AA Online classes by Kashif Kamran 60

AA-AUDIT & ASSURANCE – BY KASHIF KAMRAN-FCCA

LECTURE 17 (IN SEQUENCE)

LECTURE 1 - SYLLABUS AREA -C

Topic 1: Internal control system

Objective/ key learning

 What is an internal control system and what are the component of a good internal control system?
 Importance of effective controls to the organization / external auditor
 Correlation of effective controls with the external auditor control risk
 What are objective of internal control system – e.g. sales system/ purchase system/ payroll system/
expenditure system?
What is an internal control system (ICS) and what are the component of a good internal control system?

 ICS is a system which consist of policies and procedures put in place by the management in an
organization for an orderly conduct of business.
 A good ICS consist of five elements:
1. Control environment
 Environment means culture / tone of the top management/ attitude of the top
management toward an internal control system / or is the commitment of the top
management to put in place a sound system
2. Entity risk assessment process
 Is a scanning process undertaken by the management to identify the loopholes/ the
weaknesses within the organization where things can go wrong/ or where they might be
an opportunity for someone to commit fraud. For e.g. the risk of theft of inventory from
the warehouse/ or risk that cash could be stolen/ or the risk that there is a collusion to
window dress the financial statements.
3. Information system
 Is a channel of communication where by issues/ problems/ weaknesses/ instances of
fraud or any unusual activity the organization is reported to the right level for prompt
actions. Information system help management to be alert of the ground realities and also
help them with the risk assessment process
4. Control activities
 The policies and procedures put in place by the management to mitigate the identified
risk. For e.g. segregation of duties , or authorization , password , physical security.
5. Monitoring of control
 Monitoring is a check and balance to ensure control activities are operating as effectively
as possibly, for e.g. the internal audit department is responsible for monitoring.
Sales system-

 Student note: The example shown in the lecture for sales system is to give you an idea of what exactly a
system consist of. You need to read the book for other system like purchase, cash, payroll and
expenditure.
 Each system like sales has an:
o Objective- which is the purpose why the system is needed or what the management want to
ensure from the system, for e.g. right quantity is dispatch to customer.
o Risk- what may go wrong against each objective, for e.g. incorrect quantities could be dispatch
customer
o Control activity- to mitigate the risk, for e.g. the customer order is reconciled with the good
dispatch note, if the order says 100 unit the dispatch note should also state 100 units
In exam context, from the topic 1, examining team do ask you to list the objectives of the systems for
max 4 marks just like in Sep/Dec 19 paper Q2(a)
 AA Online classes by Kashif Kamran 61

AA-AUDIT & ASSURANCE – BY KASHIF KAMRAN-FCCA

LECTURE 18 (IN SEQUENCE)

LECTURE 2 - SYLLABUS AREA -C

Topic 2: Evaluation of internal control system by auditor

Objective:

 Importance of evaluating internal controls by the auditor at the planning of stage of audit
 Connection of evaluating controls with risk
 How does an auditor evaluate/ document the internal control system?

Importance of evaluating internal controls by the auditor at the planning of stage of audit

 By evaluating internal control system (ICS) at the planning stage the auditor is in a position to conclude
on whether control system in place is effective or ineffective, which eventually help auditor to further
conclude on the level of control risk .
 As part of auditor knowledge of business, evaluation of controls are extremely beneficial for the auditor
to understand how much risk of material misstatement exist in the financial statement , helping
auditor to plan the audit in a more effective manner and becoming alert/ skeptical before the start.
Connection of evaluating controls with risk

 When evaluating control the auditor will reach one of the two conclusions below:
o Controls are strong= the control risk will become low = the risk of material misstatements in the
FS become low
o Controls are weak= the control risk will become high = the risk of material misstatements in the
FS become high
 Conclusion on control risk at the planning stage help shape the upcoming audit in terms of :
o Audit strategy
o Audit plan
o Skepticism needed during audit
How does an auditor evaluate/ document the internal control system?

 The auditor evaluates the internal control system through meeting or discussion with
management,internal auditor and audit committee.
 The evaluation can be documented using any of the four method:
1. Narrative notes- documentation is done in detail in like para/ bullet form and the system is
document in much more depth.
2. Flow chart – visual or a graphical presentation of the sequential steps/ control activities within
a system like sales system.
3. Internal control questionnaire (ICQ)- it’s a close end questionnaire, which work like box
ticking with yes / no or not applicable answer .
4. Internal control evaluation questionnaire (ICEQ)- it’s a more open end questionnaire, where
the auditor expect a more detailed reply from the management about control activities put in
place.
 Examiner question? – What are the advantages/ disadvantages of the methods to document system? Or
might ask you to explain a method?
 Slides covers the advantages and dis-advantages and has not been put on the word file
Assignments:

 Complete the three question marked on the title slide of topic 2 and email me your assignment at
[email protected]
 AA Online classes by Kashif Kamran 62

AA-AUDIT & ASSURANCE – BY KASHIF KAMRAN-FCCA

LECTURE 19 (IN SEQUENCE)

LECTURE 3 - SYLLABUS AREA -C

Topic 3: Test of controls (TOCs)

Objective: To understand – what test of controls are?

 Test of controls (TOCs) are audit procedures to gather sufficient appropriate audit evidence (SAAE)
that whether controls are operating effectively or not
 If controls are operating effectively:
o Control risk will go down
o Risk of material misstatement in FS will go down as well
o That means the auditor efforts to gather SAAE on financial statement will reduce
 If controls are not operating effectively:
o Control risk will go up
o Risk of material misstatement in FS will go up as well
o That means the auditor efforts to gather SAAE on financial statement will increase
Student note: TOCs are extremely important because of the conclusion of TOCs will help auditor define the
extent of audit procedures to be performed over the financial statements

Audit procedures

 There are TWO types of audit procedures which are designed by the auditor namely:
1. Test of controls (Syllabus C)
2. Substantive procedures (Syllabus D)
 TOCs – gathers SAAE that whether controls are or are not operating effectively
 SP- gather SAAE that FS are free/ or not free from material misstatement
List of audit procedures available to the auditor which can be performed either as test of control or as
substantive procedures are as follow:
1. Inquiry
2. Inspection
3. Recalculation
4. Re-performance
5. Observation
6. Analytical procedures
7. Confirmation letter
For e.g.

 The management claim they have a strong physical security at the warehouse (Control)
o Auditor will visit the warehouse and observe the physical security at the warehouse to
ensure its present and operating effectively. (TOC)
 There are strong password on the computer systems of the Alpha company (control)
o Auditor will enter some weak passwords on the computer system like for e.g. the name of the
company Alpha to ensure that the system reject it to confirm password are indeed strong.
(TOC)
 AA Online classes by Kashif Kamran 63

What is a good procedures?

1. Procedure whether it’s a TOC or a SP, should start with an action word/ verb – because procedure
means auditor is doing something. (look at the yellow highlighted part above).
2. Procedure whether it’s a TOC or a SP, should end with a purpose or an objective that is what the auditor
is trying to achieve with the procedure ( the purpose starts with – words like “to ensure / or “to
confirm” and basically its like asking yourself when writing a procedures “ why are you doing it?”)
3. Procedure whether it’s a TOCs or an SP, should have a source / subject matter
For e.g.
1. Observe the physical security at the warehouse to ensure its present and operating effectively. (TOC)
Student note: A good procedure = ASP= 1 mark

Definition of audit procedures

Audit procedure Definition/ examples

Inquiry (discuss) Inquiry is a discussion with management or internal auditor or within any one in the
organization. The purpose of inquiry is to discuss with management any issues/ or
any deviations/ or any inconsistencies , any variances or like the basis of an
assumption etc.
Inspection(Review) Inspection is to inspect or review the underlying document supporting controls or
financial system for e.g. review of good dispatch note, invoice, agreement, cash book,
bank statement, board minutes etc. Inspection also relates to physical inspection of
property, plant and equipment ( tangible assets) to confirm they exist.
Recalculation (SP) Recalculation is to recalculate the numbers already calculated by the
management to ensure they are accurate. For e.g. recalculate the depreciation
expense, interest e expense, amortization expense etc.
Re-performance (TOC) Re-perform means reperforming a process undertaken by management for e.g.
entering the password to confirm they are strong etc.
Observation (TOC) Observe means to watch something with eyes, ideally a process undertaken/ or an
ongoing process e.g. observe a physical security
Analytical procedures AP are audit procedures to investigate unusual trends in financial statement by
(SP) calculating ratios, trends, comparing budgets with actual etc.
Confirmation letter Confirmation letter is a letter send by the auditor to the third parties during audit
(SP) like debtors, creditors , bank to confirm directly from third parties the year end
balances payable or receivable by the company
 AA Online classes by Kashif Kamran 64

Walk through test- understanding & example

 In the first year audit, or an audit of an new audit client, the auditor will understand the system put in
place by the management e.g. sales, purchase, payroll etc. and document the system either by using flow
charts, narrative notes or questionnaire.
 In the next year audit known as recurring audit, the auditor will not document the system again, rather
will perform a walk through test of the system to ensure whether there any changes in the system, if there
is an change, only the change will be documented.
 For e.g. in the first year you documented the sales system whereby the management told you the
following:
o Step 1: order is received from customer ( we keep 2 copies of order)
o Step 2: Inventory level is checked
o Step 3: order is confirmed or rejected
o Step 4: order is dispatched
o Step 5: good dispatch note is raised to customer ( 2 copies of good dispatch note )
o Step 6: invoice is raised to customer
o Step 7: payment is followed up
 AA Online classes by Kashif Kamran 65

AA-AUDIT & ASSURANCE – BY KASHIF KAMRAN-FCCA

LECTURE 20 (IN SEQUENCE)

LECTURE 4 - SYLLABUS AREA -C

Topic 3: Test of controls (TOCs)

Objective: Practice of past papers

Example- What does a question on TOC expect from a student?
Mar/Jun 18- Q16 (a)
(a) In respect of the payroll system for Raspberry Co:
(i) Identify and explain FIVE KEY CONTROLS which the auditor may seek to place reliance on; and
(ii) Describe a TEST OF CONTROL the auditor should perform to assess if each of these key controls is operating
effectively.
Note: Prepare your answer using two columns headed Key control and Test of control respectively. The total
marks will be split equally between each part. (10 marks)

brainstorming
 Identify and explain FIVE KEY CONTROLS- you need to pick a good control put in place by the company over it
payroll system while you are reading the case. Once you identify the good control you need to explain why it is a
good control to fetch the full 1 mark. So if you only identify = 0.5 marks + if you explain why ? +0.5 marks= 1 mark
 Describe a test of control – for each key control identified above to assess if it is operating effectively. Each TOC is
worth 1 mark.

Answer

Key control Test of control

Raspberry company has a HR dept and a payroll Visit the departments in place at the Raspberry company,
department, which is a good segregation of duty as each to ensure payroll and HR department exist and function
department has a split of work and act as a good check and separately
balance
Pre-printed forms are completed by HR for all new Review a sample of pre-printed forms for new joiners to
employees is a good control as it ensure that each new ensure they are completed properly by the HR department
employee details are properly entered for further use by and signed.
the payroll department and for maintaining HR
recording
This quarterly bonus is entered into the system by a clerk Review the bonus listing for any particular quarter to
and each entry is checked by a senior clerk for input errors ensure the listing is signed by the senior clerk as an
prior to processing. The senior clerk signs the bonus evidence that the check was carried out by the senior clerk
listing as evidence of undertaking this review. This is a
good control as it demonstrate check and balance and
ensure no wrong bonus is entered or processed.
Production employees are issued with clock cards and are Observe the swiping process on any given day, and also
required to swipe their cards at the beginning and end of ensure in the observation that security exist to supervise
their shift. This process is supervised by security staff 24 the process
hours a day, is a good control because it will ensure that
only time worked is paid and no misuse of swiping card is
done because of the security present
Each card identifies the employee number and links into Review the hour worked report to confirm that such
the hours worked report produced by the payroll system, reports are produced as an evidence that the swiping
which automatically calculates the gross and net pay along system in well linked with payroll department
with relevant deductions, is a good control as the systems
are integrated and there is no manual processing which
limits errors.
On a quarterly basis, exception reports relating to changes Review the exception report for a given quarter to ensure
to the payroll standing data are produced and reviewed by that there is a signature of payroll director as an evidence
the payroll director, is a key control as, each change is that the exception report was indeed reviewed by the
justified and each change is checked to ensure the change is payroll director
required or logical.
 AA Online classes by Kashif Kamran 66

For production employees paid in cash, the necessary Observe the delivery of cash by security company at the
amount of cash is delivered weekly from the bank by a production facility to confirm that cash is securely
security company, as cash is susceptible to theft, the delivered. OR
deliverance of cash by security company is a good control Review the agreement with security company to confirm
as it reduces the chances of theft indeed there is an arrangement of delivery cash through
security company
Two members of the payroll department produce the pay Review the weekly payroll listing to confirm its signed by
packets, one is responsible for preparing them and the both members as an evidence of the task undertaken
other checks the finished pay packets, is a good segregation
of duty as such control limit the errors in preparing pay
packets, and result in right amount paid to right employees
Monthly management accounts are produced which detail Review the monthly management account to confirm they
variances between budgeted amounts and actual, is a good are produced for variance analysis
key control as it help management with a variance analysis
and also keep a check on the actuals not exceeding budgets

Assignments

 M/J 21 Q1a
 M/J 20 Q2a
 AA Online classes by Kashif Kamran 67

AA-AUDIT & ASSURANCE – BY KASHIF KAMRAN-FCCA

LECTURE 21 (IN SEQUENCE)

LECTURE 5 - SYLLABUS AREA -C

Topic 3: Test of controls (TOCs)

Objective: S/D 20 Scenario 2(b)- 14 marks

Key control Test of control

The company has a human resources (HR) (Complete this yourself as already done in M/J 18
department which is responsible for setting up all paper)
new joiners and a payroll department which
processes wages and salaries (Complete this yourself
as already done in M/J 18 paper)
HR completes a joiners’ form which includes a (Complete this yourself as already done in M/J 18
unique employee number for each new paper)
employee(Complete this yourself as already done in
M/J 18 paper)
On a monthly basis, an exception report relating to (Complete this yourself as already done in M/J 18
changes to the payroll standing data is produced and paper)
reviewed by the payroll manager who evidences this
review. (Complete this yourself as already done in
M/J 18 paper)
The payroll supervisor selects a sample of the Auditor should select a sample of payslips and re-
payslips, re-performs the gross to net pay calculations perform the gross and net pay calculations to ensure
and investigates any discrepancies. The sampled the totals agree to that calculated by the computer
payslips are then signed as evidence of this review, is system. OR
a key control as it ensures that no over or under Review a sample of payslips reviewed by the
payment of salary is made to employees supervisor to ensure they are signed as an evidence of
the process undertaken
A multi-part purchase order is generated and the Review a sample of purchase order below $5000
purchasing manager authorises all orders up to and above $5000 to ensure that the segregation
$5,000. Orders over $5,000 are authorised by the between manager and director exist as is evident
purchasing director, this is a good segregation of duty from their signature.
as it any misuse or over ordering by any employee.
They agree the goods received to the purchase order Review a sample of GRN to ensure they are properly
and check the quantity and the quality of the goods. signed as an evidence that the check versus order was
On completion of those checks a goods received note performed OR
(GRN) is produced, this is a good control as this will Observe the good receiving process at the warehouse
allow company only to accept good ordered / and only to ensure that orders received are checked versus
to accept good if they are of quality. order and then a GRN is produced
One copy of the GRN is then signed and filed in the Review a sample of GRNs to ensure they have two
warehouse. Another copy of the GRN is sent to the copies with one properly filed in warehouse and the
finance department is a key control as the copy send one filed in finance department as a evidence that
to finance dept will help finance dept reconcile the two copies of the document is produced.
invoice with GRN to ensure correct invoice is raised
by supplier.
Supplier statement reconciliations are performed on Review a sample of monthly supplier reconciliation to
a monthly basis. All differences are fully investigated, ensure they are prepared and the signature on the
and the financial controller reviews these reconciliation will provide evidence to auditor that
reconciliations. This is an effective control as the the reconciling items are reviewed by financial
investigation of the reconciling items will ensure that controller.
no over or under payment is made to supplier and no
conflict arises between the supplier and company
 AA Online classes by Kashif Kamran 68

Invoices are paid in accordance with the supplier’s Review a sample of invoice to ensure they are
credit terms. The finance director authorises the properly authorize by the finance director as an
bank transfer payment list for suppliers having first evidence that invoice were reviewed to supporting
agreed the amounts to be paid to supporting document before payment was released to the
documentation and having reviewed the list for supplier.
duplicate payments. This is a good control as it
reduces the risk of over payment or duplicate
payment to supplier

Assignments

 M/J 21 Q1a
 M/J 20 Q2a
 AA Online classes by Kashif Kamran 69

AA-AUDIT & ASSURANCE – BY KASHIF KAMRAN-FCCA

LECTURE 22 (IN SEQUENCE)

LECTURE 6 - SYLLABUS AREA -C

Topic 4: Communicating deficiencies in internal controls

Objective:

 To understand how the auditor communicate the deficiencies in internal control to management / those
charged with governance (TCWG) (ISA-265)
 What an exam question expect from the student and how to go about solving it?
Communicating deficiencies in internal controls to management/ TCWG

 Deficiencies identified by the auditor in the internal control system through the test of control should
be communicated on a timely basis to management / and to those charged with governance
 Management – means the middle management / managers/ level 2 of the organization (Tactical
management
 TCWG- means the strategic management of the organization which includes the board of directors and
the NEDs ( primarily the audit committee)
 The deficiencies are communicated formally through a letter known as management letter written by
the auditor to the management after completing the test of control procedures.
 The management letter includes:
 The weakness
 The consequence of the weakness for the company
 Recommendation – on how to overcome the weakness (value addition)
 What are significant deficiencies in internal controls? – Knowledge
 Significant deficiency is the judgement of the auditor, whereby the auditor need to
carefully exercise professional judgement to conclude what make a deficiency
significant.
 Any deficiency which affects the reputation of company or which affects the key
stakeholders ( like customers for example) or which can result in misuse of
company’s resources like lack of authorization can result in employees buying
assets for personnel use.
 A deficiency around a key control or key policy of the organization will also be
considered as significant

Test of knowledge- student guidance

 What types of deficiencies are communicated to TCWG?

o The deficiencies not rectified by the management
o The ones which are significant
 AA Online classes by Kashif Kamran 70

Exam perspective
Question and examiner expectation from students:
Example June 18 Q16B
Identify and explain FIVE DEFICIENCIES in Raspberry Co’s payroll system and provide a recommendation
to address each of these deficiencies.
Note: Prepare your answer using two columns headed Control deficiency and Control recommendation
respectively. (10 marks)

How to fetch marks:

 If you just identify the weakness from the case it is worth 0.5 marks. However if you explain why it is a
weakness/ or you justify the consequence of the weakness for the company you will fetch another 0.5
marks. Each weakness well explained is worth 1 mark
 For providing recommendation, each recommendation is worth 1 mark. (suggesting what should be
done to rectify the weakness )

Sep/Dec 19 Scenario 2b

I. Identify and explain SEVEN DEFICIENCIES in Amberjack Co’s sales and dispatch system and provide a
recommendation to address each of these deficiencies. (14 marks)
II. Includes a covering letter ( 2 marks for covering letter)
 AA Online classes by Kashif Kamran 71

Sep/Dec 19 Scenario 2b (with a covering letter / report style writing)

I. Identify and explain SEVEN DEFICIENCIES in Amberjack Co’s sales and dispatch system and provide a
recommendation to address each of these deficiencies. (14 marks)
II. Includes a covering letter ( 2 marks for covering letter)

Report to management

Board of directors
Amberjack Co
Address line 1
Address line 2
Address line 3
1 July 20X5

Dear Sirs,

Audit of Amberjack Co for the year ended 30 April 20X5

Please find enclosed the report to management on deficiencies in internal controls identified during the audit
for the year ended 30 April 20X5. Please note that this report only addresses the deficiencies identified during
the audit and if further testing had been performed,
then more deficiencies may have been reported.
This report is solely for the use of management and if you have any further questions, then please do not hesitate
to contact us.

Yours faithfully

An audit firm

Appendix

Control Deficiency Control Recommendation

Credit limits are subsequently assigned by the The credit limits should be assigned by a more senior
receivable ledger clerk. Clerk isn’t the right staff from the receivable department
person to do such a critical task of setting credit
limit because if credit limits are set too high it will
increase bad debt risk for the company or if set
too low will result in losing customer.
Credit controller has been transferred to internal Till the time the replacement is found, someone like a
audit dept for six months and no replacement finance manager or a finance director should work as
found. This means there is no credit controller credit controller on a temporary basis
functioning in the company and that means that
outstanding debts or overdue invoices from
customers will not be chased and will increase
company’s bad debts
There are three parts of a good dispatch note. No There should be four parts of the GDN with one being
good dispatch note is sent to ordering sent to ordering dept.
department, so the ordering dept will have no
information whether the good ordered by
customer has been dispatched or not.

Assignment – complete the last 2 para of the scenario and identify 2 more weaknesses and email me the
assignment for checking.
 AA Online classes by Kashif Kamran 72

AA-AUDIT & ASSURANCE – BY KASHIF KAMRAN-FCCA

LECTURE 23 (IN SEQUENCE)

LECTURE 7 - SYLLABUS AREA -C

Topic 4: Communicating deficiencies in internal controls

Objective: Practice M/J -2020

Requirement:

 Identify and explain the FIVE deficiencies in the internal control at Snowdon’s company and give
recommendation to overcome deficiencies? 10 mark

Answer plan

Control deficiency Control recommendation

Snowdon has a small internal audit department which The internal audit department should be properly
is under resourced and experienced staff shortage, resources and the human resource management
this will result in lack of monitoring of the overall should take step to induct more employees in the
internal controls at Snowdon company which will internal audit department
increase the chances of fraud and errors.
Each training center is allocated a capital expenditure The Snowdon should ensure that budgets are made
budget however the training center has already with proper inputs from relevant department to avoid
exceed budgets allocated. This means there is over actuals exceeding budget
spending against budget which is either due to the fact
that the budget were not properly developed or there
is a lack of check and balance on the expenditures by
the training centre result in excessive expenditure.
FD sets the criteria for capital and revenue Another person should be assigned to check whether
expenditure and later on a sample basis check that the criteria has been followed or not as this will bring
criteria has been followed. This is like a self review by more independence to the check process
the finance director and the director will not be
criticizing any issues in the criteria set. Thus the
criteria could be wrong as it is not properly checked
The internal dept only check an asset recorded in The internal audit dept should carry out a two way
register to confirm it physically exist but no check is check i.e. from register to physical and vice versa
made to confirm if an asset physically existing is
recorded. Thus if there is an asset existing at the
training centre and is not recorded it will result in
understatement of the assets.
Only 9 training centres have been picked up for The internal audit dept once properly resourced,
verification by the internal audit department out of should increase the sample size of the centres selected
the total 45 centre. This mean a significant number of so that the sample covers significant numbers of the
centre will not be monitored or checked and if there is total centre.
an issue or weaknesses at other centres will not be
higligthed.

Assignment-

 complete the remaining question, see how many more weaknesses can you identify from Snowdon
payroll and sales system.
 Practice another 3 questions after completing July 2020 question – chose the three to practice from the
list of question provided on the title slide of topic 4
 AA Online classes by Kashif Kamran 73

Knowledge – July 2020 – Scenario 2

Describe FOUR matter that audit should consider to confirm whether a deficiency in internal is significant?

 The deficiency which is around the key controls of the internal controls system put in place by the
management
 It is the judgement of the auditor in context of the situation to conclude whether the weakness is
significant or not
 Any weakness identified which is capable of effecting company reputation
 Any weakness identified which is capable of affect relationship with key stakeholder like major customer
or major supplier.
 AA Online classes by Kashif Kamran 74

AA-AUDIT & ASSURANCE – BY KASHIF KAMRAN-FCCA

LECTURE 24 (IN SEQUENCE)

LECTURE 8 - SYLLABUS AREA -C

Topic 5: Differences between external and internal audit

 External auditor – the scope is governed by laws and regulations ( ISAs), reports to the shareholder, carefully
plan the audit of the financial statements and the audit report is governed by ISA 700.
 Internal auditor- is a department within an organisation, if the audit committee is present the audit committee
decides on the scope of internal audit function, else it’s the management deciding the scope. There is a greater
diversity in the scope of internal audit function, and the internal audit plan for each of the assignment or each of
the task allocated to the internal auditor. There is flexibility in the report format as there is no prescribed format
for internal auditor.

Topic 6: Scope of the internal audit function (IA)

 Assignments of the internal audit(IA) function ( vary from a company to company)

1. Financial audit- the IA review the effectiveness of the financial system in place to ensure they are operating
effectively. The financial system includes, ledger, books of prime entry, reconciliation, trial balances, control
accounts etc.
2. Operational audit- the IA review the effectiveness of the supply chain of the organization, that is, procurement/
purchasing of raw material, manufacturing (converting raw material to finished good), storage ( warehousing),
distribution and sales.
3. IT audit – the IA review the effectiveness of the IT systems put in place in the organization including the IT
control, security etc. The IA also review the effectiveness of the website, the e-commerce etc.
4. Legal audit – the IA ensure the effectiveness of compliance with laws and regulations ( statutory laws of the
country applicable to the industry or the company)
5. Value for money audit – is also known as 3Es audit, ( economy, efficiency and effectiveness). In the VFM audit the
IA, ensure that the activities carried out during the year, adhered to the principles of 3Es. Any inefficiencies or any
ineffectiveness or any thing against economy should be reported.
6. Fraud examination – the IA ensure that if a fraud has taken place in a company, the IA will investigate the reason
how it took place, who was involved in and the amount of loss.

Requirement :

If a question in exam paper, just like the March/ June 18 paper, ask for:

 Explain the assignments the internal auditor can perform? – 6 marks ( so each assignment is worth 1
mark)

A question in exam paper can ask you, explain the term value for money audit ?

A question asking for advantages and disadvantages of outsourcing had been very common in old past papers so
ensure you cover this area well and you can explain them in like proper manner.