices are input daily by the purchase ledger clerk and he does not apply any application controls over the input process. It can raise the risk that invoices could be input into the system with inaccuracies or they may be missed out entirely.

                Which application controls should be adopted by Fox Industries Co to ensure the completeness and accuracy of the input of purchase invoices:

                1. System counts the number of invoices to be input, the invoices are then entered one by one, at the end the number of invoices input is checked against the document count. 
                2. Manually agreed back the invoices entered into the system to the original purchase invoices one by one
                3. Perform mathematical calculations on a particular data field, such as supplier number, a mathematical formula is run by the system
                4. Input a pre-determined maximum into the system for gross invoice value, for example, $10,000; when invoices are input if the amount keyed in is incorrectly entered as being above $10,000, the system will reject the invoice. 
                  A.  (1) and (2)
                  B.  (2) and (3)
                  C.  (1), (2), and (3)
                  D.  All 4 application controls

                  Answer: D

                  Statement (1) helps to ensure completeness of input.

                  Statement (2) helps to ensure completeness and accuracy of input.

                  Statement (3) helps to ensure the accuracy of input.

                  Statement (4) helps to ensure the accuracy of input.

                  2.4. Dạng 5: Internal audit assignments

                  Mức độ: Ít quan trọng:

                  Câu 19: (3.6m) (Dễ)

                  Question:

                  The examination of the economy, efficiency, and effectiveness of activities and processes. Which of the following internal audit assignments is described below?

                  A.  Regulatory compliance audit 
                  B.  Value for money audit
                  C.  Financial audit
                  D.  IT audit

                  Answer: B

                  References: F8 BPP Chapter 5: Internal audit phần 4.1 Value for money audits

                  Câu 20: (3.6m) (Dễ)

                  Question:

                  Which of the following best summarises the meaning of 'efficiency' in the context of a Value for Money audit as requested by KLE Co's management?

                  A.  The lowest cost at which the appropriate quantity and quality of physical, human, and financial resources can be achieved
                  B.  Producing the required goods and services in the shortest time possible
                  C.  The extent to which an activity is achieving its policy objectives
                  D.  The relationship between goods and services produced and the resources used to produce them

                  Answer: D

                  Option A describes the economy.

                  Option B only describes one aspect of efficiency. 

                  Option C describes effectiveness. 

                  Option D describes efficiency.

                  References: F8 BPP Chapter 5: Internal audit phần 4.8 Operational audits

                  Câu 21: (5.4m) (Dễ)

                  Question: Define the ‘three Es’ of a value for money audit.

                  Answer:

                  Value for money audit

                  In performing a value for money audit, there are three areas which an auditor will commonly focus on being economy, efficiency, and effectiveness, and these are known as the ‘three Es’.

                  Economy – Keeping the cost of resources used to a minimum.

                  Efficiency – The relationship between the output from goods and services and the resources used to produce them.

                  Effectiveness – How well the organisation’s objectives have been achieved.

                  Câu 22: (3.6m) (TB)

                  Question:

                  Management of A Co wants to increase the range of assignments that the company's internal audit undertakes.

                  Which of the following assignments could the internal audit department be asked to perform by management?

                  A.  Undertake 'mystery shopper' reviews, where they enter the store as a customer, purchase goods, and rate the overall shopping experience
                  B.  Assist the external auditors by requesting bank confirmation letters
                  C.  Provide advice on the implementation of a new payroll package for the payroll department
                  D.  Review the company's financial statements on behalf of the board

                  Answer: A

                  Undertake 'mystery shopper' reviews, where they enter the store as a customer, purchase goods, and rate the overall shopping experience is an example of Customer service reviews assignments

                  Bank confirmations should always be carried out by the auditor. => B is false

                  Providing advice on the implementation of a new payroll system would impair the internal auditors' independence. => C is false

                  Reviewing the financial statements on behalf of the board is the responsibility of the audit committee, not internal audit => D is false

                  2.5. Dạng 6: Internal audit vs external audit

                  Mức độ: Ít quan trọng:

                  Criteria

                  External audit

                  Internal audit

                  Objective

                  Express an opinion on the truth and fairness of the financial statements in a written report.

                  Improve the company's operations by reviewing the efficiency and effectiveness of internal controls.

                  Reporting

                  Reports to shareholders.

                  Reports to management or
                  those charged with governance.

                  Availability of
                  report

                  Publicly available.

                  Not publicly available. Usually only seen by management or those charged with governance.

                  Scope of work

                  Verifying the truth and fairness of the financial statements.

                  Wide in scope and dependent
                  on management's requirements.

                  Appointment
                  and removal

                  By the shareholders of the company.

                  By the audit committee or board of directors.

                  Relationship
                  with company

                  Must be independent of the company.

                  Maybe employees (which limits independence) or an outsourced function (which enhances independence).

                  Câu 23: (3.6m) (Dễ)

                  Question:

                  Which of the following statements relating to internal and external auditors is correct?

                  A.  Internal auditors are required to be members of a professional body
                  B.  Internal auditors’ scope of work should be determined by those charged with governance
                  C.  External auditors report to those charged with governance
                  D.  Internal auditors can never be independent of the company

                  Answer: B

                  A is incorrect as internal auditors are not required to be members of any professional body. 

                  C is incorrect as external auditors report to shareholders rather than those charged with governance. 

                  D is incorrect as internal auditors can be independent of the company, if, for example, the internal audit function has been outsourced.

                  Câu 24: (3.6m) (Dễ)

                  Question:

                  Which two of the following characteristics apply to internal audits?

                  1. The purpose is to improve the company's operations.
                  2. Reports to shareholders on whether the financial statements give a true and fair view of affairs.
                  3. Auditors may be employees of the company
                  4. Evidence is collected in accordance with relevant ISAs.
                    A.  (1) and (3)
                    B.  (2) and (4)
                    C.  (1) and (4)
                    D.  (2) and (3)

                    Answer: A

                    (1) and (3) are characteristics of internal audit

                    (2) and (4) are characteristic of external audit

                    Câu 25: (3.6m) (Dễ)

                    Question:

                    With which of the following activities should the internal audit function NOT be involved?

                    A.  Monitoring of management's performance
                    B.  Reviewing the adequacy of management information for decision-making purposes
                    C.  Taking responsibility for the implementation of a new sales ledger system
                    D.  Assessing compliance with regulation relevant to the company

                    Answer: C

                    The internal audit function is a review and monitoring function. It should not take operational responsibility for any part of the accounting or information systems

                    Câu 26: (3.6m) (Dễ)

                    Question:

                    Which of the following statements about the responsibilities of external and internal auditors with regards to fraud is NOT correct?

                    A.  The external auditor must maintain an attitude of professional skepticism throughout the audit, recognising the possibility that a material misstatement due to fraud could exist.
                    B.  The internal auditor must always consider the potential of management overriding controls and modify their audit procedures accordingly when performing internal audit engagements.
                    C.  It is not the responsibility of the external auditors to detect fraud within a client.
                    D.  Internal auditors can help to prevent fraud by carrying out work on assessing the adequacy and effectiveness of control systems.

                    Answer: B

                    Option A is true because of the requirement of ACCA Code of Ethics

                    The need to consider the potential of management override applies mainly to the external auditors => B is false

                    The external auditor's objective is to conclude whether the financial statements are free from material misstatement, whether from error or fraud => C is true

                    Internal auditors can help to prevent fraud by carrying out work on assessing the adequacy and effectiveness of control systems => D is true

                    2.6. Dạng 7: Outsourcing internal audit

                    Mức độ: Ít quan trọng:

                    Câu 27: (3.6m) (TB)

                    Question:

                    Each of the following statements is the advantage of an internal audit function consisting of employees of the company or outsourcing internal audit.

                    Consideration

                    Employed

                    Outsourced

                    (1)  Greater availability of specialist industry skills as required    
                    (2)  Flexibility regarding staff numbers in response to changing circumstances    
                    (3)  Elimination of direct training costs    
                    (4)  Development of skills increasing the human resource strength of the Entity    

                    Answer:

                    Consideration

                    Employed

                    Outsourced

                    (1)  Greater availability of specialist industry skills as required  

                    X

                    (2)  Flexibility regarding staff numbers in response to changing circumstances  

                    X

                    (3)  Elimination of direct training costs  

                    X

                    (4)  Development of skills increasing the human resource strength of the Entity

                    X

                     

                    Where the internal audit department is outsourced to an external firm, a company will benefit from

                    • specialist industry skills;
                    • the greater flexibility in staffing numbers;
                    • the elimination of associated costs, such as staff training.

                    However, if the staff is employed by the company, this increases the skills held within the business and therefore increases the value of the workforce which is a strength of the company.

                    Câu 28: (3.6m) (TB)

                    Question

                    Saxophone Enterprises Co (Saxophone) has been trading for 15 years selling insurance and has recently become a listed company. In accordance with corporate governance principles, Saxophone maintains a small internal audit department. The directors feel that the team needs to increase in size and specialist skills are required, but they are unsure whether to recruit more internal auditors or to outsource the whole function to their external auditors, Cello & Co.

                    Required: Explain the advantages and disadvantages for each of Saxophone Enterprises Co AND Cello & Co of outsourcing the internal audit department.

                    Answer:

                    Saxophone

                    Advantages

                    Disadvantages

                    Staffing: 

                    Saxophone Enterprises Co (Saxophone) wishes to expand its internal audit department in terms of size and specialist skills. If they outsource, then there will be no need to spend money in recruiting further staff as Cello & Co (Cello) will provide the staff members.

                    Existing internal audit department: 

                    Saxophone has an existing internal audit department; if they cannot be redeployed elsewhere in the company, then they may need to be made redundant and this could be costly for Saxophone. Staff may oppose outsourcing if it results in redundancies.

                    Immediate solution: 

                    As the current internal audit department is small, then outsourcing can provide the number of staff needed straight away.

                    Increased costs: 

                    As well as the cost of potential redundancies, the internal audit fee charged by Cello may over a period of time increase, proving to be very expensive.

                    Skills and experience: 

                    Cello is likely to have a large pool of staff available to provide the internal audit service to Saxophone. In addition, the audit firm is likely to have staff with specialist skills already available.

                    Knowledge of company: 

                    Cello will allocate available staff members to work on the internal audit assignment; this may mean that each visits the staff members are different and hence they may not fully understand the systems of Saxophone. This will decrease the quality of the services provided and increase the time spent by Saxophone employees in explaining the system to the auditors.

                    Cost savings: 

                    Outsourcing can be an efficient means to control the costs of internal audit as any associated costs such as training will be eliminated as Cello will train its own employees. In addition, the costs for the internal audit service will be agreed upon in advance. This will ensure that saxophones can budget accordingly.

                    Loss of in-house skills: 

                    If the current internal audit team is not deployed elsewhere in the company, valuable internal audit knowledge and experience may be lost. If Saxophone then decided at a future date to bring the service back in-house, this might prove to be too difficult.

                    Flexibility: 

                    If the internal audit department is outsourced, Saxophone will have total flexibility in its internal audit service. Staff can be requested from Cello to suit the company’s workloads and requirements. This will ensure that, when required, the extra staff is readily available for as long or short a period as needed.

                    Confidentiality: 

                    Knowledge of company systems and confidential data will be available to Cello. Although the engagement letter would provide confidentiality clauses, this may not stop breaches of confidentiality.

                     

                    Control: 

                    Saxophone currently has more control over the activities of its internal audit department; however, once outsourced it will need to discuss areas of work and timings well in advance with Cello.

                       

                    Cello

                    Advantages

                    Disadvantages

                    Additional fees for Cello: 

                    The audit firm will benefit from the internal audit service being outsourced as this will generate additional fee income. However, the firm will need to monitor the fees to ensure that they do not represent too high a percentage of their total fee income. As a public interest company, fee income should not represent more than 15% of gross practice income for two consecutive years.

                    Independence: 

                    If Cello provides both external audit and internal audit services, there may be a self-review threat, especially where the internal audit work is relied upon by the external auditor team. The firm would need to take steps to ensure that separate teams are put in place as well as additional safeguards.

                     

                    Author: Hong Quan