Auditing Fundamentals in A SA Context 2e

[SECOND EDITION]
AUDITING FUNDAMENTALS
in a South African Context
Frans Prinsloo (editor) Pieter Von Wielligh (editor)

Gerrit Penning | Rika Butler | Dana Nathan (Josset)
Graeme O’Reilly | Rolien Kunz | Vincent Motholo
Riaan Rudman | Henriette Scholtz
[SECOND EDITION]
AUDITING FUNDAMENTALS
in a South African Context
Oxford University Press is a department of the University of Oxford. It
furthers the University’s objective of excellence in research, scholarship, and
education by publishing worldwide. Oxford is a registered trade mark of
Oxford University Press in the UK and in certain other countries.
Published in South Africa by
Oxford University Press Southern Africa (Pty) Limited
Vasco Boulevard, Goodwood, N1 City, Cape Town, South Africa, 7460
PO Box 12119, N1 City, Cape Town, South Africa, 7463
© Oxford University Press Southern Africa (Pty) Ltd 2018
e moral rights of the author have been asserted.
First published 2014
Second edition published in 2018
All rights reserved. No part of this publication may be reproduced, stored in
a retrieval system, or transmitted, in any form or by any means, without the
prior permission in writing of Oxford University Press Southern Africa
(Pty) Ltd, or as expressly permitted by law, by licence, or under terms agreed
with the appropriate reprographic rights organisation, DALRO, e
Dramatic, Artistic and Literary Rights Organisation at [email protected].
Enquiries concerning reproduction outside the scope of the above should be
sent to the Rights Department, Oxford University Press Southern Africa
(Pty) Ltd, at the above address.
You must not circulate this work in any other form and you must impose
this same condition on any acquirer.
Auditing Fundamentals in a South African Context (second edition)
ISBN 978 0 19 074904 0
eBook ISBN 978 0 19 075422 8
Typeset in Utopia Std Regular 10.5pt on 13pt
Acknowledgements
Publisher: Penny Lane
Development editor: Edward Ndiloseph
Project manager: Lindsay-Jane Lücks
Copy editor: Allison Lamb
Proofreader: Patricia Myers Smith
Indexer: Michel Cozien
Designer: Yaseen Baker
Typesetter: Mark Standley Design (Pty) Ltd
Reproduction by: Name Surname
Cover reproduction by: Judith Cross
XYZ Printing Company
e authors and publisher gratefully acknowledge permission to reproduce
copyright material in this book. Every effort has been made to trace
copyright holders, but if any copyright infringements have been made, the
publisher would be grateful for information that would enable any
omissions or errors to be corrected in subsequent impressions.
Links to third party websites are provided by Oxford in good faith and for
information only. Oxford disclaims any responsibility for the materials
contained in any third party website referenced in this work.
Contents in brief
PART A: THE CONTEXT WITHIN WHICH THE EXTERNAL

AUDITOR OPERATES
Chapter 1 Introduction
Chapter 2 Ethics
Chapter 3 Legal responsibilities of the auditor
PART B: THE AUDITEE’S RESPONSIBILITY FOR

FINANCIAL INFORMATION
Chapter 4 Basic concepts of governance and internal

control
Chapter 5 Introduction to risks and internal controls in a
computerised environment
Chapter 6 Revenue and receipts cycle
Chapter 7 Purchases and payments cycle
Chapter 8 Inventory and production cycle
Chapter 9 Human resources cycle
Chapter 10 Investment and nancing cycle
PART C: THE EXTERNAL AUDIT PROCESS
Chapter 11 Overview of the audit process

Chapter 12 Pre-engagement and planning activities
Chapter 13 Audit procedures: Essential concepts
Chapter 14 Audit procedures: Speci c considerations
Chapter 15 Completion of the audit
Chapter 16 e independent review
Appendix: Examples of cycle documentation related to the

business cycles
Bibliography
Index
Contents
Acknowledgements
Preface
List of authors
About the book
Ntsimbi Piping (Pty) Ltd Company Pro le
PART A: THE CONTEXT WITHIN WHICH THE EXTERNAL

AUDITOR OPERATES
CHAPTER 1 Introduction
Learning outcomes
Reference list
1.1 Background
1.2 What is the purpose of and need for accounting records?
1.2.1 Purpose of accounting records
1.2.2 Examples of accounting records
1.3 What is the objective of and need for nancial
statements?
1.3.1 e objective of nancial statements
1.3.2 Responsibility for accounting records and
nancial statements
1.3.3 e assertions made by the preparers of the
nancial statements
Companies Act requirements for accounting
1.3.4 records and nancial statements
1.4 Why are external auditors needed and what is the
purpose of an external audit?
1.4.1 e need for external auditors
1.4.2 e history of auditing
1.4.3 e history of the external auditing profession in
South Africa
1.4.4 e purpose of an external ( nancial statement)
audit
1.4.5 Providing assurance
1.4.6 e de nition of an external audit
1.4.7 Auditing postulates
1.4.8 Types of auditors
1.5 What are examples of major corporate accounting
scandals in recent years?
1.5.1 International corporate accounting scandals
1.5.2 South African corporate accounting standards
1.6 What are the structures of the accounting and auditing
professions?
1.6.1 Professional bodies
1.6.2 International accounting bodies
1.6.3 Structure of the accounting and auditing
professions in South Africa
Assessment questions
CHAPTER 2 Ethics
Learning outcomes
Reference list
2.1 What is the nature of ethics?

2.2 Why do professions have codes of ethics?
2.2.1 Background to codes of ethics of professions
2.2.2 Rules-based versus principles-based codes of
ethics
2.2.3 Examples of ethical misconduct by auditors
2.3 What are the ethical codes and rules applicable to
external auditors in South Africa?
2.4 What constitutes prohibited actions for the external
auditor?
2.4.1 IRBA Rules Regarding Improper Conduct
2.4.2 SAICA’s punishable offences
2.5 How do the SAICA and IRBA disciplinary processes
work?
2.5.1 SAICA disciplinary process
2.5.2 IRBA disciplinary process
2.5.3 Examples of SAICA and IRBA disciplinary
processes
2.6 What is the content of the SAICA and IRBA Codes of
Professional Conduct?
2.6.1 Background to the SAICA and IRBA Codes of
Professional Conduct
2.6.2 Differences between SAICA and IRBA Codes of
2.6.3 e SAICA Code of Professional Conduct (CPC)
2.6.4 Part 1: Complying with the code: Conceptual
framework approach
2.6.5 Part 2: Professional accountants in business
2.6.6 Part 3: Professional accountants in public
practice
2.6.7 International Independence Standards (Part 4)
2.7 How does ethics t into the audit process?
CHAPTER 3 Legal responsibilities of the auditor

Learning outcomes
Reference list
3.1 Introduction
3.1.1 Legislation and regulations governing the audit
function
3.1.2 Legislation and regulations with which the
auditor has to be familiar
3.2 What are the statutory and regulatory requirements for
an audit?
3.2.1 Companies that have to be audited
3.2.2 What if a company does not have to be audited?
3.3 How does the statutory appointment, removal and
rotation of the auditor work and what are his or her
rights?
3.3.1 Requirements to be met by the auditor in order to
be appointed
3.3.2 Appointment of the auditor
3.3.3 Resignation of the auditor
3.3.4 Dismissal of the auditor
3.3.5 Appointment of a replacement auditor
3.3.6 Rotation of auditors
3.3.7 Statutory rights of the auditor
3.4 What are the statutory requirements to practise as an
auditor?
3.4.1 e requirements to become a Registered Auditor
3.4.2 Firms as Registered Auditors
3.4.3 Limitations on what an auditor may do
3.4.4 Statutory duties of auditors
3.4.5 Inspections of auditors
3.4.6 Liability of auditors for losses suffered by the
client and/or third parties
3.5 What does the auditor’s statutory responsibility to
identify and respond to Reportable Irregularities entail?
3.5.1 De nition of a Reportable Irregularity
3.5.2 e auditor’s reporting duties with regard to
Reportable Irregularities
3.5.3 e implications of a Reportable Irregularity for
the auditee
3.6 How is auditing in the public sector different from
auditing in the private sector?
3.6.1 Background to auditing in the public sector
3.6.2 Who performs public sector audits?
3.6.3 To what standards are these public sector audits
conducted?
3.7 What other legislation or regulations may impact on the
scope of the audit function?
3.7.1 e JSE Listings Requirements
3.7.2 What special quali cations are required to audit a
company listed on the JSE?
3.7.3 What are the speci c responsibilities of auditing
rms and individual auditors conducting audits
of companies listed on the JSE?
3.7.4 e Sarbanes–Oxley Act of 2002
3.8 What role can the auditor play to aid good corporate
governance?
3.8.1 e combined assurance model
3.8.2 e concept of combined assurance
3.8.3 e role of the audit committee with regard to the
external audit function
PART B: THE AUDITEE’S RESPONSIBILITY FOR

CHAPTER 4 Basic concepts of governance and internal control

Learning outcomes
Reference list
4.1 What is governance?

4.2 What is the relationship between governance and
internal control?
4.2.1 Risks in a business
4.2.2 Risk management
4.3 What is internal control?
4.3.1 A system of internal control
4.3.2 Components of a system of internal control
4.3.3 Inherent limitations of a system of internal
control
4.3.4 Impact when the system of internal control does
not operate as intended
4.4 How does one design a system of internal control?
4.4.1 Step 1: Identify the risks
4.4.2 Step 2: Formulate control objectives
4.4.3 Step 3: Design a system of appropriate internal
controls
CHAPTER 5 Introduction to risks and internal controls in a

computerised environment
Learning outcomes
5.1 Introduction
5.2 How has information technology evolved?
5.3 How and why do companies have to govern their
computer information systems?
5.4 What is the impact of upgrading a manual accounting
system to an electronic accounting system?
5.5 What are the key components of a computer information
system?
5.6 How does a computerised accounting system operate?
5.7 How are computer controls classi ed?
5.8 How are general controls classi ed?
5.8.1 Organisational controls and personnel practices
5.8.2 System development and change controls
5.8.3 Access controls
5.8.4 Business continuity controls
5.8.5 Operating controls and system maintenance
controls
5.9 Which controls relate to the computerised processing of
business transactions?
5.9.1 Background
5.9.2 Manual versus computer controls
5.9.3 Overview of application controls
5.10 How are controls identi ed in advanced technologies?
5.10.1 Electronic commerce, electronic funds transfers
and other data communication
5.10.2 Service organisations, outsourcing and data
warehousing
Appendix: Electronic funds transfer controls
Appendix: Accounting information systems
CHAPTER 6 Revenue and receipts cycle

Learning outcomes
Reference list
6.1 What are the nature, purpose and accounting

implications of the cycle?
6.1.1 e nature and purpose of the cycle
6.1.2 Forms of revenue from sale of goods and
rendering of services
6.1.3 e varied nature of the cycle
6.1.4 How transactions in the cycle are triggered
(initiated)
6.1.5 Major accounts affected by the cycle
6.1.6 IFRS 15 and the treatment of revenue for nancial
reporting purposes
6.2 What functional areas occur in the cycle?
6.2.1 Description of the functional areas
6.2.2 Summary of functional areas by department
6.3 What information system is used in the cycle?
6.3.1 Accounting for revenue and receipt transactions
6.3.2 Supporting documents, journals and ledgers
6.3.3 Databases and master les (computerised
systems only)
6.3.4 Reports
6.3.5 Reconciliations
6.3.6 Illustration: Transaction ow in the revenue and
receipts cycle
6.4 What could go wrong (risks) in the cycle?
6.4.1 Financial reporting risks
6.4.2 Misappropriation risks
6.5 What computer technologies are used in the cycle?
6.5.1 Point-of-sale systems and barcode scanning
6.5.2 Electronic funds transfer
6.5.3 Online sales (internet-based)
6.6 What are the control objectives in the cycle?
6.6.1 Control objectives in the cycle
6.6.2 Achievement of the control objectives in the cycle
6.6.3 Link between the control objectives in the cycle
and management’s assertions
6.7 What are the controls in the cycle (manual and
computerised)?
6.7.1 Internal control activities in the cycle
6.7.2 Internal control tables
6.8 Cycle illustration: e revenue and receipts cycle at
Ntsimbi Piping
6.8.1 Credit management
6.8.2 Receiving orders from customers
6.8.3 Authorisation of sales orders
6.8.4 Picking of goods from warehouse
6.8.5 Despatch and delivery of goods to customers
6.8.6 Invoicing
6.8.7 Recording of sales in the accounting records
6.8.8 Receipt of cash from customers
6.8.9 Recording of receipts in the accounting records
6.8.10 Processing and recording of returns and other
sales adjustments
CHAPTER 7 Purchases and payments cycle

Learning outcomes
7.1.2 Forms of purchases
(initiated)
7.1.5 Example of a typical transaction in the purchases
and payments cycle
7.1.7 Accounting treatment of certain speci c
transactions in the cycle
7.2.1 Description of functional areas
7.3.1 Accounting for purchases and payments
transactions
systems only)
7.3.4 Reports
7.3.6 Illustration: Transaction ow in the purchases
and payments cycle
7.5.1 Electronic funds transfer (EFT)
7.5.2 Electronic data interchange (EDI)
computerised)?
7.8 Cycle illustration: e purchases and payments cycle at
Ntsimbi Piping
7.8.1 Purchase requisition
7.8.2 Ordering goods from suppliers
7.8.3 Receiving goods from suppliers
7.8.4 Recording of purchases
7.8.5 Payment preparation
7.8.6 Paying the supplier
7.8.7 Recording of payment
7.8.8 Returning goods and recording a purchase return
CHAPTER 8 Inventory and production cycle

Learning outcomes
Reference list

8.1.2 Types of inventory and production
8.1.4 e link between this cycle and the other cycles
(initiated)
8.1.6 Example of a typical transaction in the inventory
and production cycle
8.1.8 IAS 2 and the treatment of inventory for nancial
reporting purposes
8.3.1 Accounting for inventory and production
transactions
systems only)
8.3.4 Reports
8.3.6 Illustration: Transaction ow in the inventory and
production cycle
computerised)?
8.7.3 Controls relating to the conducting of inventory
counts
8.8 Cycle illustration: e inventory and production cycle at
Ntsimbi Piping
8.8.1 Background to inventory and production
8.8.2 Storage of raw material
8.8.3 Production planning
8.8.4 Transfer raw materials to production
8.8.5 Production
8.8.6 Transfer nished goods to nished goods
warehouse
8.8.7 Storage of nished goods
8.8.8 Update of costing records
8.8.9 Inventory counts
8.8.10 Maintenance of inventory records
CHAPTER 9 Human resources cycle

Learning outcomes
9.1.2 Relationship with other cycles
(initiated)
9.1.6 Applicable accounting standards, legislation,
listings requirements and corporate governance
principles
9.1.7 Executive remuneration
9.1.8 Deductions from employees’ remuneration
9.2.1 Description of the functional areas in the cycle
9.3 What information system is used in this cycle?
9.3.1 Accounting for salaries, wages and related
transactions
systems only)
9.3.4 Reports
9.3.6 Illustration: Transaction ow in the human
resources cycle
9.5.1 Access control systems
9.5.2 Payroll software
computerised)?
9.8 Cycle illustration: e human resources cycle at Ntsimbi
Piping
9.8.1 Background to the human resources cycle of
Ntsimbi Piping
9.8.2 Appointment of employees and personnel
records
9.8.3 Time keeping – wage-earning employees
9.8.4 Calculation and recording of salaries and wages
9.8.5 Payment preparation and payment of wages and
salaries
9.8.6 Payment of deductions
9.8.7 Recording the salary and wage transactions in the
accounting records
CHAPTER 10 Investment and nancing cycle

Learning outcomes
Reference list

10.1.2 Forms of transactions and major accounts
affected by the cycle
10.1.3 Characteristics of the investment and nancing
cycle
10.1.4 Relevant accounting standards
(initiated)
10.2.1 Financing
10.2.2 Investments
10.3.1 Accounting for investment and nancing
transactions
10.3.2 Supporting documents and journals
10.3.3 Illustration: Transaction ow in the investment
and nancing cycle
10.4.1 Financial statement level risks
10.4.2 Assertion level risks
computerised)?
10.8 Cycle illustration: e investment and nancing cycle at
Ntsimbi Piping
PART C: THE EXTERNAL AUDIT PROCESS
CHAPTER 11 Overview of the audit process

Learning outcomes
Reference list
11.1 Introduction
11.2 What terminology is used by the auditor when
performing an audit?
11.3 What are the objectives of an audit?
11.4 What are the International Standards on Auditing
(ISAs)?
11.5 How is the audit and audit evidence documented?
11.5.1 Characteristics of audit evidence
11.6 What are the stages in the audit process?
11.6.1 What are pre-engagement activities?
11.6.2 What are planning activities?
11.6.3 Obtaining audit evidence
11.6.4 Evaluating, concluding and reporting
11.7 How do computerised environments impact on the audit
process?
11.8 Is there a link between the stages of the audit process
and the ISAs?
CHAPTER 12 Pre-engagement and planning activities
Learning outcomes
Reference list
12.1 Introduction
12.1.1 e concepts of overall audit strategy, audit plan
and audit approach
12.2 How does the auditor perform pre-engagement
activities?
12.2.1 Requirements
12.2.2 Application in practice
12.3 How are the terms of the engagement documented?
12.3.1 Importance of documenting the terms
12.3.2 Contents of the engagement letter
12.4 How does the auditor obtain an understanding of the
entity?
12.4.1 Aspects of the entity to be understood
12.4.2 Method of obtaining the understanding
12.5 How does the auditor assess the risk of material
misstatement?
12.5.1 Conceptual aspects of risk assessment
12.5.2 e need to consider risk arising from going
concern issues
12.5.3 e need to consider risk arising of fraud
12.5.4 Identi cation of risks that require special audit
consideration (signi cant risks)
12.5.5 Risks for which substantive procedures alone do
not provide sufficient audit evidence
How can the auditor respond to identi ed risks of
12.6 material misstatement?
12.6.1 Responding to detection risk at the nancial
statement level
12.6.2 What options are available to the auditor to
achieve desired changes to the level of detection
risk at the nancial statement level?
12.6.3 Responding to detection risk at the account
balance/class of transactions/disclosure level
12.6.4 e implications of combined testing versus
substantive testing
12.6.5 Updating the audit approach and plan
throughout the audit 523
12.7 What is materiality and how is it calculated?
12.7.1 De nition
12.7.2 Calculating materiality
12.8 Attending to the logistics of the audit
CHAPTER 13 Audit procedures: Essential concepts

Learning outcomes
Reference list
13.1 Where do audit procedures t into the audit process?

13.2 What are audit objectives?
13.3 What is the nature of further audit procedures?
13.3.1 Determinants of the nature of the further audit
procedures
13.3.2 Tests of controls
13.3.3 Substantive procedures
13.3.4 Dual purpose audit procedures
13.3.5 Revision
13.4 What is the timing of further audit procedures?
13.4.1 Determinants of the timing of further audit
procedures
13.4.2 Interim tests of controls
13.4.3 Interim substantive procedures
13.4.4 Relying on audit evidence obtained in prior
audits
13.5 What is the extent of further audit procedures?
13.5.1 Audit sampling
Appendix
CHAPTER 14 Audit procedures: Speci c considerations

Learning outcomes
Reference list
14.1 Introduction
14.2 How do we formulate the nature of further audit
procedures for speci c classes of transactions or account
balances?
14.2.1 Wages: Attendance of a wage payout
14.2.2 Cash and bank
14.2.3 Inventory: Attendance of inventory counts
14.2.4 Creditors reconciliations
14.3 What are the requirements of International Standards on
Auditing for dealing with speci c complexities that may
be encountered when performing audit procedures?
14.3.1 External con rmations
14.3.2 Management’s written representations
14.3.3 Accounting estimates
14.3.4 Use of other parties in the audit
14.4 What are computer-assisted audit techniques (CAATs)?
14.4.1 e basics of CAATs
14.4.2 e auditor’s use of computer software to assist in
the audit
14.4.3 Reasons for the use of CAATs in the audit process
14.4.4 Application of CAATs in the audit process
14.4.5 Steps in planning and performing CAATs
Appendix: CAATs example
CHAPTER 15 Completion of the audit

Learning outcomes
Reference list
15.1 Introduction
15.2 What is the auditor’s responsibility regarding
subsequent events?
15.2.1 Introduction
15.2.2 Various periods pertaining to subsequent events
15.2.3 Auditor’s responsibility
15.3 What is the auditor’s responsibility regarding the going
concern basis of accounting?
15.3.1 Introduction
15.3.2 Management’s responsibility
15.3.4 Business rescue and its impact on the audit
15.4 How does the auditor deal with uncorrected
misstatements in the nancial statements?
15.4.1 Misstatements identi ed during the audit
15.4.2 Final materiality
15.4.3 Evaluating the materiality of uncorrected
misstatements
15.4.4 Impact of uncorrected misstatements on the
nancial statements and auditor’s report
15.5 How does the auditor draft the auditor’s report?
15.5.1 Introduction
15.5.2 Contents of the auditor’s report
15.5.3 Types of audit opinions
15.5.4 Other sections in the auditor’s report
15.5.5 Impact of the auditee’s going concern ability on
the auditor’s report
CHAPTER 16 The independent review

Learning outcomes
Reference list
16.1 What is an independent review?

16.1.1 e nature of an independent review
16.1.2 Differences between independent reviews and
audits
16.2 What are the statutory and regulatory requirements
surrounding an independent review?
16.2.1 Applicability of independent reviews
16.2.2 Persons eligible to perform independent reviews
16.2.3 Reportable Irregularities discovered during an
independent review
16.2.4 e scope of an independent review
16.3 How does one conduct an independent review?
16.3.1 Activities prior to, and during, the acceptance of
the engagement
16.3.2 Planning the engagement
16.3.3 Performing the engagement
16.3.4 Finalising the engagement
16.3.5 Reporting on the engagement
16.3.6 Documenting the engagement
Appendix: Examples of cycle documentation related to the
business cycles
Bibliography
Index
Acknowledgements
e publisher, editors and authors appreciate the valuable

collaboration and support kindly provided by the auditing, forensics,
advisory and tax rm Nolands, during the process of developing and
updating this text.
In addition, the publisher and editors express sincere appreciation
to Gretha Steenkamp, MAcc (Computer Auditing), CA(SA) for her
valued support in updating the annual nancial statements of Ntsimbi
Piping Proprietary Limited used within this text.
Preface
roughout the development of this text, from conceptualisation to

nalisation, the focus of the author-team was on meeting the learning
needs of undergraduate auditing students at South African universities
who are introduced to the subject for the rst time. e many decades
of collective experience of the editors and authors (who have lectured
auditing at both undergraduate and postgraduate levels at a number of
South African universities, and who have gained an in-depth
understanding of the difficulties that students experience with auditing
as a subject) was used to develop a text speci cally tailored to
undergraduate auditing students, recognising the unique South African
context. Every attempt has been made to keep the language used in the
text as straightforward as possible and to ‘tell auditing as a story’.
e text follows a conceptual, principles-based approach
throughout. is approach has been designed to encourage a proper
understanding of the subject matter and to discourage memorisation or
‘rote-learning’, which is often the result of a lack of understanding.
In order to address the confusion that students often experience in

relation to the roles of management and the external auditor, the text is
organised into three distinct parts, namely:
1. e context within which the external auditor operates (Chapters
1 to 3);
2. e auditee’s responsibility for nancial information (Chapters 4
to 10); and
3. e external audit process (Chapters 11 to 15).
e nal chapter (Chapter 16) deals with a very topical type of

assurance engagement in the South African context, namely the
independent review, which is explained and contrasted with the
external audit.
Each chapter identi es detailed learning outcomes that the reader
should achieve through engagement with the chapter. e assessment
questions at the end of each chapter are linked directly to the learning
outcomes and allow the reader to assess the extent to which the
learning outcomes have been achieved. Various features, such as ‘what
if’, ‘why’ and ‘critical thinking’ features, are used to entice readers to
engage further with the learning material and to ‘make it their own’,
instead of merely memorising it.
Other key features used in the text are:

• e running case study: e reader is introduced to the Ntsimbi
Piping case study at the start of the text.
is case study was inspired by an actual company (although the
names used are ctitious). Every key aspect covered in the text is
thoroughly illustrated by this case study to assist the reader in
understanding the practical consequences of the topic.
• e Audit Process Overview diagram: In the third part of the text
(which covers the external audit process), the Audit Process
Overview diagram is referred to throughout to assist the reader to
understand what aspect of the audit process is covered and how it
links to the rest of the process.
• Use of real-life examples: Each chapter is introduced with recent
relevant media coverage to contextualise its content and ‘make it
real’. For the business cycle chapters (Chapters 6 to 10),
comprehensive ‘real-life’ examples of all documentation used by
Ntsimbi Piping are available to the reader (in an Appendix at the end
of the text).
• e use of control tables: e chapters on business cycles include
comprehensive control tables that directly link risks, control
objectives and the related controls in both manual and
computerised environments, and also link these to assertions. ese
are included also to assist the reader to maintain
a ‘big picture’ focus.
In contrast to many other texts, the chapters on audit procedures
(Chapters 13 and 14) do not include multiple ‘lists’ of typical
substantive procedures for various classes of transactions and events
and account balances. e approach taken to these procedures is rather
entirely a conceptual one, which encourages students to formulate
audit procedures using the approaches outlined in Chapter 13, and
constitutes another novel feature of this text. However, in this second
edition, one comprehensive worked example of substantive procedures
has been included to complement the conceptual approach taken in
the text.
Although the text is comprehensive, it is not designed to be used in
isolation. Rather, it should be read with the relevant reference materials
that include legislation, auditing and other assurance-related standards
and other pronouncements. To facilitate this, each chapter includes a
reference list of the most relevant pronouncements.
e second edition has also been updated to incorporate the
requirements of relevant legislation, standards and codes in issue at the
date of publication. Major revisions from the rst edition include a
discussion of the new SAICA/IRBA Code of Professional Conduct
(based on the revised IFAC International Code of Ethics for Professional
Accountants), and the updating of the terminology for the nancial
statement assertions. While these were addressed in later impressions
of the rst edition, the second edition gives due coverage to the recently
issued auditor reporting standards and the King IVTM Report on
Corporate Governance.
All names of people, places and business entities in the text are
entirely ctitious unless indicated otherwise, and any resemblance to
real people, places or business entities is purely coincidental.
e editors welcome any constructive comments, particularly from
students using the text, to improve future editions.
We trust that this text will serve to make auditing as an
undergraduate university course less daunting and more interesting to
its readers.
Frans Prinsloo
Pieter von Wielligh
July 2018
List of authors
Pieter von Wielligh (Editor) BAcc Honours (cum laude), MAcc, PhD
(Accounting) (Stellenbosch), CA(SA)
Pieter von Wielligh is Professor and Division Head of Auditing and

Deputy Director of Learning and Teaching in the School of
Accountancy at Stellenbosch University. He spent many years in
practice as a Chartered Accountant, specialising in nancial services
and, in particular, the audits of long-term insurers. ereafter, he moved
into academia, where he lectured auditing at undergraduate and
postgraduate levels. He has published various articles in accredited and
popular journals and has delivered a number of papers at conferences
on various aspects of auditing and auditing education. He also
supervises master’s and doctoral students in the eld of auditing. Pieter
also serves on the editorial panel of an accredited journal, as well as on
the central Finance Committee of the Stellenbosch University.
Frans Prinsloo (Editor) BCom (Accounting) (cum laude), BCom

Honours (Accounting) (cum laude),
MCom (Accounting) (cum laude) (Port Elizabeth), CA(SA)
Frans Prinsloo is Professor and Division Head of Auditing in the School

of Accounting at the Nelson Mandela University in Port Elizabeth, and
served as the Director of this School from 2007 to 2016. He is the key
CTA Auditing lecturer at Nelson Mandela University, and is further
responsible for postgraduate research supervision. Frans was a member
of the Independent Regulatory Board for Auditors’ (IRBA’s) Committee
for Auditing Standards from 1999 to 2012. Over the last two decades, he
has further actively participated in the professional education activities
of the South African Institute of Chartered Accountants (SAICA) and the
IRBA, and is currently a member of SAICA’s APC Examination
Committee. Frans is part of the panel of experts who developed and
updates the Competency Framework for entry-level Chartered
Accountants of SAICA. Frans has been chairperson of a number of audit
committees in the public sector, and currently serves as a member of
the governing bodies of two NGOs.
Rika Butler BCom Honours (Accounting) (Pretoria), CTA (Pretoria),
MAcc (Computer Auditing) (Stellenbosch), CA(SA)
Rika Butler is an Associate Professor in Auditing at the School of
Accountancy at Stellenbosch University. After qualifying as a Chartered
Accountant, Rika started her academic career at the University of
Pretoria. When her family moved to Stellenbosch, she joined
Stellenbosch University. She has extensive experience in lecturing
auditing at both undergraduate and postgraduate level. Rika has written
and published articles in various academic accredited journals, both
local and international, mostly on matters relating to information
technology (IT), internal control, IT governance (ITG) and the auditing
of computer systems. Her research has also been presented at
conferences. Rika has served on the question-setting team for the
Public Practice Examination (PPE) of the IRBA and serves as an ad hoc
reviewer for various accredited professional journals. She also provides
supervision to students studying towards a master’s degree in
Computer Auditing at Stellenbosch University.
Rolien Kunz BCompt (UNISA), BCompt Honours (UNISA),

Postgraduate Certi cate in Higher Education (cum laude) (Pretoria),
MCom (Auditing) (Pretoria), CA(SA)
Rolien Kunz is a Senior Lecturer in the Department of Auditing at the

University of Pretoria where she lectures at both undergraduate and
postgraduate levels. Her research area of interest is accounting
education and her master’s degree dealt with the work readiness of rst-
year trainee accountants. Rolien has presented numerous research
papers at local and international conferences and published peer-
reviewed articles in a number of accredited journals. In addition, she
has been actively involved in the professional education activities of
SAICA and the Regulatory Board for Auditors for many years and is
currently part of the CA 2025 project team, developing revised
competency frameworks for both SAICA and the IRBA.
Vincent Motholo BCom (Accounting Sciences) (Pretoria), BCom

Honours (Accounting) & CTA (Natal), CA(SA)
Vincent Motholo is a Director in the Assurance Division of SNG Grant

ornton. His role as a Director includes amongst others, heading the
Learning and Development Centre of SNG Grant ornton, leading and
servicing an audit client portfolio and the mentoring and development
of middle-management staff. Prior to joining SNG Grant ornton,
Vincent was a Senior Lecturer at the University of South Africa (UNISA)
and lectured auditing at a postgraduate level. Whilst at UNISA, he was
recognised with a number of awards for his contribution to excellence
in teaching, student support and quality control. He has served on a
number of audit committees. Vincent actively participates in the
professional education activities of SAICA and is the deputy
chairperson of SAICA’s Pretoria district region.
Dana Nathan (Josset) BCom (Wits), BAcc (Wits), MCom (Accounting)

(Wits), CA(SA)
Dana Nathan is the Subject Coordinator for Auditing at the Institute of

Accounting Science, a private provider of postgraduate accountancy
studies. Dana also runs a private academic support programme
providing additional assistance to undergraduate and postgraduate
students and SAICA candidates seeking to become Chartered
Accountants. Prior to this, she spent 12 years in academia, in the School
of Accountancy at the University of the Witwatersrand, as a Senior
Lecturer in Auditing. Dana has a keen interest in the education
assessment activities of the South African Chartered Accountancy
profession and has, for over a decade, actively participated in the
qualifying assessment activities of the SAICA and IRBA professional
bodies, and currently the SAICA ITC and APC examinations. Dana has
published, and reviewed for accredited professional journals, in the
eld of professional ethics.
Graeme O’Reilly BCom (Natal, Durban), HDipp Acc (Natal, Durban),
CA(SA)
Graeme O’Reilly is a Director of NSOA Learning (Pty) Ltd. He has been

lecturing auditing to both UKZN and UNISA students at a postgraduate
level since 1997 and currently runs several academic support
programmes assisting postgraduate UNISA CTA students seeking to
become Chartered Accountants. He also presents workshops that teach
practical auditing to trainee accountants, helping them bridge the gap
between the theory of auditing and its more practical application in the
workplace. Graeme is currently chairman of the Accreditation and
Monitoring Sub-committee of SAICA’s Training Requirements
Committee, of which he is currently vice-chairman.
Gerrit Penning BAcc Honours & CTA (Free State), (Accounting

Sciences) (Pretoria), CA(SA)
Gerrit Penning is a Senior Lecturer in the Department of Auditing at the

University of Pretoria and teaches auditing to postgraduate students. He
has served for two years on the question-setting team of the Public
Practice Examination (PPE) of the IRBA. His past audit experience
focused on private sector audits in South Africa and abroad, and on
audits of local and provincial-level entities in the South African
government sphere. He serves as a subcommittee representative on the
Pretoria District Association of SAICA. Gerrit is currently studying
towards a doctoral degree in auditing and has a keen interest in
research relating to professional ethics for accountants, and especially
how organisational culture within audit rms in uences the ethical
behaviour and decision making of audit professionals.
Riaan J Rudman BBusSc Honours (Cape Town), PGDA (Cape Town),

MBusSc (Cape Town), MAcc (cum laude) (Stellenbosch), CA(SA)
Riaan Rudman is an Associate Professor at Stellenbosch University. He

lectures auditing as well as information systems at an undergraduate
and postgraduate level and specialised in nancial institutions before
joining academia. He serves on various committees and is very involved
in the accounting profession, as well as with professional training. He is
a well-published author and presents on a wide variety of topics both
locally and internationally. His areas of interest lie in business
management and acceptable corporate behaviour in an electronic
environment and new technologies.
Henriëtte Scholtz BCom Honours (RAU), MCom & Adv tax cert
(UNISA), CA(SA)
Henriëtte Scholtz is a Senior Lecturer at Stellenbosch University and
lectures auditing at undergraduate and postgraduate levels. She worked
as a general manager in the internal auditing division of a big banking
group before joining academia. Henriëtte publishes articles and
presents papers at international conferences. Her areas of interest lie in
corporate governance and ethics. She is a member of the SAICA ethics
committee.
About the book
Auditing Fundamentals in a South African Context is a practical, applied

and engaging introductory textbook that supports students throughout
the undergraduate level of the Auditing curriculum. e text is designed
to enhance learning by supporting holistic understanding: theory is
presented within the framework of the real-world business
environment, assisting students to apply principles and standards with
an understanding of their context. Auditing Fundamentals in a South
African Context is designed to complement the structure and approach
of the online question bank Auditing Fundamentals: Graded Questions,
making these ideal companions.
Brief description of features

Audit Process Overview diagram: A diagrammatic representation of
the audit process, contained at the beginning of Chapters 1, 11, 12, 13,
14 and 15. is diagram is designed to orientate students by providing a
clear and visual overview of the audit process. It is incorporated to
maintain the orientation of the reader, and to answer the question,
‘Where does this t into the audit process?’
Learning outcomes: e learning outcomes serve as a guide to the

content and are practical, clear and contextualised.
Running case study: e book starts with an introduction to, and an

annual report of, a medium-sized manufacturing company called
Ntsimbi Piping (Pty) Ltd. Each chapter contains references to this case
study, and integrates its elements into the chapter content. e case
study provides students with hands-on experience, and allows them to
gain a better understanding of how the audit client’s business and the
audit process are integrated in the audit.
News articles: Many of the chapters include news articles, audit
working papers, and company documents. is feature shows the
relevance, practical application, and real-life nature of the concepts in
the chapter. It also creates context, provides insights and interest, and
builds a broader understanding and awareness of the dynamic business
environment.
‘Why?’ feature: is feature introduces reasons and rationales

underlying concepts. e purpose of this feature is to go behind the
auditing standards and other pronouncements and discover/provide
context, relevance, a big-picture understanding, and an understanding
of the underlying philosophy of auditing.
‘What if?’ feature: is feature is used to encourage students to think

independently, so that they can see beyond the text and contemplate
alternative scenarios, thereby applying the theory to a variety of
practical scenarios.
Source documents: An appendix to the text provides examples of

actual company records and documents, reports, letters, and other
documents stemming from the running case study. ese source
documents assist students to visualise and understand their real
function, their interrelationship, and their use within the audit process.
Source documents are cross-referenced to their relevant chapters in the
book.
De nitions: e most important terms and concepts particular to the

eld of auditing, essential to understanding the subject matter, are
identi ed and explained in each chapter. is assists students to
comprehend the material clearly and effectively. Students are also
referred to the standards and the IAASB Glossary of Terms to familiarise
themselves with unfamiliar words/terms/concepts.
Diagrams, pictures and tables: ese are included throughout for

visual representation of concepts.
Assessment questions: Each chapter concludes with questions
enabling readers to test their understanding of the key concepts. ese
questions incorporate a mixture of question types, including multiple-
choice questions; true/false questions; and open-ended questions. All
questions are referenced to the learning outcomes stated at the
beginning of each chapter. ey test understanding and insight.
Ntsimbi Piping (Pty) Ltd Company Pro le
1. Company history and principal business

Ntsimbi Piping (Pty) Ltd is an unlisted South African company that was incorporated in 2000. It is one
of South Africa’s leading manufacturers of polyvinyl chloride (PVC) (plastic) products. Ntsimbi Piping
manufactures a wide range of products of which the principal products are PVC pipes and mouldings.
Ntsimbi Piping operates primarily in South Africa, but it also has standing arrangements with
various business partners to which it sells its products to on-sell to markets throughout Africa. In this
way, the company strives to meet the pipe and moulding needs of a wide range of customers drawn
from the complete spectrum of industry sectors, including the mining, civil engineering, irrigation,
industrial, telecommunications and building sectors.
Approximately 70% of the raw materials for the production process are sourced from various
overseas countries (predominantly Australia and New Zealand), with the remainder sourced locally.
An extract from the Ntsimbi Piping’s product brochure appears below.
2. The PVC product market in South Africa
Although demand from the construction industry has declined in recent years, the overall market for
PVC products is still maintaining growth.
e market is also affected by government spending and will therefore be positively in uenced by
the adoption of the National Infrastructure Plan by the South African government.
e market is not very competitive as it is capital intensive. In order to operate pro tably,
companies in this market have to be large to achieve economies of scale.
All products that enter the market are monitored by the South African Bureau of Standards.
In terms of exports, South African plastic pipe manufacturers export their products mainly into the
rest of Africa for use in the mining sector.
3. Company details
Ntsimbi Piping’s head office and manufacturing plant are on adjacent premises in Cape Town and the
company employs approximately 80 staff.
Ntsimbi Piping is one of a number of subsidiaries in the Ntsimbi Piping Investments Proprietary
Limited Group. Seventy per cent of the issued shares of Ntsimbi Piping is held by Ntsimbi Piping
Investments Proprietary Limited, and each of the three executive directors (refer to section 6 below)
holds 10% of the issued shares. In addition to providing equity funding to Ntsimbi Piping, the parent
also provides funding in the form of a shareholder loan.
Nolands Inc. has held the appointment as registered auditor of Ntsimbi Piping since the
incorporation of the company.
4. Ntsimbi Piping’s strategies

Ntsimbi Piping’s goal is to be the pre-eminent supplier of PVC products to the South African market.
In pursuit of this goal, the company’s strategies include the following:
• Producing the highest quality PVC products in the most cost-effective and sustainable way;
• Making the best possible use of the latest technology in the production process;
• Procuring the best quality raw materials from well-established, sustainable suppliers at the best
prices;
• Pricing products competitively; and
• Providing excellent after-sales support to customers.
5. Company structure
Ntsimbi Piping has the following main operating divisions, all based at its premises in Cape Town:
1. Marketing and Sales;
2. Purchasing; and
3. Manufacturing.
e above-mentioned operating divisions are supported by the following support divisions, all based
at the head office:
1. Accounting and Finance;
2. Information technology; and
3. Human resources.
A diagram of the company structure is presented in Figure 1.

Figure 1: Company structure of Ntsimbi Piping
6. Management and staff

Seven directors serve on Ntsimbi Piping’s board of directors. e names of these directors appear in
note 6 on page 5 of the directors’ report in Ntsimbi Piping’s nancial statements. e details of the
three executive directors are set out in Table 1.
Table 1: Executive directors
Name Directorship Quali cations Age Shareholding
Bongani Arnott Managing PhD 50 10%

director
Lee-Ann Losper Financial director MCom; CA(SA) 38 10%
Saul Mkhize Operations BEng; PrIng 35 10%

director
e board of directors meets every two months.
You will also be introduced to the following staff members of Ntsimbi Piping in this text:
Figure 2: Ntsimbi Piping organogram
7. The manufacturing process

Ntsimbi Piping buys raw materials, such as PVC resin (which is supplied in powder form) and various
additives and pigments, from its suppliers, and stores these in the raw materials warehouse until they
are required in the manufacturing process. Once they are required in the manufacturing process, they
are transferred to the manufacturing plant.
e PVC product manufacturing process is demonstrated in Figure 3.

Figure 3: PVC product manufacturing process
Finished products are transferred from the manufacturing plant to the nished goods warehouse
located on the same property.
8. Accounting systems
All accounting processes (recording, processing and reporting of transactions) take place centrally at
Ntsimbi Piping’s head office.
Ntsimbi Piping has been using the PVCACC off-the-shelf accounting package since the company’s
incorporation. PVCACC was properly implemented and all teething problems that were experienced
shortly after implementation have been resolved. Users of PVCACC receive proper training in the use
of the system and any changes thereto.
Ntsimbi Piping uses, among other things, the following modules of the PVCACC system:
• General ledger;
• Sales, debtors and receipts (all sales take place on credit);
• Purchases, creditors and payments;
• Inventory (a process costing system is used for the costing of inventory);
• Payroll; and
• Fixed assets.
All computers in the head office and manufacturing plant are connected by means of a local area
network. As Ntsimbi Piping has no branch network, no off-site access to the accounting system is
required. e PVCACC package runs on a local server securely located in the head office building and
connected to the local area network.
Ntsimbi Piping pays its suppliers, other creditors and all staff by means of electronic funds
transfers. You will learn much more about the business cycles of Ntsimbi Piping, including the
embedded accounting processes and controls, when you read Chapters 6 to 10.
Figure 4: Ntsimbi Piping factory oor plan
9. Operational overview
9.1 e 20X1 nancial year
Sales volumes in the PVC consumables market, which are traditionally linked to demand in the
construction industry, continued to be under pressure. Nevertheless, Ntsimbi Piping managed to
achieve a 31% growth in sales during 20X1, resulting in sales revenue of R128 million – a record for
Ntsimbi Piping. is growth is backed not only by the demand arising from infrastructure and civil
construction, but also a regional population that is characterised by the rapid growth of a middle
class. is has created a demand for all products offered by Ntsimbi Piping.
However, notwithstanding the strong growth in sales revenue, both operating pro t and pro t
before tax only increased marginally from 20X0, primarily as a direct result of increased pressure on
cost prices, resulting in a reduced gross pro t margin.
Ntsimbi Piping continued its programme to invest in manufacturing plant modernisation,
additional capacity and efficiency enhancements and in 20X1 invested in plant and machinery assets
costing R7,2 million (20X0: R1,3 million).
In real terms, the 20X1 nancial year presented Ntsimbi Piping with major challenges arising from a
broad base of economic and operational conditions. At the foundation of these lay depressed global
and local economic conditions. ese challenges are the following:
• Growth prospects for the South African economy remain uncertain and sales volumes are therefore
likely to remain at their 20X1 levels for the foreseeable future;
• Increased competitor threats from new entrants into the market (although the market is still not
very competitive);
• Increasing demands from customers for improved customer service levels;
• Industrial action;
• Operating in ever-changing emerging markets; and
• Health and safety of the workforce (toxic by-products are unavoidably created and additives are
added in the PVC manufacturing process).
Management maintains a risk register in which all risks facing Ntsimbi Piping are described and
classi ed on the basis of their potential impact on the business. e register also indicates the policies,
procedures, controls and actions that management have in place to address each risk. An extract from
this register appears in Figure 4.1 of Chapter 4.
9.2 Outlook
Many of the internal factors that restrained growth during 20X1 have been resolved, clearing the way
for an incremental return to operational and nancial strength, barring unforeseen events. Continued
low economic growth, which impacts on manufacturing and civil construction spend in South Africa,
remains a real concern and, as a result, the directors’ outlook remains cautiously optimistic. e
directors are actively pursuing opportunities to expand into Africa and other international markets.
10. Financial statements

Refer to the pages 1 to 24 of the nancial statements that follow (on pages xxxii to lv).
The reports and statements set out below comprise the annual nancial statements
presented to the shareholders:
Index
Report of the Independent Auditors
Directors’ Responsibilities and Approval
Directors’ Report
Statement of Financial Position
Statement of Comprehensive Income
Statement of Changes in Equity
Statement of Cash Flows
Notes to the Annual Financial Statements
The following supplementary information does not form part of the annual nancial
statements and is unaudited:
Detailed Income Statement
The annual nancial statements for the year ended 31 December 20X1 have been
prepared under the supervision of Ms L Losper, the nancial director of the
company.
The annual nancial statements of Ntsimbi Piping Proprietary Limited have been
audited in compliance with S30 of the Companies Act.
Page 1
Noland House | River Park T (+27) 21 658 6600

River Lane | Mowbray F (+27) 86 532 2556
Cape Town 7700 | South www.nolands.co.za
Africa

P O Box 2881 | Cape Town |
8000
South Africa
INDEPENDENT AUDITOR’S REPORT

To the shareholders of Ntsimbi Piping Proprietary Limited
Opinion
We have audited the nancial statements of Ntsimbi Piping Proprietary Limited set
out on pages 7 to 24, which comprise the Statement of Financial Position as at 31
December 20X1, and the Statement of Comprehensive Income, Statement of
Changes in Equity and Statement of Cash Flows for the year then ended, and notes
to the nancial statements, including a summary of signi cant accounting policies.
In our opinion, the accompanying nancial statements present fairly, in all material
respects, the nancial position of Ntsimbi Piping Proprietary Limited as at 31
December 20X1, and its nancial performance and its cash ows for the year then
ended in accordance with International Financial Reporting Standards (IFRSs) and
the requirements of the Companies Act of South Africa.
Basis for Opinion
We conducted our audit in accordance with International Standards on Auditing
(ISAs). Our responsibilities under those standards are further described in the
Auditor’s Responsibilities for the Audit of the Financial Statements section of our
report. We are independent of the company in accordance with the Independent
Regulatory Board for Auditors Code of Professional Conduct for Registered Auditors
(IRBA Code), together with the ethical requirements that are relevant to our audit of
the nancial statements in South Africa. We have ful lled our other ethical
responsibilities in accordance with these requirements and the IRBA Code. The
IRBA Code is consistent with the International Ethics Standards Board for
Accountants Code of Ethics for Professional Accountants (Parts A and B). We
believe that the audit evidence we have obtained is suf cient and appropriate to
provide a basis for our opinion.
Other Information
The directors are responsible for the other information. The other information
comprises the Directors’ Responsibilities and Approval on page 4, the Directors’
Report as required by the Companies Act of South Africa on pages 5–6, and the
Detailed Income Statement on pages 25 to 26. The other information does not
include the nancial statements and our auditor’s report thereon.
Our opinion on the nancial statements does not cover the other information and
we do not express an audit opinion or any form of assurance conclusion thereon.
In connection with our audit of the nancial statements, our responsibility is to read
the other information and, in doing so, consider whether the other information is
materially inconsistent with the nancial statements or our knowledge obtained in
the audit or otherwise appears to be materially misstated. If, based on the work we
have performed, we conclude that there is a material misstatement of this other
information, we are required to report the fact. We have nothing to report in this
regard.
Responsibilities of the Directors for the Financial

Statements
The company’s directors are responsible for the preparation and fair presentation of
the nancial statements in accordance with IFRSs and the requirements of the
Companies Act of South Africa, and for such internal control as the directors
determine is necessary to enable the preparation of nancial statements that are
free from material misstatement, whether due to fraud or error.
In preparing the nancial statements, the directors are responsible for assessing
the company’s ability to continue as a going concern, disclosing, as applicable,
matters related to going concern and using the going concern basis of accounting
unless the directors either intend to liquidate the company or to cease operations,
or have no realistic alternative but to do so.
Page 2
Auditor’s Responsibilities for the Audit of the Financial

Statements
Our objectives are to obtain reasonable assurance about whether the nancial
statements as a whole are free from material misstatement, whether due to fraud
or error, and to issue an auditor’s report that includes our opinion. Reasonable
assurance is a high level of assurance, but is not a guarantee that an audit
conducted in accordance with ISAs will always detect a material misstatement when
it exists. Misstatements can arise from fraud or error and are considered material
if, individually or in the aggregate, they could reasonably be expected to in uence
the economic decisions of users taken on the basis of these nancial statements.
As part of an audit in accordance with ISAs, we exercise professional judgement

and maintain professional scepticism throughout the audit. We also:
• Identify and assess the risks of material misstatement of the nancial
statements, whether due to fraud or error, design and perform audit procedures
responsive to those risks, and obtain audit evidence that is suf cient and
appropriate to provide a basis for our opinion. The risk of not detecting a
material misstatement resulting from fraud is higher than for one resulting from
error, as fraud may involve collusion, forgery, intentional omissions,
misrepresentations, or the override of internal control.
• Obtain an understanding of internal control relevant to the audit in order to

design audit procedures that are appropriate in the circumstances, but not for
the purpose of expressing an opinion on the effectiveness of the company’s
internal control.
• Evaluate the appropriateness of accounting policies used and the
reasonableness of accounting estimates and related disclosures made by
management.
• Conclude on the appropriateness of directors’ use of the going concern basis of

accounting and, based on the audit evidence obtained, whether a material
uncertainty exists related to events or conditions that may cast signi cant doubt
on the company’s ability to continue as a going concern. If we conclude that a
material uncertainty exists, we are required to draw attention in our auditor’s
report to the related disclosures in the nancial statements or, if such
disclosures are inadequate, to modify our opinion. Our conclusions are based on
the audit evidence obtained up to the date of our auditor’s report. However,
future events or conditions may cause the company to cease to continue as a
going concern.
• Evaluate the overall presentation, structure and content of the nancial
statements, including the disclosures, and whether the nancial statements
represent the underlying transactions and events in a manner that achieves fair
presentation.
We communicate with the directors, among other matters, the planned scope and
timing of the audit and signi cant audit ndings, including any signi cant
de ciencies in internal control that we identify during our audit.
We also provide the directors with a statement that we have complied with relevant
ethical requirements regarding independence, and to communicate with them all
relationships and other matters that may reasonably be thought to bear on our
independence, and where applicable, related safeguards.
The engagement partner on the audit resulting in this independent auditor’s report
is Craig Stans eld.
Nolands Inc.
Practice number 900583e
Craig Stans eld CA(SA), RA Director
26 June 20X2 Cape Town
Page 3
Director’s Responsibilities and Approval

The directors are required by the Companies Act of South Africa to maintain
adequate accounting records and are responsible for the content and integrity of the
annual nancial statements and related nancial information included in this report.
It is their responsibility to ensure that the annual nancial statements fairly present
the state of affairs of the company as at the end of the nancial year and the
results of its operations and cash ows for the period then ended, in conformity
with International Financial Reporting Standards and the Companies Act of South
Africa. The external auditors are engaged to express an independent opinion on the
annual nancial statements.
The annual nancial statements are prepared in accordance with International

Financial Reporting Standards and the Companies Act of South Africa and are
based upon appropriate accounting policies consistently applied and supported by
reasonable and prudent judgements and estimates.
The directors acknowledge that they are ultimately responsible for the system of
internal nancial control established by the company and place considerable
importance on maintaining a strong control environment. To enable the directors to
meet these responsibilities, the directors set standards for internal control aimed at
reducing the risk of error or loss in a cost-effective manner. Those standards include
the proper delegation of responsibilities within a clearly de ned framework, effective
accounting procedures and adequate segregation of duties to ensure an acceptable
level of risk. These controls are monitored throughout the company and all
employees are required to maintain the highest ethical standards in ensuring the
company’s business is conducted in a manner that in all reasonable circumstances
is above reproach. The focus of risk management in the company is on identifying,
assessing, managing and monitoring all known forms of risk across the company.
While operating risk cannot be fully eliminated, the company endeavours to
minimise it by ensuring that the appropriate infrastructure, controls, systems and
ethical behaviour are applied and managed within predetermined procedures and
constraints.
The directors are of the opinion, based on the information and explanations given by
management, that the system of internal control provides reasonable assurance
that the nancial records may be relied on for the preparation of the annual nancial
statements. However, any system of internal nancial control can provide only
reasonable, and not absolute, assurance against material misstatement or loss.
The external auditors are responsible for independently auditing and reporting on
the company’s annual nancial statements. The annual nancial statements have
been examined by the company’s external auditors and their report is presented on
pages 2 and 3.
The annual nancial statements set out on pages 5 to 24, which have been
prepared on the going concern basis, were approved by the directors and were
signed on their behalf by:
B Arnott
Managing Director
Cape Town
26 June 20X2
Page 4
NTSIMBI PIPING PROPRIETARY LIMITED

ANNUAL FINANCIAL STATEMENTS FOR THE YEAR ENDED 31
DECEMBER 20X1
DIRECTORS’ REPORT
The directors submit their report for the year ended 31 December 20X1.
1. Main business and operations

The company is engaged in the manufacturing of PVC products of all descriptions.
The operating results and state of affairs of the company are fully set out in the
attached annual nancial statements and do not in the directors’ opinion require
any further comment.
2. Going concern
The annual nancial statements have been prepared on the basis of accounting
policies applicable to a going concern. This basis presumes that funds will be
available to nance future operations and that the realisation of assets and
settlement of liabilities, contingent obligations and commitments will occur in the
ordinary course of business.
3. Events subsequent to the reporting date

The directors are not aware of any matter or circumstance of a material nature
arising since the end of the nancial year.
4. Authorised and issued share capital

There were no changes in the authorised or issued share capital of the company
during the year under review.
5. Dividends
No dividends were declared or paid to the shareholders during the year.
6. Directors
The directors of the company during the year and at the date of this report are as
follows:
Name
B Arnott CA(SA) (executive)
M McDonald CA(SA)
K Khaudi
L Losper (executive)
S Mkhize (executive)
A Mehra
D Gcina
7. Auditors
Nolands Inc. will continue in of ce in accordance with section 90 of the Companies
Act.
8. Parent
The company’s parent is Ntsimbi Piping Investments Proprietary Limited, which is
incorporated in South Africa.
9. Property, plant and equipment

There have been no major changes in the property, plant and equipment of the
company during the year under review, other than those re ected in the attached
annual nancial statements.
Page 5
10. Domicile and registered address

Ntsimbi Piping Proprietary Limited is a company domiciled and incorporated in
South Africa. The company’s registered address is 14 Acacia Way, Epping Industria,
Cape Town, 7400.
Page 6

DECEMBER 20X1
STATEMENT OF FINANCIAL POSITION AT 31 DECEMBER 20X1
Figures in Rand Note(s) 20X1 20X0
ASSETS
NON-CURRENT ASSETS
Property, plant and equipment 2 43,169,987 38,095,119
Intangible assets 3 28,608 48,768
TOTAL NON-CURRENT ASSETS 43,198,595 38,143,887
CURRENT ASSETS
Inventories 4 9,326,597 9,806,864
Trade and other receivables 5 17,241,701 14,862,673
Loans receivable 6 31,439 31,439

Cash and cash equivalents 7 21,583 1,549,097
TOTAL CURRENT ASSETS 26,621,320 26,250,073
TOTAL ASSETS 69,819,915 64,393,960

EQUITY AND LIABILITIES
EQUITY
Share capital 8 100 100
Retained earnings 37,157,694 35,017,452
TOTAL EQUITY 37,157,794 35,017,552
LIABILITIES
NON-CURRENT LIABILITIES
Lease liabilities 9 1,395,944 428,876
Deferred taxation 10 3,924,488 3,343,928
TOTAL NON-CURRENT 5,320,432 3,772,804

LIABILITIES
CURRENT LIABILITIES
Trade and other payables 11 13,381,893 7,610,462
Current tax payable 48,741 –
Amounts owing to parent 12 9,888,715 17,918,445
Bank overdraft 7 4,022,340 74,697
TOTAL CURRENT LIABILITIES 27,341,689 25,603,604
TOTAL LIABILITIES 32,662,121 29,376,408
TOTAL EQUITY AND LIABILITIES 69,819,915 64,393,960
Page 7

DECEMBER 20X1
STATEMENT OF COMPREHENSIVE INCOME FOR THE YEAR ENDED 31 DECEMBER 20X1
Revenue 13 128,320,126 97,802,148
Cost of sales (105,274,615) (76,863,054)
Gross pro t 23,045,511 20,939,094

Other income 500,395 279,079
Operating expenses (20,333,439) (17,735,073)
Operating pro t 14 3,212,467 3,483,100
Investment income 15 214,580 16,358
Finance costs 16 (505,737) (509,033)
Pro t before taxation 2,921,310 2,990,425
Taxation 17 (781,068) (949,171)
Pro t for the year 2,140,242 2,041,254
Other comprehensive income – –
Total comprehensive income 2,140,242 2,041,254

for the year
Page 8

DECEMBER 20X1
STATEMENT OF CHANGES IN EQUITY FOR THE YEAR ENDED 31 DECEMBER 20X1
Figures in Rand Share Retained Total equity

capital earnings
Balance at 01 January 20X0 100 32,976,198 32,976,298
Total comprehensive income for the

year
Pro t or loss – 2,041,254 2,041,254
Other comprehensive income – – –
Balance at 01 January 20X1 100 35,017,452 35,017,552
Total comprehensive income for the

year
Pro t or loss – 2,140,242 2,140,242
Other comprehensive income – – –
Balance at 31 December 20X1 100 37,157,694 37,157,794
Page 9

DECEMBER 20X1
STATEMENT OF CASH FLOWS FOR THE YEAR ENDED 31 DECEMBER 20X1
Cash ows from operating

activities
Cash receipts from customers 125,892,357 95,802,148
Cash paid to suppliers and (116,937,468) (96,947,175)

employees
Cash generated from/(used in) 8,954,889 (1,145,027)

operations
Interest income received 214,580 16,358
Finance costs paid (505,737) (509,033)
Taxation paid (151,767) –
Net cash from operating 8,511,965 (1,637,702)

activities

Cash ows from investing

activities
Additions to property, plant 2 (4,398,237) (1,553,810)

and equipment
Proceeds on disposal of 2 23,059 –

property, plant and equipment
Additions to intangible assets 3 – (60,478)
Net cash from investing (4,375,178) (1,614,288)

activities

Cash ows from nancing

activities
Repayment of lease liabilities (1,582,214) (901,635)
Net movement in amounts (8,029,730) 4,730,935

owing to parent
Net cash from nancing (9,611,944) 3,829,300

activities

Net cash movement for the (5,475,157) 577,310

year
Cash and cash equivalents at 1,474,400 897 090
the beginning of the year
Total cash and cash 7 (4,000,757) 1,474,400

equivalents at the end of the
year
Page 10

DECEMBER 20X1
NOTES TO THE ANNUAL FINANCIAL STATEMENTS FOR THE YEAR ENDED 31 DECEMBER 20X1
1. Presentation of Annual Financial Statements and Accounting Policies

The annual nancial statements have been prepared in accordance with
International Financial Reporting Standards and the Companies Act of South Africa.
The functional and presentation currency of the company is RSA Rands. The annual
nancial statements have been prepared on the historical cost basis and
incorporate the principal accounting policies set out below. These accounting
policies are consistent with the previous period.
1.1 Signi cant judgements and sources of estimation uncertainty

The key assumptions concerning the future and other key sources of information
uncertainty at the reporting date that have signi cant risk of causing a material
adjustment to the carrying amount of assets and liabilities within the next nancial
period are set out as follows:
Useful lives of property, plant and equipment

As detailed in accounting policy note 1.3, the useful lives of property, plant and
equipment are reviewed on an annual basis. During the current year, the useful lives
of certain assets were revised as they are to be in active use for a period
longer/shorter than originally estimated. The nancial effect of this reassessment
is immaterial.
Recognition of deferred tax assets

As detailed in accounting policy note 1.6, deferred tax assets are only recognised to
the extent that it is probable that taxable pro t will be available against which the
deductible temporary difference can be used. At both 31 December 20X0 and
20X1, based on projections done, it was estimated that future taxable pro t will be
available and therefore all deferred tax assets were recognised.
Contingent liabilities
As detailed in note 23, a contingent liability exists at year-end. Uncertainty as to
whether a present obligation exists was taking into account in its accounting
treatment.
Net realisable value of inventory

As detailed in note 4, the net realisable value of inventory was management’s best
estimate of this amount, and was based on historic sales trends, as well as the
quality and volume of inventory at hand at year-end.
Impairment of nancial assets

As detailed in accounting policy note 1.5, nancial assets carried at amortised cost
are reviewed for possible impairment using the expected loss model in IFRS 9. This
entails signi cant judgements and uncertainties regarding whether there has been a
signi cant increase in credit risk, and the expected future cash ows to be received.
The company bases its estimates in this regard on historic trends and forward-
looking information.
1.2 Adoption of new Standards

Standards and Interpretations affecting amounts reported in the current
period and/or prior periods
The following Standards and Interpretations were applied for the rst time in the
annual nancial statements for the year ended 31 December 20X1:
IFRS X (Company provides description of IFRS and its effect on current annual
nancial statements)
Standards and Interpretations in issue but not yet effective

The following Standards and Interpretations have been issued but are not yet
effective as at 31 December 20X1:
IFRS X (Company provides description of IFRS and its expected effect on future
annual nancial statements).
Page 11
1.3 Property, plant and equipment

Property, plant and equipment is initially measured at cost.
Cost include costs incurred initially to acquire or construct an item of property,
plant and equipment and costs incurred subsequently to add to, replace part of, or
service it. If a replacement cost is recognised in the carrying amount of an item of
property, plant and equipment, the carrying amount of the replaced part is
derecognised.
Apart from land, property, plant and equipment are depreciated on the straight-
line basis over their expected useful lives to their estimated residual value. Land is
not depreciated. Each part of an item of property, plant and equipment with a cost
that is signi cant in relation to the total cost of the item is depreciated separately.
The depreciation charge for each period is recognised in pro t or loss unless it is
included in the carrying amount of another asset.
Property, plant and equipment are carried at cost less accumulated depreciation
and any impairment losses.
The useful lives of items of property, plant and equipment have been assessed
as follows:
Item Average useful life
Land Inde nite
Buildings 20–50 years

Plant and machinery 5–20 years
Furniture and ttings 6 years
Motor vehicles 3–5 years
Of ce equipment 5 years
Computer equipment 3 years
The residual value, useful life and depreciation method of each asset are reviewed
at the end of each reporting period. If the expectations differ from previous
estimates, the change is accounted for as a change in accounting estimate.
The gain or loss arising from the derecognition of an item of property, plant and
equipment is included in pro t or loss when the item is derecognised. The gain or
loss arising from the derecognition of an item of property, plant and equipment is
determined as the difference between the net disposal proceeds, if any, and the
carrying amount of the item.
1.4 Intangible assets

Intangible assets are initially recognised at cost.
Intangible assets are carried at cost less any accumulated amortisation and any
impairment losses.
An intangible asset is regarded as having an inde nite useful life when, based on all
relevant factors, there is no foreseeable limit to the period over which the asset is
expected to generate net cash in ows. Amortisation is not provided for these
intangible assets. For all other intangible assets, amortisation is provided on a
straight-line basis over their useful life.
The amortisation period and the amortisation method for intangible assets are
reviewed every period-end.
Amortisation is provided to write down the intangible assets, on a straight-line
basis, to their residual values as follows:
Item Useful life
Computer software 3 years
Page 12
1.5 Financial instruments

Initial recognition
The company classi es nancial instruments, or their component parts, on initial
recognition as a nancial asset, a nancial liability or an equity instrument in
accordance with the substance of the contractual arrangement.
Financial assets and nancial liabilities are recognised on the company’s
Statement of Financial Position when the company becomes party to the contractual
provisions of the instrument. All nancial assets and liabilities are initially
recognised at fair value (with transaction costs capitalised if the instrument is
subsequently carried at amortised cost). All nancial assets and liabilities in the
books of Ntsimbi Piping are subsequently carried at amortised cost.
Financial assets carried at amortised cost

Financial assets held within a business model to collect the contractual cash ows
associated with them, and of which the contractual cash ows are only interest and
capital repayments, are carried at amortised cost. Such assets include trade and
other receivables, loans receivable as well as cash and cash equivalents (if assets).
Loans that are interest-free and have no xed date of repayment are seen as
repayable on demand as thus measured subsequently at the amount repayable on
demand (undiscounted).
All nancial assets carried at amortised cost are tested for impairment annually
using the expected loss model in IFRS 9. The company provides an allowance for
credit losses equal to the present value of the lifetime expected credit losses when
an asset has experienced a signi cant increase in credit risk since initial
recognition, or equal to only the next 12 months’ expected credit losses when there
has not been a signi cant increase in credit risk. Trade receivables, which generally
have 30-day settlement terms, are subject to a simpli ed method of calculating the
allowance, and the company thus always provides for lifetime expected credit
losses. The carrying amount of the asset is reduced through the use of an
allowance account, and the net movement in the account is recognised in pro t or
loss for the period.
Bad debts are written off in the pro t or loss when it is considered that the
company will be unable to recover the debt. Subsequent recoveries of amounts
previously written off are credited to a bad debts recovered account.
Financial liabilities carried at amortised cost

Such items include lease liabilities, trade and other payables and amounts owing to
the parent. Trade payables are primarily settled on 30-day terms. Liabilities that are
interest-free and have no xed date of repayment are seen as repayable on demand
as thus measured subsequently at the amount repayable on demand
(undiscounted).
1.6 Taxation
Current tax assets and liabilities
Current tax for current and prior periods is, to the extent unpaid, recognised as a
liability. If the amount already paid in respect of current and prior periods exceeds
the amount due for those periods, the excess is recognised as an asset.
Current tax liabilities and assets for the current and prior periods are measured
at the amount expected to be paid to or recovered from the tax authorities, using
the taxation rates that have been enacted or substantively enacted by the reporting
date.
Deferred tax assets and liabilities

A deferred taxation asset/liability is recognised for all taxable temporary
differences, except to the extent that the deferred tax asset/liability arises from the
initial recognition of an asset or liability in a transaction that at the time of the
transaction affects neither accounting pro t nor taxable pro t/loss.
Page 13
A deferred tax asset is recognised for all deductible temporary differences to the
extent that it is probable that taxable pro t will be available and against which the
deductible temporary difference can be used.
Deferred tax assets and liabilities are measured at the tax rates that are
expected to apply to the period when the asset is realised or the liability is settled,
based on tax rates that have been enacted or substantively enacted by the
reporting date.
Tax expenses
Current and deferred taxes are recognised as income or an expense and included in
pro t or loss for the period, except to the extent that the tax arises from:
• A transaction or event that is recognised in the same or different period from
other comprehensive income;
• A transaction or event that is recognised, in the same or a different period,
directly in equity; or
• A business combination.
1.7 Leases
A lease (in which the company is the lessee) is accounted for under the general
approach speci ed in IFRS 16. The right-of-use asset is capitalised with an
accompanying lease liability being recognised. The right-of-use asset is disclosed
and accounted for together with the class of property, plant and equipment to which
it pertains (refer note 1.3), while the lease liability is carried at amortised cost.
1.8 Inventories
Inventories are measured at the lower of average cost and net realisable value.
Net realisable value is the estimated selling price in the ordinary course of
business less the estimated costs of completion and the estimated costs
necessary to make the sale.
The cost of inventories comprises all costs of purchase, costs of conversion and
other costs incurred in bringing the inventories to their present location and
condition.
When inventories are sold, the carrying amount of those inventories is
recognised as an expense in the period in which the related revenue is recognised.
The amount of any write-down of inventories to net realisable value and all losses of
inventories are recognised as an expense in the period in which the write-down or
loss occurs.
1.9 Impairment of assets

At each reporting date an assessment is made whether there is any indication that
a non- nancial asset may be impaired. If any such indication exists, the company
estimates the recoverable amount of the asset.
If there is any indication that an asset may be impaired, the recoverable amount
is estimated for the individual asset. If it is not possible to estimate the recoverable
amount of the individual asset, the recoverable amount of the cash-generating unit
to which the asset belongs is determined.
The recoverable amount of an asset or a cash-generating unit is the higher of its
fair value less costs to sell and its value in use. If the recoverable amount of an
asset is less than its carrying amount, the carrying amount of the asset is reduced
to its recoverable amount. Such reduction is recognised as an impairment loss.
1.10 Share capital and equity

An equity instrument is any contract that evidences a residual interest in the assets
of an entity after deducting all of its liabilities.
Page 14
1.11 Revenue
Revenue from the sale of goods is recognised (under IFRS 15) when the
performance obligations relating to the sale (i.e. delivery and accompanying
transferral of control of the goods) have been satis ed. Revenue is measured at the
fair value of the consideration received or receivable and represents the amounts
receivable for goods and services provided in the normal course of business, net of
trade discounts and volume rebates, and value-added tax.
1.12 Borrowing costs

Borrowing costs are recognised as an expense in the period in which they are
incurred.
Figures in Rand
2. Property, plant and equipment
20X1 20X0
Cost Accumulated Carrying Cost Accumulated Carrying

depreciation value depreciation value
Land and 22,440,000 (960,000) 21,480,000 22,440,000 (710,000) 21,730,0

buildings
Plant and 22,046,529 (6,423,354) 15,623,175 17,994,280 (5,335,606) 12,658,6

machinery:
Owned
Plant and 7,350,000 (2,492,037) 4,857,963 4,464,011 (2,066,202) 2,397,8

machinery:
Right-of-
use
assets
Furniture 124,761 (78,532) 46,229 99,758 (63,965) 35,7

and
ttings
Motor 1,752,284 (685,325) 1,066,959 1,752,284 (598,658) 1,153,6

vehicles
Of ce 125,550 (99,069) 26,481 125,550 (82,167) 43,3

equipment
Computer 316,174 (246,994) 69,180 249,928 (174,094) 75,8

equipment
Total 54,155,298 (10,985,311) 43,169,987 47,125,811 (9,030,692) 38,095,1
Reconciliation of property, plant and equipment – 20X1
Opening Additions Disposals Depreciation Closing

balance balance
Land and 21,730,000 – – (250,000) 21,480,000

buildings
Plant and 12,658,674 4,306,989 (64,985) (1,277,503) 15,623,175
machinery:
Owned
Plant and 2,397,809 2,885,989 – (425,835) 4,857,963

machinery:
Right-of-use
assets
Furniture 35,793 25,002 – (14,566) 46,229

and ttings
Motor 1,153,626 – – (86,667) 1,066,959

vehicles
Of ce 43,383 – – (16,902) 26,481

equipment
Computer 75,834 66,246 – (72,900) 69,180

equipment
38,095,119 7,284,226 (64,985) (2,144,373) 43,169,987
Page 15
Reconciliation of property, plant and equipment – 20X0
Opening Additions Depreciation Closing

balance balance
Land and buildings 21,980,000 – (250,000) 21,730,000
Plant and machinery: 12,317,854 1,311,065 (970,245) 12,658,674

Owned
Plant and machinery: 2,559,516 – (161,707) 2,397,809

Right-of-use assets
Furniture and ttings 39,312 8,524 (12,043) 35,793
Motor vehicles 1,095,378 196,591 (138,343) 1,153,626
Of ce equipment 33,547 26,695 (16,859) 43,383
Computer equipment 127,676 10,935 (62,777) 75,834
38,153,283 1,553,810 (1,611,974) 38,095,119
Carrying value of assets pledged as security 20X1 20X0

(refer to note 9):
Plant and machinery 4,857,963 2,397,809
3. Intangible assets
20X1 20X0
Cost Accumulated Carrying Cost Accumulated Carrying
amortisation value amortisation value
Computer 76,249 (47,641) 28,608 76,249 (27,481) 48,768

software
Reconciliation of intangible assets – 20X1 Opening Amortisation Total

balance
Computer software 48,768 (20,160) 28,608
Reconciliation of intangible assets Opening Additions Amortisation Total

– 20X0 balance
Computer software 7,885 60,478 (19,595) 48,768
4. Inventories 20X1 20X0
Raw materials 1,479,780 4,972,000
Finished goods 7,846,817 4,834,864
9,326,597 9,806,864
Page 16
5. Trade and other receivables 20X1 20X0
Trade receivables (after allowance for credit losses) 17,203,023 14,855,273
Other receivables (no allowance for credit losses) 38,678 7,400
17,241,701 14,862,673
Trade receivables
Gross trade receivables 18,722,865 15,264,073
Allowance for credit losses (1,519,842) (408,800)
Net trade receivables 17,203,023 14,855,273
Movement in the allowance for credit losses: lifetime expected credit losses for
trade receivables without signi cant nancing components
Opening balance 408,800 253,359
Net movement in allowance for credit losses 1,111,042 155,441
Closing balance 1,519,842 408,800
Interest is charged on outstanding accounts at the South African prime lending

rate. Interest on outstanding accounts is waived at the discretion of the directors.

Analysis of the credit rating grades of the trade receivables, showing their ageing
(based on gross carrying values)
20X1 Total Not yet due Between 0 Between 31 More than
and 30 and 90 90 days
days days overdue
overdue overdue
AA-rated 16,622,851 12,420,663 3,494,256 552,959 154,973
BB-rated 2,100,014 850,879 520,562 420,570 308,003
18,722,865 13,271,542 4,014,818 973,529 462,976
20X0 Total Not yet due Between 0 Between 30 More than

and 30 and 90 90 days
days days overdue
overdue overdue
AA-rated 13,278,255 10,576,877 2,500,714 171,664 29,000
BB-rated 1,985,818 1,143,702 511,000 171,665 159,451
15,264,073 11,720,579 3,011,714 343,329 188,451
6. Loans receivable 20X1 20X0
Unsecured loan 31,439 31,439
The loan is interest free and has no xed date of repayment. It is therefore
treated as repayable on demand. No allowance for credit losses was created.
Page 17
7. Cash and cash equivalents 20X1 20X0
Cash and cash equivalents consist of:
Cash on hand 10,216 5,862
Bank balances 11,367 1,543,235
Bank overdraft (4,022,340) (74,697)
(4,000,757) 1,474,400
Current assets 21,583 1,549,097
Current liabilities (4,022,340) (74,697)
(4,000,757) 1,474,400
The banking facilities of the company are secured as follows:
• Limited letter of suretyship amounting to R4,500,000 by the parent.
• Cession of the company’s book debts.
• Cession of certain of the company’s debtor insurance policies.
8. Share capital 20X1 20X0
Authorised
1,000 Ordinary shares 1,000 1,000
Issued
100 Ordinary shares 100 100
All the unissued shares are under the control of the directors until the
forthcoming annual general meeting. Each of the three executive directors
(Bongani Arnott, Lee-Ann Losper and Saul Mkhize) hold 10 of the issued ordinary
shares.
9. Lease liabilities 20X1 20X0
Lease liabilities under instalment sale 3,478,157 2,174,382

agreements bear interest at varying rates and
are repayable in monthly instalments of
R187,851 (20X0: R94,833), inclusive of
interest. Secured by the right-of-use assets
disclosed in note 2. The interest expense
relating to the lease liabilities is disclosed in
note 16.
Less: Current portion included in trade and (2,082,213) (1,745,506)

other payables
1,395,944 428,876
Maturity analysis of undiscounted cash ows due relating to the instalment sale
agreements
Payable within one year 2,112,225 1,885,621
Payable between one and ve years 1,859,326 568,741
Total amounts payable in future (undiscounted) 3,971,551 2,454,362
Cash ows associated with leases

Presented under nancing activities
Cash payments for capital portion of lease 1,582,214 901,635

liability
Presented under operating activities

Cash payments for interest portion of lease 306,814 237,257
liability
Page 18
10. Deferred taxation 20X1 20X0
Deferred tax asset/(liability) related to the following temporary differences:
Trade and other receivables 356,525 30,290
Property, plant and equipment (4,281,013) (3,584,845)
Tax losses – 210,627
Net deferred tax liability shown on statement of (3,924,488) (3,343,928)

nancial position
Reconciliation of deferred tax liability

Opening balance (3,343,928) (2,394,757)
Recognised in pro t or loss (580,560) (949,171)
Closing balance (3,924,488) (3,343,928)
11. Trade and other payables 20X1 20X0
Trade payables 10,108,207 4,767,293
Current portion of lease liabilities 2,082,213 1,745,506
Other payables 1,191,473 1,097,663
13,381,893 7,610,462
12. Amounts owing to parent 20X1 20X0
Amount owed to parent on loan account 4,309,058 3,290,319
Amounts owed to parent on current account 5,579,657 14,628,126
9,888,715 17,918,445
The loan is unsecured, bears interest at varying rates and has no xed date of
repayment (it is deemed to be repayable on demand). The current account is
interest free and is repayable on demand.
13. Revenue 20X1 20X0
Sale of PVC goods: wholesale in South Africa 108,120,100 80,800,108
Sale of PVC goods: through business partners 20,200,026 17,002,040

to African market
128,320,126 97,802,148
14. Operating pro t 20X1 20X0
Operating pro t for the year is stated after accounting for the following:
Administration fees paid 416,979 189,141
Amortisation of intangible assets 20,160 19,595
Depreciation on property, plant and equipment 2,144,373 1,611,974
Electricity and water 2,671,303 1,874,252
Employee costs 7,392,144 6,672,819
Increase in allowance for credit losses 1,111,042 155,441
Inventory write-downs 1,210,557 792,317
Legal expenses 196,780 403,640
Loss on disposal of property, plant and 41,926 –

equipment
Motor vehicle and travelling expenses 700,106 624,262
Repairs and maintenance 1,766,620 2,268,055
Page 19
15. Investment income 20X1 20X0
Interest received
Bank balances 11,357 1,881
Trade receivables 191,476 –
Other 11,747 14,477
214,580 16,358
16. Finance costs 20X1 20X0
Bank overdraft 198,495 261,976
Lease liabilities 306,814 237,257
Other 428 9,800
505,737 509,033
17. Taxation 20X1 20X0
Major components of the tax expense
Current
Local income tax - current period 200,508 –
Deferred
Movement in pro t or loss 580,560 949,171
781,068 949,171
Reconciliation between applicable tax rate and average effective tax rate
Applicable statutory tax rate 28.00% 28.00%
Non-deductible expenses – 3.74%
Exempt income (1.26)% –
Effective tax rate 26.74% 31.74%
18. Auditors’ remuneration 20X1 20X0
Audit fees 117,700 100,000
Underprovision – prior years 23,950 90,250
141,650 190,250
19. Commitments
The company has provided a limited letter of suretyship amounting to R6,000,000

in favour of First National Bank for the obligations of its parent.
Page 20
20. Directors’ emoluments
Short-term bene ts
Salary Contribution to Total

pension fund
20X1
Bongani Arnott 500,000 50,000 550,000
Lee-Ann Losper 450,000 45,000 495,000
Saul Mkhize 420,000 42,000 462,000
Total 1,370,000 137,000 1,507,000
20X0
Bongani Arnott 480,000 48,000 528,000
Lee-Ann Losper 430,000 43,000 473,000
Saul Mkhize 400,000 40,000 440,000

Total 1,310,000 131,000 1,441,000
21. Related parties 20X1 20X0
The following are the transactions with related parties:
Administration fees paid

Parent 48,000 48,000
Purchases of goods and services

Parent 46,815,311 29,660,359
Fellow subsidiaries 3,121,592 23,622
Sales of goods and services

Parent 7,382,846 6,469,229
Fellow subsidiaries 26,087,482 4,971,278
Further related party details are as follows: Amounts owing to parent – refer note
12. The only key management personnel are the executive directors. For their
directors’ emoluments – refer note 20.
22. Risk management

Liquidity risk
The directors constantly monitor the liquidity of the company and actively manage
the company’s cash resources so as to maintain suf cient working capital
requirements. Liquidity risk is managed through the ongoing review of future
commitments, credit facilities and cash resources.
The table on the following page analyses the company’s nancial liabilities into
relevant maturity groupings based on the remaining period at the reporting date to
the contractual maturity date. The trade and other payables, current tax payable as
well as bank overdraft are short-term and shown at their carrying amount, as the
impact of discounting is not material. The lease liabilities are shown at their
undiscounted (future cash ow) amounts. The amounts owing to parent are
repayable on demand, and therefore shown as short-term, and at their carrying
amount, as the impact of discounting is not material.
Page 21
At 31 December 20X1 Less than 1 year Greater than 1 year but

less than 5 years
Trade and other payables 11,299,680 –

(excluding current portion of
lease liabilities)
Current tax payable 48,741 –
Lease liabilities 2,112,225 1,859,326

Bank overdraft 4,022,340 –
Amounts owing to parent 9,888,715 –
At 31 December 20X0 Less than 1 year Greater than 1 year
Trade and other payables 5,864,956 –

(excluding current portion of
lease liabilities)
Lease liabilities 1,885,621 568,741
Bank overdraft 74,697 –
Amounts owing to parent 17,918,445 –
Capital risk management

The company objective of capital management is to maximise shareholder value and
maintain healthy capital ratios in order to sustain its business.
There were no changes made in the objectives, policies or processes from the prior
year.
The company is not subject to any externally imposed capital requirements.

Interest rate risk
The company’s interest rate risk arises primarily from cash and cash equivalents
and lease liabilities, which bear interest at variable rates and expose the company
to cash ow interest rate risk.
The company’s cash and cash equivalents are reviewed on a periodic basis to
ensure that the best possible return is being obtained.
If interest rates had been 1% lower/higher during the year under review, and all
other variables remained constant, the company’s pre-tax pro t for the year would
have been R32,351 (20X0: R78,301) lower/higher.
Foreign exchange risk
The company imports some of its raw materials, which are invoiced in Australian
dollar and New Zealand dollar. All purchases in foreign currency are settled
immediately to minimise exposure to changes in exchange rates. (All sales are
invoiced in South African Rands.) The company monitors the Rand/Dollar exchange
rates and hedges itself by taking out over-the-counter forward contracts if necessary.
No such contracts were entered into during the current or prior nancial year.
If exchange rates had been 10% lower/higher during the year under review, and all
other variables remained constant, the company’s pre-tax pro t for the year would
have been R182,351 (20X0: R201,301) lower/higher.
Credit risk
Credit risk is concentrated principally in trade receivables as well as cash and cash
equivalents.
Page 22
Trade receivables
Managing credit risk on trade receivables: Before accepting any new credit
customer, the company uses an external party to assess the potential customer’s
credit quality (only AA- and BB-rated clients are accepted) and de nes credit limits
for each customer. Limits are reviewed periodically in accordance with the
requirements of the National Credit Act and upon request by a customer. Overall
credit limits are approved by the board of directors. This process minimises the
exposure to credit losses and affects the calculation of expected credit losses.
Certain trade receivables are insured through an external party depending on the
level of exposure to the company. The maximum exposure in respect of trade
debtors is the balances (carrying amounts) disclosed in note 5.
Accounting policies regarding the impairment testing and calculation of expected

credit losses are provided in note 1.5. A trade receivable is deemed to be credit
impaired, once it is more than 90 days overdue. To estimate the expected credit
losses, historical information is used and adjusted for forward-looking information
(such as the current depressed state of the local economy, which has caused an
increase in the allowance compared to the prior nancial year).
Cash and cash equivalents
The company deposits short-term cash surpluses only with major banks of high
quality credit standing. The maximum exposure in respect of cash and cash
equivalents is the debit-balances (carrying amounts) disclosed in note 7.
23. Contingent liability

Litigation is in process against the company relating to a dispute with the
Competition Commission, which alleges that the company has been involved in
price xing in the industry. The information usually required by IAS 37 Provisions,
Contingent Liabilities and Contingent Assets is not disclosed on the grounds that it
can be perceived to be prejudicial to the outcome of the litigation. The directors are
of the opinion that the claim can be successfully defended by the company.
24. Financial assets by category

The accounting policies for nancial instruments have been applied to the line items
below:
20X1 Amortised cost Total
Trade and other receivables 17,241,701 17,241,701
Loans receivable 31,439 31,439
Cash and cash equivalents 21,583 21,583
17,294,723 17,294,723
Trade and other receivables 14,862,673 14,862,673
Loans receivable 31,439 31,439
Cash and cash equivalents 1,549,097 1,549,097
16,443,209 16,443,209
Page 23
25. Financial liabilities by category

The accounting policies for nancial instruments have been applied to the line items
below:
Lease liabilities 1,395,944 1,395,944
Amounts owing to parent 9,888,715 9,888,715
Trade and other payables 13,381,893 13,381,893
Bank overdraft 4,022,340 4,022,340
28,688,892 28,688,892
Lease liabilities 428,876 428,876
Amounts owing to parent 17,918,445 17,918,445
Trade and other payables 7,610,462 7,610,462
Bank overdraft 74,697 74,697
26,032,480 26,032,480
Page 24
DETAILED INCOME STATEMENT

Revenue
Sale of goods 128,320,126 97,802,148

Cost of sales
Opening inventory (9,806,864) (9,998,626)
Purchases (104,794,348) (76,671,292)
Closing inventory 9,326,597 9,806,864
(105,274,615) (76,863,054)
Gross pro t 23,045,511 20,939,094
Other income
Bad debts recovered 10,000 –

Discount received 339,198 127,027
Interest received 15 214,580 16,358
Sundry income 151,197 152,052
714,975 295,437

Expenses (Refer to page (20,333,439) (17,735,073)

26)

Operating pro t 14 3,427,047 3,499,458
Finance costs 16 (505,737) (509,033)

Pro t before taxation 2,921,310 2,990,425
Taxation 17 (781,068) (949,171)
Pro t for the year 2,140,242 2,041,254
Page 25

Operating expenses
Advertising, entertainment 81,839 95,469

and sales promotion
Auditors’ remuneration 18 141,650 190,250
Bad debts 5,406 516,830
Bank charges 29,017 40,140
Computer expenses 144,505 205,606
Consulting and 206,470 117,115

professional fees
Consumables 321,333 370,246
Credit checks 212,060 140,017
Depreciation and 2,164,533 1,631,569

amortisation
Discount allowed 1,507,935 1,188,091
Employee costs 7,392,144 6,672,819

General expenses 424,424 341,497
Increase in allowance for 1,111,042 155,441

credit losses
Insurance 250,615 244,011
Loss on disposal of 41,926 –

property, plant and
equipment
Motor vehicle and 700,106 624,262

travelling expenses
Printing and stationery 105,631 58,558
Subscriptions 208,151 147,409
Telephone and fax 232,970 196,567
Travel – overseas – 64,088
20,333,439 17,735,073
Page 26
Extracts from Ntsimbi Piping Trial Balance and

Lead Schedules Final Trial Balance at 31 December
20X1
FINAL TRIAL BALANCE AT 31 DECEMBER 20X1
ACCOUNT 20X1
10101-COFR - “Sales - Covers & (58,567.00)

Frames”
10151-DRAI - “Sales - Drainage Pipe” (1,698,070.13)
10201-DROP - “Sales - Droppers” (478,143.60)
10251-DUCT - “Sales - Ducting Pipe (746,282.20)

A”
10301-DUCT - “Sales - Ducting Pipe (1,200,839.79)

B”
10351-ELEC - “Sales - Electrical (533,798.10)

Fittings”
10401-FABF - “Sales - Fabricated (75,761.00)
Fittings A”
10451-FABF - “Sales - Fabricated (188,979.48)

Fittings B”
10501-GUTF - “Sales - Gutter (1,264,086.10)

Fittings”
10551-HDPE - “Sales - HDPE Pipe” (9,169.95)
10601-LDPE - “Sales - LDPE Pipe” (2,552,385.30)
10651-NYLN - “Sales - Nylon Fittings” (4,792,770.34)
10701-PLUM - “Sales - Plumb Pipe” (9,037,423.00)
10751-PRES - “Sales - Pressure (75,718,198.38)

Pipe”
10851-RAWM - “Sales - Raw Material (3,211,859.55)

A”
10901-RAWM - “Sales - Raw Material (28,000.00)

B”
10951-RIGR - “Sales - Rigid Risers” (64,039.81)
10955-ADMN - “Sales - Price 4,357.83

Queries”
11001-SVFI - “Sales - S/V Fittings” (2,601,882.18)
11051-SVPI - “Sales - S/V Pipe” (5,003,717.62)
11101-SEWF - “Sales - Sewer (5,733,858.70)

Fittings”
11151-SEWP - “Sales - Sewer Pipe” (14,223,441.20)
11201-SPSA - “Sales - Sewer Pipe 57,001.75

non SABS”
19000-ADMN - “Sales - 839,787.94

Buyouts/Other Stock Purchases”
30006-INCO - “Income - Pro t/Loss 41,925.68

on Disposal of Assets”
40071-EXPS - “Expense - 86,666.64

Depreciation on Motor Vehicles”
40072-EXPS - “Expense - 16,901.79

Depreciation on Equipment”
40073-EXPS - “Expense - 14,567.24

Depreciation on Furniture & Fittings”
40074-EXPS - “Expense - 1,668,311.75

Depreciation on Plant & Machinery”
40076-EXPS - “Expense - 72,899.53

Depreciation on Computer
equipment”
40077-EXPS - “Expense - 35,026.12

Depreciation on Factory setup cost”
40078-EXPS - “Expense - 250,000.00

Depreciation on Buildings”
60011-PPAE - “Motor Vehicles @ 1,752,284.10

Cost”
60012-PPAE - “Motor Vehicles (685,324.56)

Accumulated Depreciation”
60017-PPAE - “Plant & Machinery @ 28,976,012.79

Cost”
60018-PPAE - “Plant & Machinery (8,530,318.17)

60019-PPAE - “Furniture & Fittings - (78,532.46)

60020-PPAE - “Furniture & Fittings @ 124,761.20

Cost”
60021-PPAE - “Of ce Equipment - (99,069.19)

60022-PPAE - “Of ce Equipment @ 125,549.98

Cost”
60023-PPAE - “Computer Equipment - (246,993.55)

60024-PPAE - “Computer Equipment 316,173.93

@ Cost”
60025-PPAE - “Factory Setup @ Cost” 420,516.19
60026-PPAE - “Factory Setup - (385,073.21)

60027-PPAE - “Land & Buildings @ 22,440,000.00

Cost”
60028-PPAE - “Buildings - (960,000.00)

Property, Plant and Equipment Lead Schedule
PROPERTY, PLANT AND EQUIPMENT AT 31 DECEMBER 20X1
Prepared by Reviewed by
IB CS
20X2/03/06 20X2/03/30
ACCOUNT 20X1
20.20.10.001 Property, plant and 54,155,298.19

equipment
60011-PPAE - Motor Vehicles @ Cost 1,752,284.10
60017-PPAE - Plant & Machinery @ 28,976,012.79

Cost
60020-PPAE - Furniture & Fittings @ 124,761.20

Cost
60022-PPAE - Of ce Equipment @ 125,549.98

Cost
60024-PPAE - Computer Equipment @ 316,173.93

Cost
60025-PPAE - Factory Setup Cost @ 420,516.19

Cost
60027-PPAE - Land & Buildings Cost 22,440,000.00

@ Cost

20.20.10.005 Property, plant and (10,985,311.14)

equipment: Accumulated depreciation
60012-PPAE - Motor Vehicles - (685,324.56)

Accumulated Depreciation
60018-PPAE - Plant & Machinery - (8,530,318.17)

60019-PPAE - Furniture & Fittings - (78,532.46)

60021-PPAE - Of ce Equipment - (99,069.19)

60023-PPAE - Computer Equipment - (246,993.55)

60026-PPAE - Factory Setup - (385,073.21)
60028-PPAE - Buildings - Accumulated (960,000.00)

Depreciation
43,169,987.05
Depreciation and Impairment Lead Schedule

DEPRECIATION AND IMPAIRMENTS: PROPERTY, PLANT AND EQUIPMENT FOR THE YEAR ENDED
31 DECEMBER 20X1
IB CS
20X2/03/06 20X2/03/30
ACCOUNT 20X1
20.35.00.00 Depreciation and amortisation: PPE 2,144,373.07
40071-EXPS - Expense - Depreciation on Motor Vehicles 86,666.64
40072-EXPS - Expense - Depreciation on Equipment 16,901.79
40073-EXPS - Expense - Depreciation on Furniture & 14,567.24

Fittings
40074-EXPS - Expense - Depreciation on Plant & 1,668,311.75

Machinery
40076-EXPS - Expense - Depreciation on Computer 72,899.53

equipment
40077-EXPS - Expense - Depreciation Factory setup cost 35,026.12
40078-EXPS - Expense - Depreciation on Buildings 250,000.00
2,144,373.07
Pro t and Loss on Disposal of Property, Plant and
Equipment Lead Schedule
PROFIT AND LOSS ON DISPOSAL OF PROPERTY, PLANT AND EQUIPMENT LEAD SCHEDULE
IB CS
20X2/03/06 20X2/03/30
ACCOUNT 20X1
20.36 P&L: PPE 41,925.68
30006-INCO - Income - Pro t/Loss on 41,925.68

Disposal of Assets
41,925.68
THE CONTEXT WITHIN PART
WHICH THE EXTERNAL A
AUDITOR OPERATES
CHAPTER 1 Introduction
CHAPTER 2 Ethics
CHAPTER 3 Legal responsibilities of the
auditor
Introduction CHAPTER 1
Henriëtte Scholtz
CHAPTER CONTENTS
Learning outcomes
Reference list
1.1 Background
1.2 What is the purpose of and need for accounting records?
1.3 What is the objective of and need for nancial statements?
1.4 Why are external auditors needed and what is the purpose of
an external audit?
1.5 What are examples of major corporate accounting scandals in
recent years?
1.6 What are the structures of the accounting and auditing
professions?
LEARNING OUTCOMES
Describe the purpose of and requirements for accounting
1. records.
2. Describe the Companies Act requirements relating to accounting
records and nancial statements.
3. Describe the assertions contained in nancial statements.
4. Identify and formulate the assertions applicable to the account
balances, classes of transactions and disclosures contained in
nancial statements.
5. De ne an external audit.
6. Explain the need for an external audit.
7. Contrast the external auditor’s responsibility in relation to the
nancial statements with that of a company’s directors.
8. Provide an overview of the steps in the audit process.
9. Describe the inherent limitations of an audit.
10. Differentiate between the types of assurance and non-assurance
engagements and types of auditors.
11. Understand the history of auditing and major events in its history.
12. State and describe the postulates in auditing.
13. Brie y describe the structure of the auditing profession locally
and internationally.
REFERENCE LIST
Companies Act 71 of 2008, sections 24, 28–31.

Companies Regulations 2011, regulation 25.
International Auditing and Assurance Standards Board (IAASB) (April
2007) International Standard on Auditing (ISA) 200 Overall Objective
of the Independent Auditor and the Conduct of an Audit in
Accordance with International Standards on Auditing, para A45–A52.
International Auditing and Assurance Standards Board (IAASB) (Dec
2013) International Standard on Auditing (ISA) 315 (Revised)
Identifying and Assessing the Risks of Material Misstatement through
Understanding the Entity and its Environment, para A123–A124.
IN THE NEWS
Audits could be perfect – but that would come at a cost1
There is no conceptual reason why audits should not be perfect.
Auditors could check every transaction from third-party
documentation, and mirror every aspect of the company’s
accounting and governance all the way from bookkeeper to board
level, in a separate independent structure, paid for by an
independent body. It would, of course, be ridiculously expensive.
So there needs to be a trade-off in society between risk and
reward. There also has to be a suf cient risk/reward for the audit
rms – if the risk is too great for the rewards they simply will not
undertake audits and certainly will not be willing to increase their
work to cover society’s expanding obligations.
No more cooked blocks – mainstream auditors enter the fray2
Auditing rms have long kept businesses and nancial
institutions in check with thorough investigations of company
accounts. The process ensures that everyone plays by the rules,
which protects both employees, investors and customers from
being burned by dodgy accounting practices. There is a distinct
difference between blockchain and an accounting ledger,
according to Cointelegraph contributor and international tax
attorney Selva Ozelli:
Blockchain is a ledger system that keeps track of
cryptocurrency or other digitally transferred information. But
Blockchain technology is not an accounting system and there is a
distinction between the two. Auditors have the knowledge to verify
nancial information prepared by a computer system, and
Blockchain is a ledger system. However, auditors will need to come
up to speed on the nuances of each Blockchain design, to be able
to properly audit and verify the information it produces. In the
future, as Blockchain is widely adopted and laws regarding
auditing nancial statements prepared using information produced
by Blockchain systems are amended, the function of auditors vis-a-
vis verifying nancial information prepared by Blockchains may
change.
1.1 Background
During the Industrial Revolution, businesses grew from entities owned
and managed by the same person into large corporations in which the
owners (shareholders) and management (executive directors) were
separate parties. As can be seen in Figure 1.1, the shareholders appoint
the directors of the company to manage their investment in the
company. is is known as the principal-agent theory, where the
shareholders are the principals and the directors are the agents.
e agency theory implies that if the principals do not trust the
agents to provide them with reliable and relevant information, they will
appoint external experts (called auditors), who are independent of the
agents, to review the credibility of the information presented to them.
Today this manifests as follows: e board of directors of a company
is responsible for, among other things, the preparation of nancial
statements (and other reports) for external users (including
shareholders) to account for their stewardship of the company. An
external audit of nancial statements is performed in order to enhance
the credibility of the nancial statements from the users’ perspective
and to reduce the risks that incorrect or misleading information is
conveyed in the nancial statements – as this may lead to incorrect
economic decision making by the users of the nancial statements.
What enhances the credibility of audited nancial statements is the
auditor’s report that accompanies the nancial statements (refer to
page 2 of Ntsimbi Piping’s nancial statements). is is prepared and
issued by the external auditor after the audit team has completed a
process known as the audit process (refer to section 1.4.5.3.1 of this
chapter and to Chapter 11 for more details). In this auditor’s report, the
auditor expresses a high level of assurance (comfort) on whether the
nancial statements fairly present the nancial position, performance
and cash ows of the company.3
CRITICAL THINKING
What can shareholders do if they are not satis ed with the way
in which directors are using the company’s assets and
resources in which their funds are invested?
Shareholders appoint the directors and they can vote at a
shareholders’ meeting to remove the directors.
Figure 1.1: Shareholders – directors – auditor relationship
1.2 What is the purpose of and need for

accounting records?
1.2.1 e purpose of accounting records
1.2.1.1 e nature of accounting records
Accounting records are an entity’s manual or computerised records of
its assets and liabilities, revenues and expenses, equity and other
monetary transactions. ese records consist of various journals (books
of prime entry), general and subsidiary ledgers, and supporting
documents (such as agreements, invoices, expense vouchers), which an
entity is required to retain for a certain number of years.4
1.2.1.2 e need for accounting records

Accounting records are needed for an effective nancial management
system in an entity. ey are used by management to:
• Record and keep track of transactions and other economic activities;
• Obtain relevant information in a timely fashion so management can
make decisions such as the pricing of the entity’s products, the
funding requirements and the strategic direction of the entity;
• Measure results and evaluate the performance of the business
against the goals and targets set by them; and
• Enable them to prepare nancial statements for reporting to external
parties, including shareholders.
Businesses as well as individuals should have accounting records.

Individuals need accounting records when submitting income tax
returns, as they may, for example, be asked to provide evidence of the
income declared and expenses claimed on income tax returns.
CRITICAL THINKING
Why do sole proprietors need accounting records?
Sole proprietors need accounting records when they apply for
nance, for completing tax returns, and to enable a potential
buyer or investor to look at the records if a sole proprietor is
selling or expanding the business.
In South Africa, legislation requires companies keep proper accounting
records. Refer to section 1.3.4 of this chapter for the Companies Act 71
of 2008 requirements relating to accounting records.
1.2.2 Examples of accounting records

e following are examples of accounting records that may be used to
keep track of sales transactions entered into by Ntsimbi Piping with its
customers (refer to documents in section 1 of the appendix at the end of
the book):
• An internal sales order is issued to keep track of an order received
from a customer;
• A delivery note is issued when pipes are delivered to the customer
as proof of delivery;
• A sales invoice is issued to inform the customer of the amount that
is due for the goods supplied;
• e transaction is recorded in the sales journal and debtors ledger
from the sales invoice;
• e total of all the sales invoices recorded in the sales journal is
posted (or transferred) to the general ledger;
• e general ledger balances and totals are transferred to the trial
balance; and
• e trial balance is used as a basis to prepare the company’s
nancial statements.
Figure 1.2: Sales transaction
CRITICAL THINKING
What documentation would be created for a purchases
transaction?
For a purchases transaction the following documentation would
be present:
• Purchase order
• Supplier delivery note
• Goods received note
• Supplier purchase invoice
• Purchases journal and creditors ledger
• Supplier statement
• General ledger
• Trial balance
• Financial statements
Refer to Chapters 6 to 10 for many more examples of accounting records

that are used by Ntsimbi Piping.
1.3 What is the objective of and need for

nancial statements?
Turn to the nancial statements of Ntsimbi Piping at the beginning of
the book and scan all 24 pages of these statements. Consider the various
notes that provide additional information about various line items on
the Statement of Financial Position, Statement of Comprehensive
Income and Statement of Cash Flows. As you are looking through the
nancial statements, think about how readers of Ntsimbi Piping’s
nancial statements may use the various types of information
disclosed.
1.3.1 e objective of nancial statements

According to the Conceptual Framework for the Financial Statements
(IFRS standards), the objective of nancial statements is to provide
nancial information about the reporting entity that is useful to a wide
range of users in making economic decisions. e economic decisions
involve buying, selling or holding equity and debt instruments, and
providing or requiring the settling of loans and other forms of credit.5
Financial statements prepared for this purpose meet the common
needs of most users. However, nancial statements do not provide all
the information users may need to make economic decisions, since
they largely portray the nancial effects of past events and contain
limited forward-looking information.
As was discussed in section 1.1 of this chapter, according to the
principal-agent theory, it is necessary that there is a communication
line between owners and managers. e nancial statements of Ntsimbi
Piping create this line and provide the management of Ntsimbi Piping
with the opportunity to show the results of their stewardship of the
money entrusted to them (the accountability of management for
resources entrusted to them) by the owners of the business.
1.3.2 Responsibility for accounting records

and nancial statements
e board of directors of a company (i.e. those charged with the
governance of the company) has the responsibility to ensure that
proper accounting records are kept and to prepare and approve
nancial statements before publication. e day-to-day responsibility
of the nance function of the company can be delegated to the
accounting function of the company but the board of directors remain
ultimately responsible for the accounting records and nancial
statements.
According to International Accounting Standard (IAS) 1, the nancial

statements of a company consist of:
• A statement of nancial position as at the end of a period;
• A statement of pro t and loss and other comprehensive income for
the period;
• A statement of changes in equity for the period;
• A statement of cash ows for the period;
• Notes consisting of a summary of signi cant accounting policies and
other explanatory information;
• Comparative information in respect of the preceding period; and
• A statement of nancial position as at the beginning of the preceding
period when an entity applies an accounting policy retrospectively
or makes a retrospective restatement of items in its nancial
statements or when it reclassi es items in its nancial statements.6
e chief nancial officer (CFO) (sometimes referred to as the nancial

director) is normally responsible for overseeing the compilation and
nalisation of the nancial statements which have to be considered and
approved by the board of directors before publication.
e board of directors is responsible for ensuring that transactions
and events that took place during the year are fairly presented in the
nancial statements. Directors who knowingly misrepresent
information in nancial statements are in contravention of section 29 of
the Companies Act and are guilty of a criminal offence. e audit
committee, if it exists, (refer to Chapter 4 for details) is a subcommittee
of the board of directors and has, among other things, an oversight
function over the nancial statements, thereby assisting the board in
discharging its responsibilities.
CRITICAL THINKING
Who is ultimately responsible for nancial statements?
According to the Conceptual Framework for the Financial
Statements, management (in South Africa for companies, this is
the board of directors as per the Companies Act) is ultimately
responsible for the preparation and presentation of nancial
statements.
1.3.3 e assertions made by the preparers of
the nancial statements
When issuing nancial statements, the preparers of these statements
(management/directors) are effectively making many representations
(statements) about, among other things, the nancial position, nancial
performance and cash ows of the entity. ese representations made
by management are called assertions (refer to the IAASB Glossary of
Terms).
ISA 315.A129 classi es the assertions as follows:
• Assertions relating to classes of transactions, events and related
disclosures; and
• Assertions relating to account balances and related disclosures.
To understand the assertions, we rst have to understand the concepts

of classes of transactions, account balances and disclosures. e trade
receivables control account of Ntsimbi Piping (Pty) Ltd is set out below:
TRADE RECEIVABLES CONTROL ACCOUNT
Opening 13,587,696 Bank (receipts xxx xxx xxx

balance from debtors)
(1/1/20X1)
Credit sales xxx xxx xxx Sales returns x xxx
Allowance for x xxx

credit losses
adjustment
Closing 16,584,187
balance
(31/12/20X1)
You will notice that the account consists of the following elements:
• An opening balance;
• Various types of debit and credit entries; and
• A closing balance.
Note the types of debit and credit entries that appear in the account,
such as credit sales entries on the debit side and sales returns entries on
the credit side. Each of these types of debit and credit entries represents
a class of transactions impacting the account. e closing balance is
the account balance, whereas the note to the nancial statements
where additional information about trade receivables is provided (note
5 on page 17 of the Ntsimbi Piping (Pty) Ltd nancial statements) is the
disclosure.
Now look at Table 1.1 that provides descriptions of the various
assertions and also indicates which assertions apply to which of the
three elements explained above.
Table 1.1: Assertions
CLASSES OF
ACCOUNT
TRANSACTIONS,
BALANCES AND
ASSERTIONS EVENTS AND
RELATED
RELATED
DISCLOSURES
DISCLOSURES
Existence:
Assets, liabilities
and equity that
appear in the
X
nancial statements
exist at the date of
the nancial
statements.
CLASSES OF
ACCOUNT
TRANSACTIONS,
BALANCES AND
RELATED
RELATED
DISCLOSURES
DISCLOSURES
Occurrence:
Transactions and
events that have
been recorded in the
nancial statements X
have actually
occurred during the
nancial period and
relate to the entity.
Accuracy, valuation
and allocation:
Assets, liabilities
and equity are
included in the
nancial statements
at the correct
amounts and any
adjustments to the X
valuation or
allocation have been
appropriately
recorded and
disclosures have
been appropriately
measured and
described.
CLASSES OF
ACCOUNT
TRANSACTIONS,
BALANCES AND
RELATED
RELATED
DISCLOSURES
DISCLOSURES
Accuracy:
Amounts and other
data relating to
recorded
transactions have
been recorded
appropriately (e.g. in X
the correct amounts)
and appropriate
disclosures have
been appropriately
measured and
described.
Rights and
obligations:
The entity holds or
controls the rights to
the assets re ected
X
in the nancial
statements, and
liabilities re ected
are the obligations
of the company.
CLASSES OF
ACCOUNT
TRANSACTIONS,
BALANCES AND
RELATED
RELATED
DISCLOSURES
DISCLOSURES
Cut-off:
Transactions and
events have been
X
recorded in the
correct accounting
period.
Completeness:
All transactions,
events, assets,
liabilities, equity and
disclosures that
should have been X X
recorded and
included in the
nancial statements
have been recorded
and included.
Classi cation:
Assets, liabilities,
equity, transactions
X X
and events have
been recorded in the
proper accounts.
CLASSES OF
ACCOUNT
TRANSACTIONS,
BALANCES AND
RELATED
RELATED
DISCLOSURES
DISCLOSURES
Presentation:
Financial information
is appropriately
presented and X X
described, and
disclosures are
clearly expressed.
Ntsimbi Piping
Example: Property Plant and Equipment (PPE) with a carrying amount
of R43,169,987 in the Statement of Financial Position of Ntsimbi Piping
at 31 December 20X1
e directors of Ntsimbi Piping have made the following assertions by
re ecting the PPE balance on page 7 of the Statement of Financial
Position:
Existence: PPE of R43,169,987 actually exists at 31 December 20X1;
Accuracy, valuation and allocation: e PPE re ected in the
Statement of Financial Position at R43,169,987 is measured at the
appropriate carrying amount (meaning the assets were appropriately
measured at recognition; as well as continue to be appropriately
measured after recognition – i.e. taking into account adjustments for
impairments, depreciation, etc.) and disclosures have been
appropriately made (e.g. gross carrying amount and accumulated
depreciation at the beginning and end of the year);
Rights: Ntsimbi Piping holds the rights to the PPE of R43,169,987 at 31
December 20X1;
Completeness: All PPE assets of Ntsimbi Piping that should have been
recorded are recorded in the account balance re ected in the Statement
of Financial Position at 31 December 20X1;
Classi cation: All PPE assets of Ntsimbi Piping have been recorded in
the proper accounts (e.g. the PPE assets have been recorded as PPE and
not as intangible assets); and
Presentation: All PPE assets of Ntsimbi Piping have been appropriately
presented and disclosures are clearly expressed (e.g. the depreciation
method, depreciation rate and useful lives have been disclosed, as well
as reconciliation of carrying amount from beginning of the year to the
end of the year, showing additions to PPE, disposals of PPE,
revaluations of PPE, depreciation and any other movements).
WHY? Why is the ‘obligations’ assertion not an applicable

assertion for PPE?
PPE are assets and a company normally holds or
controls the rights to these assets. Liabilities are
obligations of the company.
CRITICAL THINKING
How should cryptocurrency be accounted for?7
There are no current existing accounting requirements to account
for cryptocurrency. Accounting at fair value with movements
re ected in pro t or loss would provide the most useful
information to investors.8
1.3.4 Companies Act requirements for

accounting records and nancial
statements
e Companies Act 71 of 2008 (hereinafter referred to as the
‘Companies Act’) requires every South African company to keep
accurate and complete accounting records in one of the official
languages at the company’s registered office (section 28).
e accounting records have to be sufficient to enable the company
to prepare nancial statements and, if applicable, to enable the auditors
of the company to audit the nancial statements.
Regulation 25(3) of the Companies Regulations 2011 sets out what is

required to be included in the accounting records of a company.
Examples of this include:
• A record of the company’s assets and liabilities;
• Records of any property held by the company in a duciary capacity;
• A record of inventory to enable the valuation of inventory at year-
end (if the company trades in goods); and
• Records of the company’s revenue and expenditure, including daily
records of all money received or paid out and daily records of goods
purchased and sold on credit.
Section 24 of the Companies Act requires a company to keep all
documents, accounts, books, writing or other information in written
format, or electronic or other form, for a minimum period of seven
years. Section 28 of the Companies Act states that it is an offence for a
company to fail to keep accounting records or to keep accounting
records in a format other than the prescribed format.
Look up the Companies Regulations to nd the complete list of

accounting records that companies have to keep.
e Companies Act has a number of requirements with regard to

nancial statements. Section 29(1) requires that any nancial
statements prepared and issued by a company must:
• Satisfy any prescribed nancial reporting standards applicable to the
company (e.g. International Financial Reporting Standards (IFRS)
(for details of the applicable nancial reporting frameworks refer to
Chapter 2 and the discussion of regulation 27) as to the format and
content of the nancial statements);
• Fairly present the affairs of the company and explain the nancial
position of the company;
• Show the company’s assets, liabilities, equity, income and expenses
and any other prescribed information;
• Set out the date on which the nancial statements were produced
and the accounting period to which they relate; and
• On the rst page of the nancial statements, contain a note stating
whether the nancial statements have been audited or
independently reviewed. e name and professional designation of
the person who prepared or supervised the preparation of the
nancial statements must also be included.
Section 29(2) requires that if a company provides any nancial

statements to any person for any reason, these nancial statements may
not be false or misleading in any material respect, or incomplete.
Section 29(6) adds that it is an offence for any person to prepare,
approve, disseminate or publish any nancial statements knowing that
these nancial statements are false, incomplete, misleading or if they do
not comply with the requirements of section 29(1) above.
Section 30 of the Companies Act requires a company to prepare

nancial statements within six months after the year-end of the
company. e nancial statements must:
• Include an auditor’s report;
• Include a director’s report;
• Be approved by the board and signed by an authorised director; and
• Be presented at the rst shareholders’ meeting after the nancial
statements have been approved.
Disclosures about directors’ remuneration must be included in the

nancial statements for companies that have to be audited (for details
refer to section 30 of the Companies Act covered in Chapter 2).
Section 31 provides that shareholders are entitled to receive a copy
of the nancial statements. Judgement creditors and trade unions can
apply to the company or to the Commissioner of Companies to receive
a copy of the nancial statements. It is an offence for a company to
refuse access to the nancial statements to any of these parties.
1.4 Why are external auditors needed and

what is the purpose of an external
audit?
1.4.1 e need for external auditors
A perception may exist that external auditors are needed because
legislation requires companies’ nancial statements to be audited
(these audits are sometimes referred to as statutory audits, as they are
required by statute). However, the need for external auditors arose long
before company audits became a legal requirement in certain countries.
As was discussed in section 1.1 of this chapter, according to the
principal-agent theory, the ownership and management of a company
is split. e owners (or shareholders) in such situations delegate some
decision-making powers relating to the functioning of the company to
the board of directors, thereby entrusting the directors to act in the best
interests of the company. e owners and directors could have different
motives and there could also be a lack of trust that the agents will act in
the best interests of the principals. e agents are normally in uenced
by factors such as nancial rewards (salaries and bonuses), labour
market opportunities and relationships with other parties not relevant
to the principals and may therefore misrepresent their entity’s nancial
statements.
Certain mechanisms are therefore put in place to reinforce the trust
that the shareholders place in directors. One of these mechanisms is the
audit of the nancial statements of a company. On the basis of the
audit, an independent party (the auditor) reports to the owners on
whether the directors have fairly presented the nancial effects of their
activities to the owners in the nancial statements.
1.4.1.1 e external audit can add value
1.4.1.1.1 It encourages good corporate governance in a company

e external auditor provides a check on the information aspects of the
corporate governance system. e external auditor’s primary role in
corporate governance is to ensure that the nancial information given
to the shareholders (i.e. users of the nancial statements) is fairly
presented (i.e. free from material misstatements). Refer to Chapter 4 for
detailed information about the governance of companies.9
1.4.1.1.2 It makes it easier and safer to invest in wealth-creating

businesses
As part of the audit, the auditor collects audit evidence to express an
opinion whether or not the nancial statements are free of material
misstatement. e auditor also evaluates management’s view on
whether the company will be able to continue as a going concern in the
foreseeable future. rough the audit process, the auditor adds
credibility to the nancial statements prepared by management. is
allows investors and providers of credit nance to use the nancial
statements with greater con dence in making equity investments and
loan advances.10
1.4.1.1.3 It improves legitimate tax collection, thereby reducing

taxes for all
Government agencies (such as SARS) are able to take comfort from the
fact that an independent, external auditor has examined the nancial
records of a company. is reduces the need for speci c and detailed
inspections by government employees or agents. is, in turn, means
that the cost of compliance is borne by all those required to comply,
rather than adding to the tax burden of taxpayers generally. As a result,
an audit adds value for all taxpayers by ensuring that companies carry
their proper share of the burden of taxation.
It improves the accuracy of the information contained in
1.4.1.1.4
nancial statements
Even if the auditor’s report indicates that the nancial statements
‘present fairly’, it does not mean that this would have been the case
without the audit. During the course of the audit, a number of material
misstatements may be detected by the audit team and reported to
management. If corrected by management (which is often the case), the
audit will therefore improve the integrity of the data contained in the
nancial statements.11
1.4.2 e history of auditing

Auditors have been around since the early times of accounting. With the
development of economies, it came about that one person was
entrusted with the property of another person (the agency principle
introduced in section 1.1 of this chapter). is created the need for
accounting and for some sort of checking on whether the property was
managed properly.
e rst recorded auditors were the spies of King Darius of Persia
(552 to 486 BC). ese auditors acted as the king’s ears, checking on the
governors of the provinces in Persia. e word ‘auditor’ originates from
the Latin word ‘audire’ which means ‘to hear’. In ancient times, auditors
used to listen to oral reports from the officials (or stewards) to the
owners. e auditors needed to con rm the accuracy of these reports.
In time, the role of the auditor evolved from verifying oral reports to
checking the accuracy of written reports.
Prior to 1500 AD, nearly all accounting systems were concerned with
accounting for the activities of government and the only form of
auditing or checking was that separate records had to be kept by two
different scribes. e purpose of these records was mainly to detect
fraud, to minimise errors and to ensure that the custodians of resources
were honest. Internal controls did not exist (refer to Chapter 4 for
details of internal control systems).
In 1494, Luca Pacioli, a Franciscan friar, rst codi ed the double-
entry system in his mathematics textbook Summa de arithmetica,
geometria, proportioni et proportionalità. e debit/credit system,
explained in this text, forms the basis for all modern accounting
systems.
e Industrial Revolution (1750–1850) was a period of economic
growth. One feature of this era was that the management of the business
passed from owners to professional managers. e demand for
auditors, independent from management, increased during the period
1850 to 1905. e demand for auditors was not only in relation to the
need to detect clerical errors, but also to manage fraud. During this
period, auditors began to report to the owners of an entity on the work
they performed, and the independent auditor’s report emerged. e
British Parliament passed the Joint Stock Companies Act in 1844. is
Act required that the directors should report to the shareholders on the
nancial affairs of the company by way of an audited balance sheet. In
1900, the rst statutory requirement for an independent audit was
written into the British Companies Act.
During the late 1800s, the concept of selective testing was
developed, whereby the auditors selected only a sample of transactions
where it was not economically feasible to examine all transactions. By
1940, the use of testing was the rule and detailed checking the
exception. During this period, it was also recognised that the adequacy
of internal controls could reduce the extent of substantive testing
required from auditors. e relevance of effective internal controls is
today recognised by auditors as an important factor in determining the
timing, nature and extent of audit procedures.
In the period 1905 to 1950, the objective of an audit in the United
States of America (USA) changed from detecting fraud to reporting on
the reported nancial condition of the company. During the period
1933–1940, the wording of the auditor’s report in the USA changed from
‘present a true and fair view’ to ‘present fairly’ the state of affairs of a
company. Today, ISA 700 allows both of these alternative wordings to be
used in the auditor’s report.12
1.4.3 e history of the external auditing

profession in South Africa
e British colonial services performed elementary audit functions in
South Africa from the late 18th century. Mr Barlow was appointed as the
rst auditor-general of the Cape Colony in 1788.
e discovery of minerals in South Africa led to booming
economies. e need for information about companies and reliable
accounting services increased. e rst stock exchange law in South
Africa was passed in 1864, namely the Natal Joint Stock Exchange
Limited Liability Law, followed by the Cape Companies’ and
Associations’ Trustee Act in 1873 and the Cape Companies’ Act in 1892.
is led to the statutory recognition of auditors in South Africa. Soon,
British accountants ocked to the Zuid-Afrikaanse Republiek (ZAR) and
established professional accounting associations. e rst Institute of
Accountants and Auditors in South Africa was formed in 1894 in the
then Transvaal province (with 65 members), followed by the Institute of
Accountants in Natal. e Free State and the Cape Societies were
voluntarily formed. In 1904 the Cape Colony’s Legislative Council
passed an ordinance incorporating the Transvaal Society of
Accountants. It was the rst law to regulate the accounting profession
and required a register of all public accountants to be kept. Members
could use the designation ‘Registered Public Accountant (Transvaal)’.
With the formation of the Union in 1911, the four bodies attempted to
amalgamate but it was not until 1945 that the Joint Council of Chartered
Accountants was created.
In 1921, the provincial bodies established the South African
Accountants Societies General Examination Board (GEB) which
provided uniform conditions for admission, examinations and
regulation of articles. e Joint Council of Chartered Accountants
played a critical role in the drafting and approval of the Public
Accountants and Auditors Act of 1951. is Act provided for the
establishment of a register of public accountants and auditors who
engaged in public practice and who called themselves ‘Registered
Accountants and Auditors’. e Act provided for the establishment of
the Public Accountants and Auditors Board (PAAB), the registration and
control of articled clerks and the conduct of examinations. e
Chartered Accountants Designation (Private) Act was passed in 1927
and allowed members the right to the use of the designation ‘Chartered
Accountant (SA)’.
International and local corporate failures increased the need for the
regulation of auditors to be tightened worldwide, and for governments
to play a role in this. e Auditing Profession Act 26 of 2005 was
promulgated and became effective in April 2006, replacing the PAAB
with the Independent Regulatory Board for Auditors (IRBA). e latter,
a public entity in terms of the Public Finance Management Act 1 of
1999, for the rst time saw the external auditing profession in South
Africa regulated by a board of whom the majority of members are non-
auditors.13
1.4.4 e purpose of an external ( nancial

statement) audit
Financial statements are used for a variety of purposes and decisions.
Some of the uses of the nancial statements include: the shareholders
of a company use them to evaluate management’s stewardship;
investors use them to decide whether to invest in a company or to sell
their investment; and banks use them to decide whether or not to grant
a loan to the company.
As discussed in section 1.3.3 of this chapter, nancial statements are
representations made by management about the entity. e user of the
nancial statements must recognise that the preparation of the
nancial statements requires management to make signi cant
accounting estimates and judgements and to determine which of the
accounting principles and methods are most appropriate to apply to the
entity.
On the other hand, the auditor’s responsibility is to express an
opinion on whether management has fairly presented the information
in terms of the stated nancial reporting framework (e.g. IFRS). In an
audit, the nancial information is evaluated by the auditor who is
knowledgeable about auditing, accounting and nancial reporting
matters. is enhances the degree of con dence of intended users in
the nancial statements.
During the audit, the auditor collects evidence to obtain reasonable
assurance that the amounts and disclosures in the nancial statements
are free from material misstatement. Refer to section 1.4.5.2 for the
reasons why the auditor can only provide reasonable assurance and
cannot identify every error or irregularity in the company being
audited.
e term reasonable assurance refers to a high level of assurance. It
is achieved when the auditor has obtained sufficient and appropriate
audit evidence to reduce the risk of expressing an incorrect opinion on
the nancial statements (we call this risk, audit risk) to an acceptably
low level. Audit risk is discussed in more detail in Chapter 11.
e auditor also evaluates whether the audit evidence obtained
provides evidence that the company will be able to carry on its business
(continue as a going concern) in the foreseeable future. However,
neither the auditor nor management can guarantee the future success
of the business, as the future is uncertain.
When auditing the nancial statements, the auditor follows a
process that is called the audit process (refer to Chapter 11 in this
regard). e audit process has to comply with International Standards
on Auditing (ISAs).14
Now read through the auditor’s report on page 2 of the Ntsimbi Piping
nancial statements again. Note in particular the wording of the opinion
of the auditor.
WHAT What if the nancial statements are not prepared in

accordance with the relevant nancial reporting
IF? framework?
Then a modi ed auditor’s report will be issued (Refer to
ISA 705).
The opinion paragraph may look like this:
In our opinion, because of the signi cance of the
matter discussed in the basis for adverse opinion
paragraph, the nancial statements do not present
fairly the nancial position of Ntsimbi Piping (Pty)
Ltd as at 31 December 20X1 and its nancial
performance and cash ows for the year ended then
in accordance with the International Financial
Reporting Standards, and the requirements of the
Companies Act of South Africa.
Note: In addition to the external ( nancial statement) audit, other types

of audits also exist. ese are described in section 1.4.5.3 of this chapter.
1.4.5 Providing assurance

1.4.5.1 Assurance provided by an external audit
By expressing an audit opinion on the nancial statements, the
independent auditor provides assurance to the users of the nancial
statements.
e auditor cannot provide absolute assurance that the nancial
statements are free from material misstatement due to fraud and error.
An audit can only provide reasonable assurance on the nancial
statements for a number of important reasons as explained in the next
section. ere is thus an unavoidable risk that some material
misstatements may not be detected when performing an audit. is is
due to the inherent limitations of an audit.
1.4.5.2 Inherent limitations of an external audit (ISA

200.A45–A52)
1.4.5.2.1 e nature of nancial reporting

Judgement is used by management when preparing nancial
statements. Management has to apply judgement when applying the
requirements of the relevant nancial reporting framework (e.g. IFRS or
IFRS for SMEs – refer to Companies Regulations, 2011, speci cally
regulation 27) to the speci c facts and circumstances of the entity.
Moreover, management has to make many estimates in preparing the
nancial statements, among other things, about the useful lives of
property, plant and equipment, the allowance for credit losses
(impairment of debtors) and allowance for obsolete inventory (write-
downs to net realisable value).
1.4.5.2.2 e nature of audit procedures

ere are practical and legal limitations on the auditor’s ability to obtain
audit evidence supporting management’s assertions in the nancial
statements:
• During the audit, the directors of the company provide
documentation and explanations to the auditor. e auditor uses
these to come to conclusions about the transactions, balances and
disclosures being audited. erefore, this information persuades the
auditor to draw a conclusion on whether the nancial statements are
indeed a fair presentation. However, the information supplied by
directors could be (intentionally or unintentionally) incorrect or
incomplete and could also be misrepresented to the auditor.
• Fraud committed by management may involve clever schemes to
hide the fraud. e auditor is not expected to be an expert in the
authentication of supporting documents if fraud is involved.
1.4.5.2.3 Timeliness of nancial reporting and balance between

bene t and cost
• ere is an expectation by the users of the nancial statements that
the auditor will complete the audit within a reasonable time frame
and at a reasonable cost. It is not only impractical to audit all the
information available, but the relevance of the audit opinion to users
of nancial statements is diminished if an extended period of time
elapses between the entity’s year-end and the date on which the
auditor’s report is issued. is time pressure impacts on the amount
of audit work that can be performed by the auditor.
• In planning an audit, the reliability of audit evidence and the cost
involved in obtaining it should be balanced. e reliability of audit
evidence is in uenced by its source and by its nature and is
dependent on the individual circumstances under which it is
obtained. e auditor needs to consider what it will cost to obtain
the audit evidence compared to the bene t the auditor will derive
from it. For example, if the auditor is unable to reach a debtor when
attempting to obtain a written con rmation of the debtor’s balance
outstanding (the debtor may reside in a rural area), the auditor has
to consider whether there are other ways to con rm the existence of
the debtor.
• Due to constraints on time and resources available to perform the
audit and also the cost involved, the auditor cannot verify every
single transaction that occurred in the company being audited.
erefore, the auditor selects a sample of transactions and events
that occurred during the nancial year and conducts audit
procedures on the selected sample. e fact that the entire
population is not investigated by the auditor creates the risk that
fraud or errors could go undetected.
CRITICAL THINKING
Can an auditor guarantee that the nancial statements are
100% accurate?
No, an audit can only provide reasonable assurance for reasons
listed in 1.4.5.2 above.
1.4.5.3 Assurance and non-assurance engagements
1.4.5.3.1 Assurance engagements (International Framework for

Assurance Engagements)
An assurance engagement is an engagement in which the auditor
expresses a conclusion designed to enhance the degree of con dence of
intended users (other than the party responsible for preparing the
information being evaluated) about the outcome of the evaluation or
measurement of the information against predetermined criteria. (e
IAASB Glossary of Terms contains a more comprehensive de nition.)
According to the International Framework for Assurance Engagements,
the following ve elements have to be present for an assurance
engagement to exist:
1. ree-party relationship
• A practitioner appointed by the shareholders (refer to Figure
1.1) who could be a practitioner performing audits (e.g. the
external auditor) or a practitioner performing review
engagements;
• A responsible party, such as management responsible for the
preparation of the nancial
• statements; and
• Intended users, such as shareholders and investors.
2. Appropriate subject matter, examples of which include:
• Financial performance or conditions (e.g. nancial statements);
• Non- nancial performance or conditions (e.g. number of units
sold/manufactured);
• Physical characteristics (e.g. capacity of a facility);
• Systems and processes (e.g. internal control); and
• Behaviour (e.g. corporate governance).
3. Suitable criteria
• Benchmarks used to evaluate or measure the subject matter
against, for example, IFRS or internal control frameworks.
4. Evidence
• An assurance engagement has to be planned and performed to
obtain sufficient appropriate evidence to support the opinion
that the practitioner expresses.
5. Assurance report
• e practitioner has to provide a written report containing a
conclusion that conveys the assurance obtained.
e International Framework for Assurance Engagements identi es two

types of assurance engagements a practitioner is permitted to perform,
namely reasonable assurance engagements and limited assurance
engagements. Assurance engagements include, among other things,
nancial statement audits (an example of a reasonable assurance
engagement) and review engagements (an example of a limited
assurance engagement).15
Reasonable assurance engagements
As mentioned above, an example of a reasonable assurance
engagement is a nancial statement audit. Management ful ls its
obligations to the shareholders of a company by reporting the
company’s nancial performance, nancial position and cash ow
position in the form of nancial statements compliant with IFRS. In the
nancial statements, the assets, liabilities, equity and classes of
transactions and events are recognised, measured, presented and
disclosed according to the requirements of IFRS. e external auditor is
appointed by the shareholders of the company to express an opinion on
the fair presentation of management’s nancial statements in terms of
the requirements of, say, IFRS.
Figure 1.3 illustrates how the audit process links to nancial
statements and the auditor’s opinion. In order to form an opinion that
conveys reasonable assurance on the client’s nancial statements, the
auditor applies a process (a series of activities and procedures) that is
prescribed by the ISAs. is process is called the audit process and is
discussed in Chapter 11.
e audit process involves the following four phases:

1. Pre-engagement activities, which aim to establish whether the
auditor can and wants to accept the engagement as auditor of the
client, and if so, includes establishing the terms of the engagement.
2. Audit planning, during which the auditor determines how the
audit should be performed in an efficient and effective manner.
Planning includes the design of speci c audit procedures to be
performed by the auditor, taking into account an understanding of
the engagement circumstances and risks.
3. Performing the planned audit procedures in order to obtain
sufficient appropriate audit evidence to determine (and then
support) the auditor’s conclusion and opinion on the nancial
statements.
4. Evaluating the audit evidence gathered, forming the audit
opinion on the basis thereof and expressing this opinion in the
auditor’s report.
Limited assurance engagements
Limited assurance engagements are also engagements in which the
auditor draws a conclusion and expresses an opinion in terms of
suitable criteria, for example, a nancial reporting framework (like
IFRS). However, the procedures performed by the practitioner in this
type of engagement, and consequently the assurance provided, are
more limited than in the case of a reasonable assurance engagement.
An example of a limited assurance engagement includes the
independent review required by the Companies Act for certain types of
companies (refer to Chapter 3). e practitioner applies a process that is
prescribed by the International Standards on Review Engagements
(ISREs) in order to form an opinion, which conveys only limited
assurance, on the subject matter being reviewed (such as nancial
statements or internal controls). e process to perform an
independent review of nancial information is discussed more fully in
Chapter 16.
Figure 1.3: Audit process link to nancial statements and the auditor’s opinion
1.4.5.3.2 Non-assurance engagements

Practitioners sometimes perform engagements where no opinion is
expressed and consequently no assurance is provided. ese
engagements are sometimes referred to as non-assurance
engagements. Examples are compiling (preparing) nancial
statements, consulting, business advisory services and estate planning
services.
CRITICAL THINKING
What kind of engagement (assurance or non-assurance) is the
preparation of an income tax return by a practitioner?
And expressing an opinion on the fair presentation of a SARS
creditor balance in the Statement of Financial Position?
Preparation of the tax return is a non-assurance engagement,
whereas expressing an opinion on the fair presentation of the
SARS creditor balance is an assurance engagement.
1.4.6 e de nition of an external audit

External auditing is a systematic process of obtaining and considering
evidence and information objectively regarding assertions about
economic actions and events (contained in the auditee’s nancial
statements) to evaluate the degree of correlation between those
assertions and prede ned criteria and to communicate the results in
writing to the users of the nancial statements.16
Some of the elements of this de nition are elaborated on below:

• Systematic process
An audit entails the auditor following an organised and logical
process. is process is referred to as ‘the audit process’ and is
prescribed by the ISAs. Refer to Chapter 11 for more details on this.
• Obtaining and considering evidence and information
e auditor has to gather sufficient and appropriate audit evidence
about management’s assertions on the account balances, classes of
transactions and disclosures in the nancial statements and
consider this evidence to determine the nature of the audit opinion
to be expressed.
• Objectively
‘Objectively’ implies that the auditor has no signi cant personal
interest in or ties with the entity that is being audited. is allows an
objective, professional approach to the work to be performed and to
formulating the opinion to be expressed.
• Evidence regarding the assertions about economic actions and
events
e auditor has to obtain sufficient appropriate audit evidence about
the assertions that management made in the nancial statements
(refer to 1.3.3 in this chapter) to ensure that these assertions are free
from material misstatement (whether due to fraud or error). is is
achieved by performing audit procedures. Using Ntsimbi Piping’s
PPE as an example, the applicable assertions are valuation and
allocation, existence, completeness and rights. (e presentation
and disclosure assertions have been omitted in this example.) e
auditor has to evaluate whether he or she has gathered sufficient
appropriate audit evidence to ensure that R43,169,987 of PPE
actually exist (to support the existence assertion) as at 31 December
20X1, that the appropriate carrying amount of the PPE is actually
R43,169,987 (to support the valuation assertion), that all the PPE
have been included in the R43,169,987 shown on the Statement of
Financial Position (to support the completeness assertion) and that
Ntsimbi Piping has the right of use of the PPE (to support the rights
assertion).
• Evaluate correlation [of assertions] with prede ned criteria
e auditor has to evaluate whether the nancial statements comply
with predetermined criteria. An example of the predetermined
criteria for nancial statements is the IFRS. e auditor has to ensure
that, for instance, the PPE as recognised, measured, presented and
disclosed in the nancial statements is consistent with the IFRS
requirements relating to property, plant and equipment (as
contained in IAS 16 on Property, Plant and Equipment).
• Communicate results
e auditor has to communicate the results of the audit process. e
results are reported, in writing, in the auditor’s report (refer to page 2
of the nancial statements of Ntsimbi Piping). e ISAs prescribe
various types of auditor’s reports to be issued in various
circumstances. ese are discussed in Chapter 15.
• To users
e users of the nancial statements are any stakeholders that would
use the auditor’s report, and may include the shareholders,
employees, investors and providers of debt nance. For audits of
South African companies, the users speci cally identi ed in the
auditor’s report are the company’s shareholders.
1.4.7 Auditing postulates

To postulate is de ned by the Webster online dictionary as:
To assume or claim as true, existent, or necessary.17

Mautz and Sharaf documented the auditing postulates in the
Philosophy of Auditing, which was published by the American
Accounting Association in 1961. ese postulates provide the outline for
the theory of auditing. ey also form the basis of the IFAC
International Code of Ethics for Professional Accountants, which was
adopted (with a few modi cations) by e South African Institute of
Chartered Accountants and in part by the Independent Regulatory
Board for Auditors in South Africa. (ese bodies are discussed in
section 1.6 of this chapter, whereas the codes of professional conduct
are discussed in Chapter 2). e postulates (‘assumed truths’) can be
summarised as follows:
• Truth and fairness
• Financial statements and nancial data are veri able.
• is postulate refers to the fact that it is possible to verify the
client’s nancial statements. is is necessary to make it
possible to perform an audit, as the auditor veri es whether
the nancial statements are true and fair or not.
• e nancial statements and other information submitted for
veri cation are free from collusive and other irregularities.
• When starting the audit, the auditor can assume that
management has taken the necessary steps to ensure that
there has been no deliberate attempt to misstate the nancial
statements.
• Consistent application of generally accepted accounting
principles results in the fair presentation of nancial position and
the results of operations.
• is assumes that if the client applies one of the nancial
accounting frameworks (e.g. IFRS), fair nancial presentation
will occur.
• In the absence of clear evidence to the contrary, what has held
true in the past for the enterprise under examination will hold
true in the future.
• If no evidence is found to the contrary, the auditor assumes
that the integrity of the management of the company will stay
the same in future years.
• Independence
• ere is no con ict of interest between the auditors and the
management of the enterprise under audit.
• is assumes that the management of the company and the
auditor of the company share the same goal, namely that the
nancial statements provide a fair presentation.
• e professional status of the independent auditor imposes
commensurate professional obligations.
• e professional status of the auditor brings the responsibility
of professional behaviour, professional competence and due
care, objectivity, con dentiality and integrity. is also
assumes that he or she has the knowledge and capabilities to
perform the audit.
• When examining nancial data for the purpose of expressing an
independent opinion thereon, the auditors act exclusively in the
capacity of auditor.
• In order for the audit opinion to be reliable, the auditor needs
to be, and be seen to be, objective. e focus of the auditor
should be to express an opinion on the nancial statements
and not on other services he or she can provide to the audit
client.18
1.4.8 Types of auditors

1.4.8.1 External auditor
is type of auditor works for an external auditing rm and is not an
employee of the entity under audit. ese auditors express an
independent opinion on the fair presentation of the nancial
statements of the auditee. e external audit therefore provides third
parties with assurance about the auditee’s nancial statements. is
increases the level of con dence of third-party users in the reliability of
the nancial statements, and increases their willingness to use them as
a basis for taking economic decisions.
Refer to Chapter 3 for the Companies Act requirements relating to
external auditors.
1.4.8.2 Internal auditor

e internal auditor is an employee (or outsourced provider) who
provides to the employer independent, objective assurance and
consulting services designed to add value to and improve the
employer’s operations. is assists the management of an organisation
to accomplish its objectives by bringing a systematic, disciplined
approach to evaluate and improve the effectiveness of risk
management, internal control and governance processes. It includes a
review of the adequacy and effectiveness of the internal controls of the
organisation. To ensure the independence of the internal auditor, the
internal audit department reports to the audit committee, which
comprises exclusively independent non-executive directors.19
1.4.8.3 Government auditor

e government auditor is an auditor who objectively performs
investigations of local and national government departments and issues
reports to the government. ese audits aim to increase the con dence
of stakeholders (including the public) in government departments’
functioning and reporting. e government auditor in South Africa is
called the Auditor-General.
1.4.8.4 Forensic auditor

e forensic auditor performs an independent investigation into fraud
or fraudulent activities. On completion of the engagement, the forensic
auditor usually issues a report to the party that appointed him or her
and this report is often used in a court of law.
1.5 What are examples of major

corporate accounting scandals
in recent years?
A corporate accounting scandal usually involves unethical behaviour by
people relating to a company’s nancial statements. A few examples of
well-known recent international and local corporate accounting
scandals are summarised below.
1.5.1 International corporate accounting

scandals
Enron
Why is the Enron scandal important?
• Enron was one of the largest energy companies in the USA, and at
one time was the seventh-largest Fortune 500 Company and the
sixth-largest energy company in the world.
• Enron was considered to be one of the top ten admired companies in
the USA and one of the most desired places to work for.
• At the time the Enron scandal occurred, it was one of the largest
bankruptcies in the history of the USA. Shareholders lost nearly $11
billion when the share price plummeted from a high of $90 to $1 by
the end of November 2001. Nearly 5 600 Enron employees lost their
jobs.
• e Enron employees suffered signi cant losses, as about 63% of
their assets were held in Enron shares.
• e Enron directors, including Kenneth Lay, Jeffery Skilling and
Andrew Fastow, earned enormous sums of money from salaries and
share options. Many believe that this was done at the expense of
other employees and investors.
• Few people foresaw the collapse. A week before the Enron collapse,
share analysts rated the share as a share to consider investing in.
What went wrong at Enron?

• e Enron management team did not comply with some of the
cornerstones of sound corporate governance practices, namely
transparency and accountability.
• e Enron executive management employed special purpose
entities, accounting loopholes and poor nancial reporting practices
to hide billions of dollars of debt from failed projects (i.e., the debt
was housed in special purpose entities which were not re ected in
the consolidated nancial statements).
• e executive management misled the audit committee,
shareholders and other stakeholders with these fraudulent
accounting practices.
• ey also pressured the auditing rm responsible for the external
audit of Enron, Arthur Andersen, to overlook these inappropriate
accounting issues.
How was the fraud discovered at Enron?

• On 15 August 2001, Sherron Watkins, the vice president for corporate
development at Enron, wrote a letter to Kenneth Lay, the chief
executive officer (CEO) of Enron. In the letter, she expressed her
concerns about Enron’s accounting practices utilised in preparing
• On 16 October 2001, Enron announced that restatements of the
nancial statements for the 1997 to 2000 nancial years were
necessary to correct inappropriate accounting practices. e
restatements reduced the earnings of Enron by $613 million,
increased liabilities by $628 million and reduced equity by
$1,2 billion.
• On 22 October 2001, the Securities and Exchange Commission (SEC)
in the USA began an investigation into the accounting practices of
Enron.
• On 2 December 2001, Enron Corporation applied for bankruptcy.
• A number of Enron executives were subsequently found guilty on a
variety of charges and were sentenced to imprisonment.
What did the auditing rm (Arthur Andersen) do?

• Arthur Andersen had con icts of interest with Enron because the
rm received excessive consulting fees from Enron, creating threats
to its independence as Enron’s external auditor. During 2000, Arthur
Andersen earned $25 million in audit fees and $27 million in
consulting fees from Enron. is also represented 27% of the audit
fees for public clients of Arthur Andersen’s Houston office.
• Many of Andersen and Enron’s management went on annual golf
holidays together, accompanied each other to ski outings and lunch,
and played games against each other, which clearly could in uence
the perceived independence of Andersen. is resulted in the
following:
• Arthur Andersen accepting Enron’s accounting policies and the
deferral of the recognition of expenses from special purpose
entities in the group.
• e lead audit partner assigned to the Enron audit knew of the
irregularities that existed at Enron and brought it to the attention
of Arthur Andersen’s professional standards board, yet decided
not to qualify the auditor’s report.
On 12 October 2001, Arthur Andersen’s partner in charge of the
• Enron audit informed the audit managers to comply with the
Andersen’s document retention policy by only keeping
documentation for a certain period. is partner felt that if
documents were destroyed in the course of normal business policy
and litigation was led the next day, then it could be argued that the
policy had been followed. He observed
the audit team members shredding documents and deleting
computer les related to the Enron audit.
On 29 November 2001, the SEC started investigating Arthur
Andersen.
• On 31 August 2002, Arthur Andersen voluntarily surrendered its
licences to practise as Certi ed Public Accountants (the equivalent
of the Registered Auditor quali cation in South Africa), after being
found guilty of criminal charges relating to the rm’s audit of Enron.
e verdict was later overturned by the Supreme Court, but the
damage done to Andersen’s reputation made it difficult for it to
return as a viable business. Today, Arthur Andersen no longer
exists.20
WorldCom
Why is the WorldCom scandal important?
• WorldCom was the second-largest long-distance
telecommunications and data-services provider company in the
USA.
• WorldCom was once the fth most widely held company in the USA
and was rated rst for the best return to shareholders over a ten-year
period.
• Scott Sullivan, the CFO of WorldCom, was once the highest-paid
CFO in the USA and was well regarded by Wall Street. In the late
1990s, he received the CFO Excellence Award from the CFO
Magazine for work done in regard to mergers and acquisitions.
• WorldCom made corporate history when it acquired MCI, a
company three times its own size. e acquisition was nanced by
debt.
e WorldCom bankruptcy was the largest bankruptcy in the history
• of the USA at the time (21 July 2002). It was twice as large as Enron’s
record-setting bankruptcy led in December 2001.
What went wrong at WorldCom?

Abuse of power 1: Company loans granted to CEO
• e CEO of WorldCom, Bernard Ebbers, owned WorldCom shares
and became wealthy because of the rising share price of WorldCom
shares.
• In 2000, the telecommunications industry experienced losses and
WorldCom’s share price began to drop.
• Bernard Ebbers nanced personal investments in farms and
plantations with loans secured by his WorldCom shares. When the
loan balances exceeded the value of the security provided (in the
form of WorldCom shares) because of the drop in the share price, the
banks forced Ebbers to pay back the loans.
• Bernard Ebbers convinced the board of directors to provide him with
loans and guarantees in excess of $400 million to cover these loans.
ese loans were provided to Ebbers at a very low interest rate.
Abuse of power 2: Inappropriate accounting practices

Under the direction of Bernard Ebbers, Scott Sullivan (CFO) and senior
accounting staff used fraudulent accounting practices to conceal
WorldCom’s declining earnings in order to stabilise or increase the
share price. Simplistically, the fraudulent accounting practices involved
the classi cation of expenses in the amount of $3,8 billion as capital
expenditures (assets) contrary to the requirements of Generally
Accepted Accounting Principles (GAAP). is concealed WorldCom’s
losses because capital expenditures reduce pro t (in the form of
depreciation/amortisation) over a long period of time, whereas
expenses must be deducted from pro ts in the period when incurred.
How was the fraud discovered at WorldCom?

In 2002, the WorldCom internal audit division received an anonymous
tip-off about the fraud. A small team of WorldCom internal auditors
worked together, often at night and in secret, to investigate. ey
discovered $3,8 billion worth of fraud.
• WorldCom’s audit committee and board of directors were noti ed of
the fraud.
• Scott Sullivan (CFO) was red and David Myers, the comptroller
(chief accountant), resigned.
• Arthur Andersen withdrew its audit opinion expressed on the 2001
nancial statements.
• e SEC launched an investigation into these matters on 26 June
2002.
• On 21 July 2002, WorldCom applied for bankruptcy. By the end of
2003, it was estimated that the company’s total assets had been
in ated by around $11 billion.
What were the effects of the WorldCom scandal?

• e WorldCom scandal had the following effects:
• WorldCom shares become worthless.
• Lenders suffered losses on their loans.
• Some 17 000 employees lost their jobs at WorldCom.
• Bernard Ebbers and other WorldCom directors and accounting
officers were arrested for accounting manipulations. On 15 March
2005, Ebbers was found guilty of fraud, conspiracy and submitting
false documents to the regulators. He was sentenced to 25 years’
imprisonment. e other former WorldCom officials were ned with
criminal penalties for the nancial misstatements.
What went wrong with the WorldCom audit?

e external auditor of WorldCom was also Arthur Andersen. e SEC
in their investigations found that there were the following aws in the
way Arthur Andersen conducted the audit:
• e audit focused on identifying risks and assessing whether
adequate internal controls were in place to address these risks.
Arthur Andersen, however, failed to identify signi cant risks and
relied too heavily on the company’s controls, without establishing
whether they were reliable.
e WorldCom accounting personnel processed huge round gure
•
journal entries and reversals of entries without any supporting
documentation. In performing their audit, Arthur Andersen relied
heavily on WorldCom’s senior management for explanations of these
entries.
• Arthur Andersen conducted analytical procedures and found only
small variances in the nancial statements, while the business
environment was highly volatile. As a result, Arthur Andersen
conducted very limited audit procedures in the area where
accounting irregularities existed.
• e WorldCom personnel also refused Arthur Andersen access to
certain accounting information or senior management altered
certain information before it was provided to Andersen. ese
limitations were never reported to the audit committee.21
Parmalat
Why is the Parmalat scandal important?
• In the wake of the Enron and WorldCom scandals, Europe’s CFOs
insisted that a nancial statement fraud of this magnitude could not
occur in Europe.
• Parmalat was the largest Italian food company and the fourth-largest
food company in Europe.
• When it occurred, Parmalat was the largest bankruptcy case in
European history, representing 1.5% of Italy’s gross national product
– proportionally larger than the ratio of the combined Enron and
WorldCom bankruptcies to the US gross national product.
What went wrong at Parmalat?

• In 1997, Parmalat nanced several acquisitions using debt. Parmalat
borrowed money from global banks and justi ed those loans by
in ating revenues through ctitious sales to retailers.
• By 2001, many of the new acquisitions showed losses and the
company nancing shifted to the use of derivatives.
• Parmalat’s top management, an outside lawyer and two auditors
from Grant ornton in Italy, Mr Penca and Mr Bianchi, designed an
illegal vehicle to hide Parmalat’s debt and thereby transferred debt to
offshore shell companies.
• A ctitious supplier in Singapore was created and supposedly
supplied 300 000 tons of milk powder to Bonlat, a Cayman Island
subsidiary of Parmalat.
• Fictitious assets of $4,9 billion were shown on the nancial
statements of Parmalat as being held at the Bank of America in the
Cayman Islands, while no such bank account in fact existed.
How was the fraud discovered at Parmalat?

• In February 2003, the then CFO of Parmalat, Fausto Tonna,
announced a new bond issue of €500 million. is came as a surprise
to the markets and the CEO, Calisto Tanzi. Tonna was forced to
resign and was replaced by Alberto Ferraris. Ferraris was surprised
that he did not have access to some of Parmalat’s accounting
records. He got suspicious and started an enquiry as he suspected
that the company’s debt amounted to more than double that showed
on the company’s nancial statements. e plans for the funding
were dropped in September 2003 and company’s shares depreciated
signi cantly after publicly raised concerns about certain
transactions.
• ere was a change in Italian legislation requiring companies to
rotate auditing rms every nine years. Deloitte & Touche replaced
Grant ornton as auditors.
• Deloitte & Touche inquired about the Cayman Island bank account
in December 2002. In March 2003, the auditing rm received a letter
on a Bank of America letterhead con rming the existence of the
account. e letter was later found to be a forgery by someone in
Parmalat’s head office.
• On 19 December 2003, the Bank of America con rmed that the bank
con rmation was a forgery.
• On 20 December 2003, the Italian Prime Minister, Silvio Berlusconi,
started a fraud investigation.
What happened to Parmalat?

• On 24 December 2003, Parmalat led for bankruptcy.
• During the bankruptcy investigations in 2004, Parmalat’s debts were
reported to be €14,3 billion, eight times what the company had
admitted. After initial denials, Luca Sala, Bank of America’s former
chief of corporate nances in Italy, admitted to participating in a
kickback scheme with Parmalat. In October 2004 Parmalat’s
creditors sued the former bankers, Bank of America Citigroup, and
former auditors, Deloitte & Touche and Grant ornton, for $10
billion in damages each.
• Two years after the accounting scandal, in 2005, Parmalat was ready
to return with a streamlined global structure, a focus on core brands
and a range of new products on supermarket shelves. Tighter
internal controls were introduced.
• e founder and former CEO of Parmalat was sentenced to eight
years’ imprisonment and was ordered with the other convicted
managers of Parmalat to pay €2 billion to the new Parmalat.
What went wrong with the Parmalat audit?

• Grant ornton served as the external auditors for Parmalat
Finanziaria Spa, the parent company of the Parmalat group, from
1990 to 1998. is was a long time and gave rise to the following:
• Contrary to the spirit of the law, Grant ornton, through Mr Penca
and Mr Bianchi, remained the auditors of the Cayman Island-based
Bonlat Financing Corporation (‘Bonlat’), a wholly owned subsidiary
of Parmalat. e ctitious Bank of America account was held in this
subsidiary. Grant ornton established Bonlat and it is alleged that
the Grant ornton partners knew about the fraud and were
concerned about Deloitte & Touche taking over the external audit.
• Mr Penca and Mr Bianchi, the two Grant ornton partners, assisted
Parmalat’s management in setting up ctitious companies and
structuring fake transactions. ey were later arrested for fraud.
Deloitte & Touche, responsible for the audit of the Parmalat parent
company, was accused of not performing sufficient audit procedures
earlier and agreed to pay Parmalat compensation amounting to $149
million.22
1.5.2 South African corporate accounting
scandals
Steinhoff International Holdings N.V. (Steinhoff)
Why is the Steinhoff scandal important?23
• Steinhoff is the holding company of a furniture and household goods
group and operates in Europe, Africa, Asia and the United States.
Steinhoff was originally founded in Germany and later acquired 35%
of the South African based company Gomma-Gomma, after which it
moved its headquarters to South Africa. It listed on the
Johannesburg Stock Exchange (JSE). In December 2015, Steinhoff
International moved its primary listing to the Frankfurt Stock
exchange, but remained dual listed on the JSE. e group founded a
new Dutch holding company based in Amsterdam. e group
seemingly went from strength to strength. Market analysts
encouraged investors to invest in the group.
• Shares in Steinhoff International have lost over 85% of their value
since the announcement of the scandal described below. Investors
lost billions of rands as the market capitalisation of the company
decreased from R200bn at the start of December 2017 to R20bn on 5
December 2017. Many South African civil servants, whose pensions
were invested in Steinhoff, have lost billions of rands. Ahead of the
crisis, Steinhoff was one of the 15 largest companies listed on the
JSE. 24
What went wrong at Steinhoff?

Allegations against Steinhoff suggest that it used off-balance-sheet
vehicles to in ate accounting earnings. ese allegations include the
following:25
• Steinhoff issued loans for the purchase of loss-making subsidiaries.
ey recognised interest revenue on these loans as part of income
from subsidiaries.
• Loans were issued to companies in which current and previous
board members of Steinhoff had interests and these were not
accounted for as related party transactions.
• Two loss-making subsidiaries, JD Consumer Finance and Cap n,
were moved to off-balance-sheet entities. Steinhoff recently only
purchased the pro table portions of these two companies to enable
them to recognise revenue and keep the non-performing loans off
It should be noted that at the time of writing, these allegations have not
yet been proven – as the forensic investigation (undertaken by PwC) is
still in progress. However, what is known is that there are material
misstatements in the 2015 and 2016 annual nancial statements, as the
company has publicly announced that these can ‘no longer be relied
upon’. 26
How was the fraud discovered at Steinhoff?27

• In 2015, German authorities launched an investigation into possible
accounting fraud. Rumours of accounting fraud and nancial
irregularities had been made for years, but many investors dismissed
these allegations. An article published in August 2017 by Manager, a
German magazine, suggested that CEO Markus Jooste, amongst
others, was suspected of nancial irregularities. In reaction to this
article the directors issued a statement that they were con dent that
they would be able to defend the actions successfully.
• e Steinhoff auditors, Deloitte, raised issues in September 2017 for
management to resolve.
On 5 December 2017, con rmation of accounting irregularities was
received by Steve Booysen, the chairman of the audit committee,
from Marcus Jooste. Deloitte refused to sign off on the 2017 audit.
Steinhoff’s board requested the then CEO Markus Jooste to explain
the accounting entries and cash ows of certain transactions, but he
never arrived and then resigned the same evening, followed by the
resignation of the company’s CFO, Ben la Grange.28
What happened to Steinhoff?

Following the public announcement of the CEO’s resignation, and the
surrounding circumstances, the company’s share price immediately
dropped more than 60% (from a closing price on the JSE of R45,65 on 5
December 2017 to a closing price of R17,61 on 6 December 2017). On 7
December 2017, the credit rating agency Moody’s downgraded
Steinhoff’s credit rating from an investment grade blue-chip share to
junk status. On 8 December 2017, the share plummeted a further 41% to
R5,83 per share: a total plunge of 90% in a few days.
At the time of writing, Steinhoff continues to trade in more than 30
countries.29 But what is evident, is that the company is facing signi cant
liquidity problems, and has had to sell some of its investments (e.g. in
JSE-listed company, PSG) in order to support the group’s liquidity
position.
e professional services rm PWC was also appointed by the board
of directors to undertake an investigation into the accounting
irregularities, and at the time of writing this investigation is still in
progress.
e Financial Services Board further con rmed that it is
investigating cases of possible insider trading in Steinhoff shares
between August 2017 and December 2017.
What did the auditing rm do?

At the time of writing, the Independent Regulatory Board for Auditors
(IRBA) is in the process of reviewing the conduct of Deloitte South
Africa in relation to the audit of Steinhoff’s (and its subsidiaries’)
nancial statements.
e former CEO of Steinhoff, Marcus Jooste, insisted that the audits
of the European operations were conducted by a number of smaller
German and Austrian auditing rms and the European operation’s
gures were then consolidated by Commercial Treuhand, a German
consultant company, a huge responsibility for a rm of its size and
possibly easy to convince to not consolidate some of the operations.30
e Dutch Authority for Financial Markets is also investigating the
Dutch branch of Deloitte in relation to the alleged accounting
irregularities at Steinhoff. is branch of Deloitte audited Steinhoff’s
nancial statements from 2016 onwards and issued unmodi ed audit
opinions on both the 2015 and 2016 nancial statements. After
Steinhoff’s announcement that the 2016 nancial statements need to be
restated, Deloitte withdrew its approval to use their audit opinion.31
Since Steinhoff’s holding company is registered in the Netherlands,
the Dutch law rm BarentsKrans instituted legal proceedings against
Steinhoff and Deloitte on behalf of shareholders of Steinhoff. e legal
proceedings will be conducted in the Netherlands, but Steinhoff’s
shareholders from across the world are eligible to participate.32
1.6 What are the structures of the

accounting and auditing professions?
1.6.1 Professional bodies
A profession can be de ned as an occupation that involves the
attainment and the application of specialised training and education
and which also has a set of strict ethical standards that need to be
complied with.
Each profession has a coordinating body called a professional
body, which performs a number of functions, including the following:
• Sets and assesses professional examinations in order to determine
who may become a member of the professional body;
• Provides support for continuing professional development through
learning opportunities and tools for recording and planning;
• Publishes professional journals or magazines;
• Provides networks for professionals to meet and discuss their eld of
expertise;
• Issues a code of conduct to guide professional and ethical behaviour;
and
• Deals with complaints against professionals and implements
disciplinary procedures.33
CRITICAL THINKING
What professions are you aware of?
Professions include the following:
• Doctors
• Lawyers
• Auditors
• Engineers
• Accountants
• Nurses
1.6.2 International accounting bodies

1.6.2.1 International Federation of Accountants (IFAC)
IFAC is the global organisation for the accountancy profession and its
mission is to serve the public by strengthening the worldwide
accountancy profession and contributing to the development of strong
international economies by:
• Establishing and promoting adherence to high-quality professional
standards;
• Furthering the international convergence of such standards; and
• Speaking out on public interest issues where the profession’s voice is
most relevant.
High-quality international accounting and auditing standards enable

investors and others to compare enterprises in a transparent way and,
therefore, make more informed investing decisions, while also
increasing investor con dence.
is in turn strengthens global markets and trade by:

• Promoting more efficient markets;
• Reducing economic uncertainty;
• Enhancing international nancial stability;
• Strengthening economic growth and development in emerging
economies;
• Increasing foreign direct investment; and
• Promoting the growth and development of small and medium-sized
entities, which are key drivers of economic growth.
IFAC’s standard-setting committees have been established to develop

international standards and guidance and to focus on speci c sectors of
the profession. ese committees include the following:
• International Auditing and Assurance Standards Board (IAASB)
e IAASB is an independent standard-setting body that aims to set
high-quality international standards for auditing, assurance and
related services and facilitates the convergence of international and
national auditing and assurance standards. In doing so, the IAASB
enhances the quality and consistency of audit and assurance
practices throughout the world and strengthens public con dence in
the global auditing and assurance profession.
• International Ethics Standards Board for Accountants (IESBA)
e IESBA sets high-quality ethical standards for professional
accountants and facilitates the convergence of international and
national ethical standards, including auditor independence
requirements, through the development of a robust, internationally
appropriate code of ethics.
• International Accounting Education Standards Board (IAESB)
e IAESB is an independent standard-setting body that serves the
public interest by strengthening the worldwide accountancy
profession through the development and enhancement of
accountancy education, which encompasses professional
knowledge, skills, values, ethics and attitudes. rough its activities
the IAESB enhances education by developing and implementing
International Education Standards, which aims to ensure certain
minimum competence requirements for the global accountancy
profession.34
1.6.2.2 e International Accounting Standards Board

(IASB)
e IASB is the independent standard-setting body of the International
Financial Reporting Standards (IFRS) Foundation. Its members
(currently 15 full-time members) are responsible for the development
and publication of IFRS (including the IFRS for small and medium-
sized enterprises) and for approving Interpretations of IFRS as
developed by the IFRS Interpretations Committee (formerly called the
IFRIC). e IASB believes in transparency in the standard-setting
process. To ensure that this happens, all meetings of the IASB are held
in public and are webcast. In ful lling its standard-setting duties, the
IASB follows a thorough, open and transparent due process of which
the publication of consultative documents, such as discussion papers
and exposure drafts, for public comment is an important component.
e IASB engages closely with stakeholders around the world, including
investors, analysts, regulators, business leaders, accounting standard-
setters and the accountancy profession.35
1.6.3 Structure of the accounting and auditing

professions in South Africa
1.6.3.1 Professional bodies related to the accounting
profession in South Africa
A number of professional accountancy bodies operate in South Africa.
ese include the following:
e South African Institute of Chartered Accountants (SAICA)

• SAICA, established in 1980, is a body registered with IFAC and
protects the interests of its members (i.e. Chartered Accountants
(SA)). SAICA is a non-pro t, voluntary body that provides a wide
range of services to its members and associates. SAICA’s mission is to
serve the interests of the chartered accountancy profession and
society by upholding professional standards and integrity, and the
pre-eminence of South African chartered accountants nationally and
internationally.36
Certi ed Institute of Management Accountants (CIMA)
• CIMA is a United Kingdom-based professional body that offers
training and quali cation in management accountancy and related
subjects, focused on accounting for business. CIMA is the largest
management accounting body in the world. CIMA is also a member
of IFAC. CIMA’s purpose is to develop the management accounting
profession worldwide. CIMA has established a position as a leading
professional body in areas of, among other things, product costing,
budgeting, management accounting, investment appraisal and
business decision making.37
Association of Chartered Certi ed Accountants (ACCA)
• ACCA is the global body for professional accountants offering the
Chartered Certi ed Accountant quali cation. ACCA’s aim is to
provide a professional quali cation in areas of accountancy, nance
and management. ACCA is a member of IFAC.38
South African Institute for Professional Accountants (SAIPA)
• SAIPA was formerly known as the Institute of Certi ed Public
Accountants of South Africa. Members of this body, known as
Professional Accountants (SA), ordinarily perform accounting and
tax work, but may not perform audit engagements. e quali cation
provides valuable services to small- and medium-sized companies,
for example, by making sure that there is proper record keeping and
compliance with legislation (including tax legislation). SAIPA is also
a member of IFAC.39
Institute of Internal Auditors (IIA)
• Established in 1941, the Institute of Internal Auditors (IIA) performs
the following roles for the internal audit profession:
• Acts as the internal audit profession’s global voice;
• Researches and disseminates knowledge concerning internal
auditing and its role in control, risk management, and
governance;
Visit the websites of these bodies to learn more about them.
• Advocates and promotes the value that internal audit

professionals add to their organisations; and
Provides educational and development opportunities to its
• members.
• e professional body’s global membership of more than 180 000
works primarily in internal auditing, risk management, governance,
internal control, information technology audit, education, and
security.40
Southern African Institute of Government Auditors (SAIGA)
• Founded in 1988, this professional body aims to promote and
advance accountability and auditing, not only in the public
(government) sector, but also in the private sector. e Institute
further speci cally administers a public register of its members who
are entitled to the designation ‘Registered Government Auditor
(RGA)’. (e RGA is recognised as the highest quali cation in public
sector auditing in
Southern Africa.) 41
1.6.3.2 Regulator of the auditing profession in South Africa

In South Africa, registration with the Independent Regulatory Board for
Auditors (IRBA) is required to be able to practise as a Registered Auditor
(e.g. to perform external audits of company nancial statements). To
register with the IRBA as a Registered Auditor, one must comply with
the prescribed education, training, competency and continuous
professional development requirements of the IRBA.
e IRBA is the statutory body regulating the auditing profession in
South Africa. e IRBA is established by the Auditing Profession Act 26
of 2005. e mission of the IRBA is to protect the nancial interests of
the South African public and international investors in South Africa
through the effective regulation of audits conducted by Registered
Auditors, and in accordance with internationally recognised standards
and processes.
e IRBA oversees the registration of Registered Auditors in South

Africa and ensures that services are delivered in accordance with the
ISAs and ethical standards. e IRBA:
• Sets and applies the education, training and professional
development requirements for registration as a Registered Auditor;
• Is involved in the setting and maintaining of auditing and ethics
standards, based on international standards;
• Performs inspections of the audit work undertaken by Registered
Auditors in South Africa to ensure that they comply with standards;
and
• Provides procedures for disciplinary processes against Registered
Auditors in respect of improper conduct.42
For questions 1 to 4, select the correct answer:
1. e purpose of accounting records is/are: (More than one option is
possible.) (LO 1)
a) To ensure that records of transactions are kept
b) To ensure an effective nancial management system
c) To ensure that management has evidence of transactions and
balances
d) To ensure that nancial statements can be audited
2. Who is responsible for the nancial statements that are published

by a company? (Only one option is possible.) (LO 1 & 7)
a) e auditors of the company
b) e directors of the company
c) e shareholders of the company
d) e directors and the auditors of the company
3. e setting of auditing standards in South Africa is the

responsibility of the: (LO 13)
a) International Auditing and Assurance Standards Board
b) International Ethics Standards Board for Accountants
c) International Accounting Standards Board
d) Institute of Chartered Accountants
e) Independent Regulatory Board for Auditors
4. IASB is the abbreviation for: (LO 13)

a) Internal Accounting Standards Board
b) Internal Auditing Standards Board
c) International Auditing Standards Board
d) International Accounting Standards Board
5. Describe the assertions contained in the nancial statements. (LO

3)
6. What assertions does management make in relation to sales

revenue? (LO 4)
7. What requirements are prescribed by the Companies Act for

nancial statements prepared and issued by companies in South
Africa? (LO 2)
8. Explain the need for external auditors. (LO 6)
9. What were the driving forces that led to the establishment of

company audits in South Africa? (LO 11)
10. What is the main purpose of an audit? (LO 5 & 6)
11. Explain the difference between assurance and non-assurance

engagements. (LO 10)
12. What types of services can an auditor provide? (LO 10)
13. Explain why an auditor can only provide reasonable assurance and
not absolute assurance. (LO 9)
14. What is the de nition of an audit? (LO 5)

15. What are the postulates of auditing? (LO 12)
16. Name four types of auditors. (LO 10)
17. Discuss one major event that affected the auditing profession (i)
locally and (ii) internationally and give a reason why you think it
affected the auditing profession. (LO 11)
18. What is a profession? (LO 11)
19. List the four major stages in the audit process. (LO 8)
For questions 20 to 24, indicate whether the statement is true or

false:
20. e IRBA is the regulator responsible for the auditing profession in
South Africa. (LO 13)
21. Con icts of interest can occur between the shareholders of a

company and the management of a company. (LO 11)
22. e auditor has to test all the transactions that occurred during a
reporting period of the auditee and thereby provide reasonable
assurance to users. (LO 5)
23. e objective of nancial statements is to provide all information

about the reporting entity. (LO 5 & 9)
24. e external audit can add value by encouraging good corporate

governance in a company. (LO 6)
1 Bacchus, M. [Online]. Available: https://www.ft.com/content/235e3dc2-2c31-11e8-9b4b-

bc4b9f08f381 [Accessed 23 March 2018].
2 Jenkinson, G. [Online]. Available: https://cointelegraph.com/news/no-more-cooked-
blocks-mainstream-auditors-enter-the-fray [Accessed 23 March 2018].
3 IACEW [Online]. Available: http://www.icaew.com/~/media/Files/Technical/Audit-and-
assurance/audit-quality/audit-quality-forum/agency-theory-and-the-role-of-audit.pdf
[Accessed 14 February 2013].
[Online]. Available: http://www.businessdictionary.com/de nition/accounting-
4 records.html#ixzz1yKiqUi7m
5 IACEW. [Online]. Available: http://www.icaew.com/~/media/Files/Technical/Audit-and-
assurance/audit-quality/audit-quality-forum/agency-theory-and-the-role-of-audit.pdf
[Accessed 14 February 2013].
6 IFRS. [Online]. Available: http://www.ifrs.org/Current-Projects/IASB-Projects/Financial-
Statement-Presentation/Phase-B-OCI/IAS-1-Presentation-of-Financial-
Statements/Pages/IAS-1-Presentation-of-Financial-Statements.aspx [Accessed 14 February
2013].
7 A cryptocurrency is a medium of exchange much like the US dollar. Like the US dollar,
cryptocurrency has no intrinsic value in that it is not redeemable for another commodity,
such as gold. Unlike the US dollar, however, cryptocurrency has no physical form, is not legal
tender, and is not currently backed by any government or legal entity.
8 PWC. Accounting for cryptocurrency. [Online]. Available at:
http://pwc.blogs.com/ifrs/2017/11/accounting-for-cryptocurrency.html [Accessed 23
March 2018].
9 [Online]. Available: http://www.oecd.org/corporate/ca/corporategovernanceofstate-
ownedenterprises/37178451.pdf [Accessed 19 February 2013].
10 [Online]. Available:
www.charteredaccountants.com.au.%2F~%2Fmedia%2FFiles%2FStudents%2FEducators%2
Fe%2520role%2520and%2520function%2520of%2520external%2520auditors.ashx&ei=eB
MjUbjTK8yb1AWi3oCwBw&usg=AFQjCNGL86jSGUdvW4M0jB38Ucnn8Z8v5g&sig2=7VmV
OhzWnipJHBNCdzmB_g [Accessed 19 February 2013].
11 SAICA’s guide on the value of an audit, available from SAICA.
12 Arjarquah YK. [Online]. Available:
http://repository.regentghana.net:8080/jspui/bitstream/123456789/86/1/yaw%20takyi%20a
rjarquah.pdf [Accessed 21 February 2013].
13 Verhoef G. Economic integration through knowledge integration. e impact of IFRS on the
globalisation of accounting rms and corporate business in South Africa. [Online].
Available: http://apebh2012. les.wordpress.com/2011/05/verhoef-economic-integration-
through-knowledge-integration.pdf [Accessed 3 September 2012]. SAICA, SAICA History.
[Online]. Available: https://www.saica.co.za/About/SAICAHistory/tabid/70/language/en-
ZA/Default.aspx [Accessed 3 September 2012]. Hoosain, K. 2006. Accountancy SA. [Online].
Available: http://www.accountancysa.org.za/resources/ShowItemArticle.asp?
Article=e+end+marks+the+beginning&ArticleId=784&Issue=543 [Accessed 3 September
2012].
14 Institute of Chartered Accountants in Australia. [Online]. Available:
www.charteredaccountants.com.au%2F~%2Fmedia%2FFiles%2FStudents%2FEducators%2
Fe%2520role%2520and%2520function%2520of%2520external%2520auditors.ashx&ei=Fx
wnUfOVD8a_0QWKtYD4Ag&usg=AFQjCNGL86jSGUdvW4M0jB38Ucnn8Z8v5g&sig2=Ww6
MneRZr8MaIMMrLkZErg [Accessed 22 February 2013].
15 SAICA Handbook, International Framework for Assurance Engagements, LexisNexis,
Framework: 1–16.
16 [Online]. Available: http://www.accountingconcern.com/accounting-dictionary/auditing/
17 By permission. From Merriam-Webster.com (c) 2018 by Merriam-Webster, Inc. Merriam-
Webster dictionary. [Online]. Available: http://www.merriam-
webster.com/dictionary/postulate [Accessed June 2018].
18 What is auditing? [Online]. Available:
http://www.goldsmithibs.com/freedownloads/Auditing/WhatisAuditing.pdf [Accessed May
2012].
19 Institute of Internal Audit. [Online]. Available: http://www.iiasa.org.za/about-us/about-the-
profession/role-of-internal-audit.html [Accessed 28 February 2013].
20 [Online]. Available: http://writ.news. ndlaw.com/aronson/20020124.html,
http://faculty.mckendree.edu/scholars/2004/stinson.htm,
http://www.sec.gov/rules/proposed/s71903/rwisethesis.pdf; Brennan, D.M. 2003. Enron
and Failed Futures: Policy and Corporate Governance in the Wake of Enron’s Collapse,
Social text 77, Vol 21 nr 4: 35–50. [Online]. Available: http://muse.jhu.edu/login?
auth=0&type=summary&url=/journals/social_text/v021/21.4brennan.html [Accessed 10
September 2012]; SSRN. [Online]. Available: http://papers.ssrn.com/sol3/papers.cfm?
abstract_id=303181; Accountancy SA. [Online]. Available:
http://www.accountancysa.org.za/archives/2004/2004Apr/features/02_Ethics.htm
[Accessed April 2012]; Chicago Tribune, Ties to Enron blinded Andersen, 2002. [Online].
Available: http://www.chicagotribune.com/news/chi-0209030210sep03,0,7490166.stor
[Accessed 11 September 2012].
21 SEC. [Online]. Available: ethics/dialogue/candc/cases/worldcom-update.html [Accessed 12
April 2012]; [Online]. Available:
http://www.sec.gov/rules/proposed/s71903/rwisethesis.pdf,
http://www.scu.edu/ethics/dialogue/candc/cases/worldcom-update.html; University of
Mexico, 2011, WorldCom’s bankruptcy crises. 22[Online]. Available:
http://danielsethics.mgt.unm.edu/pdf/WorldCom%20Case.pdf [Accessed 10 September
2012].
22 WSWS. [Online]. Available: http://www.wsws.org/articles/2004/jan2004/parm-j06.shtml;
Larouchepub. [Online]. Available:
http://www.larouchepub.com/other/2004/3102parmalat_invest.html [Accessed April 2012];
Ferrarini, G., Giudici, P. Financial scandals and the role of private enforcement: e
Parmalat case. [Online]. Available:
http://web.efzg.hr/dok/pra/hhorak/Ferrarini,Guidici%20e%20Parmalat%20case.pdf
[Accessed 10 September 2012]; WSWS. [Online]. Available:
http://www.wsws.org/articles/2004/jan2004/parm-j06.shtml; Larouchepub. [Online].
Available: http://www.larouchepub.com/other/2004/3102parmalat_invest.html [Accessed
April 2012].
23 Cronje, J. [Online]. Available: https://www. n24.com/Companies/Retail/a-steinhoff-guide-
for-dummies-20171208 [Accessed May 2018].
24 Cowan, K & Crotty A. [Online]. Available:
https://www.businesslive.co.za/rdm/business/2017-12-08-how-did-markus-jooste-lose-
his-billions/
25 Viceroy Research. [Online]. Available:
https://viceroyresearch. les.wordpress.com/2017/12/steinhoff-article-viceroy2.pdf
[Accessed March 2018].
Business Report. [Online]. Available: https://www.iol.co.za/business-report/steinhoff-says-
26
will-have-to-restate-2015- nancial-statements-12607365 [Accessed May 2018].
27 Daehee & Co. [Online]. Available: https://daehee.com/steinhoff-scandal [Accessed March
2018].
28 Ensor, L. [Online] Available: https://www.businesslive.co.za/bd/companies/retail-and-
consumer/2018-01-31-steinhoff-director-spills-the-beans-about-accounting-irregularities-
and-joostes-disappearing-act/ [Accessed March 2018].
29 Steinhoff Quarterly update. [Online]. Available:
http://www.steinhoffinternational.com/downloads/2018/latest-
results/Steinhoff%20trading%20update%20Q1%202018.pdf [Accessed March 2018].
30 Hogg, A. [Online] Available: https://www.biznews.com/undictated/2018/03/01/deloitte-sa-
steinhoff-worms-german-auditors [Accessed May 2018].
31 Ensor L. [Online]. Available: https://www.businesslive.co.za/bd/world/2017-12-22-dutch-
nancial-authority-to-investigate-deloittes-audits-of-steinhoff [Accessed March 2018].
32 AccountancyAge. [Online]. Available:
https://www.accountancyage.com/2018/02/02/shareholders-bring-lawsuit-against-
steinhoff-and-deloitte [Accessed March 2018].
33 Total professions. [Online]. Available: http://www.totalprofessions.com/more-about-
professions/role-of-professional-bodies [Accessed April 2012].
34 IFAC. [Online]. Available: http://www.ifac.org [Accessed May 2012].
35 IFRS. [Online]. Available: http://www.ifrs.org/e+organisation/IASCF+and+IASB.htm
[Accessed May 2012].
36 SAICA. [Online]. Available: https://www.saica.co.za [Accessed April 2012].
37 CIMA. [Online]. Available: http://www.cimaglobal.com [Accessed 7 March 2013].
38 CIMA. [Online]. Available: http://www.cimaglobal.com [Accessed 7 March 2013].
39 SAIPA. [Online]. Available: http://www.saipa.co.za [Accessed 7 March 2013].
40 IIA. [Online]. Available: https://na.theiia.org/about-us/Pages/About-e-Institute-of-
Internal-Auditors.aspx [Accessed 25 January 2014].
41 SAIGA. [Online]. Available: http://www.saiga.co.za/mission.htm [Accessed 25 January
2014].
42 IRBA. [Online]. Available: http://www.irba.co.za [Accessed April 2012].
Ethics CHAPTER 2
Henriëtte Scholtz
CHAPTER CONTENTS
Learning outcomes
Reference list
2.3 What are the ethical codes and rules applicable to external auditors in South
Africa?
2.4 What constitutes prohibited actions for the external auditor?
2.5 How do the SAICA and IRBA disciplinary processes work?
2.6 What is the content of the SAICA and IRBA Codes of Professional Conduct?
LEARNING OUTCOMES
1. Explain what ethics are and why professions have codes of ethics.
2. Explain where in the audit process ethical requirements are considered.
3. Contrast the principles-based approach to ethics with a rules-based approach.
4. Explain which ethical codes and rules are applicable to Registered Auditors in South
Africa and what constitutes prohibited actions.
5. Brie y outline the disciplinary processes of the IRBA and SAICA.
6. Describe and apply the conceptual approach to ethics adopted in the
IFAC/SAICA/IRBA Codes of Professional Conduct.
7. Describe the guidance contained in the Codes of Professional Conduct and apply
this to practical situations.
8. Describe what constitutes improper conduct in terms of the IRBA’s Rules Regarding
Improper Conduct and apply these Rules to practical situations.
REFERENCE LIST
South African Institute of Chartered Accountants (2018) (Revised) Code of Professional

Conduct for Chartered Accountants.
South African Institute of Chartered Accountants (Sept 2016) By-law 34 Punishable
Offences.
Independent Regulatory Board for Auditors (IRBA) (2018) (Revised) Rules Regarding
Improper Conduct and Code of Professional Conduct for Registered Auditors.
International Ethics Standards Board for Accountants (IFAC) (April 2018) (Revised)
International Code of Ethics for Professional Accountants including International
Independence Standards).
IN THE NEWS
EY ned $9m for improper auditor relationships
The U.S. Securities and Exchange Commission (SEC) said one member of the audit
team maintained an ‘improperly close’ friendship with the CFO of a New York-based
public company. The relationship between the audit member and the CEO
comprised personal emails, voice and text messages, sport events tickets and
gifts. On another audit, a member of the engagement team auditing the rm had a
romantic relationship with the chief accounting of cer of the company being
audited. The supervisor on the audit ‘became aware of facts suggesting the
improper relationship yet failed to perform a reasonable inquiry or raise concerns
internally.’ SEC rules forbid auditors from misrepresenting they are independent.
‘The individuals at the centre of these matters violated multiple EY policies, hid
their conduct and behaved in a way that was antithetical to EY’s Global Code of
Conduct, culture, values, policies, and training.’1
Registration of KPMG auditors at risk over Gupta audit
The KPMG partners, responsible for the audit of Gupta-owned Linkway Trading
(‘Linkway’) risk losing their designation as registered auditors if an investigation by
the profession’s regulator nds improper conduct on their part. The Independent
Regulatory Board for Auditors may, in terms of the Auditing Profession Act and
following a disciplinary hearing, impose a warning, or ne, or cancel an audit
practitioner’s registration where improper conduct is found. The board is now
investigating KPMG’s 2014 audit of Linkway, which paid for the R30m Gupta
wedding at Sun City in 2013, using money meant to develop Free State farmers.
The amaBhungane Centre for Investigative Journalism, reported that leaked Gupta
emails revealed how money from the Free State provincial government had owed
via the Estina company to the Gupta-owned company Accurate Investments in Dubai
and then on to Linkway.2 Linkway, supposedly a project management company in the
Gupta-owned Oakbay Group, used the money to pay for a Gupta family wedding. By
classifying it as a business expense, it paid no tax on the income. KPMG, which
resigned as Oakbay auditor in April 2016, said it was standard procedure for
entities such as Linkway to ‘receive and disburse funds against a speci c event’.
KPMG said it was not auditors of any offshore entities and therefore could not
comment on the ow of funds from the Free State dairy project. ‘We have acted with
integrity in our dealing with the Oakbay Group’, Moses Kgosana, previous CEO at
KPMG commented. Yet, during the time of the audit of Linkway he attended the
Gupta wedding and has since elected to withdraw as future chairman of Alexander
Forbes. Kgosana, who served on the company’s board for two years, was due to
become chairman of Alexander Forbes on 31 August 2017. He felt that time spent
dealing with these allegations would compromise what he was able to deliver as
chairman. The South African Institute of Chartered Accountants (SAICA) said it
would await the outcome of the audit regulator’s investigation before deciding
whether to take any disciplinary action in terms of its own code of conduct.2
Inside IRBA’s Deloitte disciplinary hearings
A lot is at stake for the Independent Regulatory Board for Auditors (IRBA), as the
audit regulator is leading the disciplinary hearing of Deloitte – the biggest case it
has handled since its 2006 inception. The disciplinary hearing could either entrench
perceptions that the IRBA has neither bark nor bite at a time when audit rms are
caught in accounting scandals, or prove sceptics wrong. The IRBA charge sheet
against two senior executives of Deloitte contains ten charges of misconduct. In
these hearings Deloitte have to explain why unquali ed auditor’s reports were
issued and why questions were not raised about the going concern status of African
Bank, and its then-parent company African Bank Investments Limited (Abil).
According to the IRBA, African Bank failed to comply with the international
accounting standards on the recognition of nancial instruments. The audited
nancial statements of African Bank for the year ended September 2014 showed a
restatement relating to differences between impairment models and the impairment
provisions recognised in the 2013 nancial statements. The impact of this
restatement on September 2013 was a R656 million downward adjustment of
African Bank’s income pre-tax. African bank’s management at the time identi ed
loan collection initiatives that could collect but Deloitte’s Jordan allegedly accepted
this without considering its validity. Jordan faces charges relating to African Bank’s
misstatement of loan impairments, which resulted in impairments that were
understated by R1.1 billion.3
Reserve Bank continues to meet with KPMG following VBS scandal
Since VBS was placed into curatorship and its nancial records investigated it has
emerged that some R900 million of its supposed deposits could not be traced.
There is seems to be extensive evidence that the VBS nancial statements –
signed off by its auditors – were in a terrible state, possibly a case of the auditors
not applying suf cient professional competence and due care while performing the
audit. It turned out that VBS had accidentally paid that money out ‘due to internal
control failures in a branch’. There had been ‘inept risk management functions and
practices’ the Reserve Bank said.4 The Reserve Bank says its interest in KPMG
stems from a public policy perspective arising from its mandate to ensure the
soundness and stability of South Africa’s nancial system. In a statement, the
Reserve Bank said: ‘Auditors play an important role in fostering market con dence
in the nancial statements of nancial institutions. The robustness and integrity of
audits depend to a large extent on the strength of governance and the depth of an
ethical culture within a nancial institution. These are issues that we monitor
constantly.’5

Ethics can be de ned as a set of principles of right conduct and a theory or a system of
moral values such as not to steal, not to commit fraud and not to murder. e word ‘ethics’
is derived from the Greek word ‘ethos’, which means custom, habit or character.
A general assumption about being ethical is that it is linked to how a person feels about
something (i.e. does it feel right or wrong?). But being ethical is not just about following
someone’s feelings. Feelings often differ from what is ethical or morally correct. What is
ethical for one person may not be ethical for the next. For example, someone may feel that
it is unethical to use poison on plants, as it can harm birds and insects, while for the next
person it will not be unethical to use the poison.
Being ethical is also not just about following regulations. Regulations often incorporate
ethical standards, but regulations can sometimes deviate from what is ethical. An example
of something that might be legal but unethical is companies in certain countries using
child labour to manufacture goods. is may not be illegal in these countries, but many
would consider this to be unethical in terms of their value systems.
e difference between morality and ethics is that morality de nes personal character
and is the differentiation of intentions, decisions, and actions between those that are ‘good’
(or right) and those that are ‘bad’ (or wrong), whereas ethics refer to the social system in
which these morals are applied. Ethics are therefore the rules of conduct recognised for a
particular class of human actions or a particular group or culture that is expected from the
society in which the individual lives.6

2.2.1 Background to codes of ethics of professions
One of the distinguishing characteristics of a profession is the existence of a code of ethics
for its members. e rst code of professional ethics may be traced back to the duties of the
physician as contained in the Oath of Hippocrates. Codes of ethics for professional bodies
become the terms of reference for ethical conduct and are often the founding documents
for professions.7
A code of ethics is important for a profession as it establishes the ethical expectations from
existing members for those joining the profession. A code of ethics is intended to be:
• A central guide and reference for members in support of day-to-day decision making;
• A tool to encourage discussions of ethics and to improve how members deal with the
ethical dilemmas, prejudices and grey areas that are encountered in everyday work; and
• Complementary to relevant standards, policies and rules – not a substitute for them.8
e difference between a code of ethics and a code of conduct is that a code of ethics
expresses fundamental principles that provide guidance in cases where no speci c rule is
in place or where matters are genuinely unclear. A well-drafted code of conduct will be
consistent with the primary code of ethics; however, it will provide much more speci c
guidance in dealing with ethical challenges. e SAICA and IRBA codes of conduct expand
the IFAC code somewhat by providing a local application of some sections of the code. An
example of this is the de nition of the fundamental principle of professional behaviour,
which, in the SAICA code of conduct, contains additional guidelines for multiple rms, and
signing convention for reports or certi cates.9
It is important to note that a code of conduct establishes the minimum ethical
requirements that are expected from the profession’s membership, and does not represent
an unattainable dream.
CRITICAL THINKING
To what risks and challenges would a profession be exposed without a code of
ethics?
The risks a profession could be faced with include, among other things:
• No communication of ethical expectations of the members of a profession would
exist. Ethical decision making by professionals would be dif cult which would
lead to varying standards of behaviour;
• It will be dif cult to hold the profession accountable for actions if no ethical
principles exist; and
• The public trust and the profession’s reputation could be damaged if members
act unethically and if no disciplinary process exists to correct the unethical
behaviour.
2.2.2 Rules-based versus principles-based codes of ethics

Ethical codes may take different forms, ranging from detailed rules and emphasis on
compliance with those rules, to broad positively stated principles with an emphasis on
‘doing the right thing’. Simply stated, principles-based ethics provide a conceptual basis to
follow instead of a list of detailed rules. Under a principles-based approach, key objectives
of sound ethical values are set out, followed by guidance explaining the objectives and
reference to some common examples. Professionals often face ethical dilemmas while
carrying out their professional duties. It is difficult to anticipate all situations that might
result in unethical behaviour in a code of ethics – hence a principles-based approach is
often preferred.
e IFAC International Code of Ethics for Professional Accountants moved from
containing detailed rules and emphasis on compliance with those rules, to broad positively
stated principles with an emphasis on ‘doing the right thing’, and is a principles-based
code. e IFAC International Code of Ethics for Professional Accountants has been
accepted as its ethical code by SAICA (fully accepted with minor differences) and the IRBA
(accepted Parts 1, 3 and 4 of the IFAC code).
Upon being granted membership of SAICA, a member has to sign a declaration that he
or she will act ethically and assumes an obligation of self-discipline.
2.2.3 Examples of ethical misconduct by auditors

International examples
Enron
e Enron case is discussed in more detail in Chapter 1. Arthur Anderson earned $25
million in audit fees and another $27 million in fees for non-audit services from Enron in
2000. Arthur Andersen had been Enron’s auditor for 16 years and also performed internal
audit and consulting services, clearly causing ethical independence threats.10
SMSF Auditors
Australia requires a registered auditor to conduct a nancial and compliance audit on self-
managed super funds, which is an annuity trust structure that provides bene ts to its
members on retirement. Several cases of breaches of independence of the code of ethics by
auditors were reported. In two of these cases, the auditors were found guilty of auditing
funds in which they and close family members were invested and of funds where they were
directors or trustees.11
KPMG using con dential information

Six former KPMG employees in the USA have been arrested and charged with the misuse of
con dential information. ese charges stem from Public Company Accounting Oversight
Board (PCAOB) inspection information that was leaked by a former employee of the
PCAOB, who started working for KPMG. is individual disclosed the con dential details
of the KPMG clients that the PCAOB was planning to inspect to his new employer (KPMG).
Using this information (which the rm would otherwise not have had access to), the KPMG
national partner for audit quality, the national partner for inspections, along with a
banking and capital markets partner, worked together to review the audit work papers for
at least seven banks that they had learnt the PCAOB would inspect (in anticipation of the
PCAOB inspection).12
South African examples

KPMG and Gupta-linked companies
During the provision of services to the Gupta-linked companies, KPMG staff received
potentially questionable invitations to events hosted by the Gupta family. ese included
offers of tickets to 2010 soccer world cup matches, and invitations to the launch of the New
Age newspaper and to family weddings and celebrations. In some cases, communication
between KPMG staff and the Gupta family and their representatives appear to have gone
beyond the provision of professional services. ese instances suggest signi cant
familiarity threats to objectivity and independence. KPMG also provided extensive
advisory services to the Gupta group of companies, which could amount to further threats
to objectivity and independence. SAICA announced that it will look into the audit les of
KPMG to ensure that the conclusions arrived at are consistent with the evidence contained
in the les.13 e IRBA also said it is looking into reporting irregularities that were not
reported (in accordance with the requirements of the Auditing Profession Act 26 of 2005),
such as blatant money laundering.14
KPMG and SARS rogue unit report

In 2014, newly appointed SARS Commissioner, Tom Moyane, hired KPMG South Africa to
conduct a forensic investigation into an intelligence unit within the revenue service that
between 2010 and 2014 had started investigating high-pro le tax offenders, including
prominent politicians and politically-connected business people.
e report KPMG produced suggested that the unit was breaking the law by using
illegal methods and was therefore ‘rogue in nature’. It also suggested that Mr Pravin
Gordhan, as SARS commissioner at the time, was aware of the unit’s alleged illegal
activities. en deputy commissioner of SARS, Ivan Pillay, head of investigations, Johann
van Loggerenberg, and others were suspended as a result, and criminal charges were
eventually also laid against Gordhan. e report was instrumental in removing Mr
Gordhan from his position as nance minister.15 On 15 September 2017, KPMG
International made an unexpected and far-reaching announcement that it was
withdrawing the ndings and conclusions of the report KPMG SA Forensic had completed
for SARS at a cost of R23-million. KPMG International in a statement said that ‘quality
controls associated with the version of the report [SARS] dated 3 September 2015 were not
performed to the standard we expect. Speci cally, in this instance, our standards require a
second partner to review the work done; however, the nal deliverable of this work was not
subjected to second partner review’. KPMG International also stated that ‘the SARS report
refers to legal opinions and legal conclusions as if they are opinions of KPMG South Africa.
However, providing legal advice and expressing legal opinions was outside the mandate of
KPMG South Africa and outside the professional expertise of those working on the
engagement.’16
KPMG and VBS bank

KPMG announced that two partners tendered their resignations with immediate effect
when faced with disciplinary charges against them. KPMG issued the following media
statement: ‘Both cases are conduct charges connected to VBS [Mutual] Bank and include,
but are not limited to, failure by the partners to comply with the rm’s policies and
procedures regarding the disclosure of relevant nancial interests,’ it said.17 KPMG South
Africa further announced what is referred to as an ‘unprecedented’ review of all the work
done by its partners in the past 18 months. Chairperson of KPMG, Wiseman Nkuhlu, told a
media brie ng on Sunday that the review was part of reforms instituted by the rm to help
regain public trust and improve the quality of its work.18
Nkonki Inc
Sindi Zilwa, born Nkonki, was the second black woman in South Africa to qualify as a
Chartered Accountant (SA), in 1990. Two years later she started her own accounting rm, a
precursor to Nkonki Inc. In 1996, a merger took place to form Nkonki Sizwe Ntsaluba, the
rst national black accounting rm in South Africa. In 2013, Transnet outsourced its
internal audit function to three rms including Nkonki. Income from the transport utility
soon dwarfed that from Nkonki’s other clients. In 2015, Transnet accounted for 45% of
Nkonki’s R161m revenue internal records show, which could impose a self-interest threat
to independence. But in 2016, income from Transnet fell sharply. In the cash- ow crunch
that followed, millions of rands in employee tax deductions were not paid over to the South
African Revenue Service, exposing Nkonki to penalties and reputational risk. Mitesh Patel
offered a way out of Nkonki’s nancial troubles. Eric Wood, the CEO of Trillian Capital, a
Gupta-linked company, approached Patel with an offer to buy Nkonki on behalf of a black
CA. e deal was funded by a loan from Trillion Capital, which Patel claimed he did not
know about. After the buy-out, Nkonki instantly landed new work from Eskom, the state
utility whose board and executive were allegedly under Gupta in uence. Nkonki was
potentially also going to earn hundreds of millions in consulting fees from Eskom.19 Mitesh
Patel, the CEO of Nkonki, resigned in April 2018. e Auditor General terminated its
contract with Nkonki, due to concerns about the independence and adequacy of risk
management practices of Nkonki and also whether all shareholders were registered
auditors. ‘One of the key elements of independence for auditors is embedded in the
Auditor Professions Act, which stipulates that the only rms that may be registered
auditors are partnerships where all individuals are registered auditors, sole proprietorship
where the owner is a registered auditor, or companies which are registered by the
Independent Regulatory Board of Auditors (IRBA)’ Auditor General Kimi Makwetu said.20 A
week after the Auditor General announced the termination of public auditing contracts
with KMPG and Nkonki Inc., the latter rm announced it has taken the ‘very painful and
difficult’ decision to be placed in voluntary liquidation.21
Masterbond
In the early 1990s, following the liquidation of the group of companies, the name
‘Masterbond’ was associated in South Africa with pensioners who invested in the group
struggling for survival on dog food and the kindness of others after losing their life savings.
e Nel Commission’s report on its investigation of the Masterbond case provided proof of
auditor dishonesty, collusion of auditors with management, and lack of auditor
independence because of non-audit services provided to auditees.
e then-Public Accountants and Auditors Board (the predecessor of the IRBA) found
the auditor involved guilty of improper conduct (as discussed in section 2.4.1 of this
chapter). e auditor was sanctioned by a ne of R10 000 (being the maximum ne at the
time) and suspension from practice for two years, suspended for three years on condition
that the accused was not found guilty of contravening the Disciplinary Rules (the
predecessor of the Rules Regarding Improper Conduct) during that period.22
2.3 What are the ethical codes and rules applicable

to external auditors in South Africa?
Ethics in the external auditing profession are of the utmost importance to the profession
and for the people relying on the services of Registered Auditors (RAs). e users of the
services of RAs, especially decision makers using nancial statements, expect RAs to be
highly competent, honest, reliable and objective. If the RA rendering the external audit
does not exhibit these qualities, the external audit would serve no value to the user of the
auditor’s report. A profession’s good reputation, which is dependent on the ethical conduct
of its members, is indeed one of its most important assets.
Many RAs in South Africa are also members of SAICA (i.e. Chartered Accountants
(SA)). Both these bodies have codes of professional conduct to which members must
adhere. ese codes are principles-based, are largely based on the IFAC International Code
of Ethics for Professional Accountants, and provide general guidelines that RAs or
professional accountants should follow. In addition, the IRBA has Rules Regarding
Improper Conduct and SAICA has Punishable Offences which (together with the Code of
Professional Conduct) serve as a basis for evaluating whether speci c allegations made
against RAs or professional accountants are such that disciplinary action must be taken.
Figure 2.1 illustrates the differences between the nature of these bodies, their missions,
to whom their respective ethical codes are applicable, and the respective ethical codes and
rules that are applicable.
Figure 2.1: Differences between the IRBA and SAICA
2.4 What constitutes prohibited actions for the

external auditor?
2.4.1 IRBA Rules Regarding Improper Conduct
Actions that RAs are prohibited from taking are set out in the IRBA’s Rules Regarding
Improper Conduct. Refer to Figure 2.2 on the next page.
EXAMPLE
Manufacture Limited, a client of the rm of registered auditors, Nel and Associates
(Nel), wants to take over another business and requires a loan from the bank to
nance the takeover. The bank requires a pro t forecast in order to approve the
loan. Manufacture Limited completes the pro t forecast and engages Nel and
Associates, the company’s external auditors for the past year, to review and sign
the pro t forecast as being ‘correct’. Mr Nel, the partner in charge of the audit of
Manufacture Limited, signs the pro t forecast.
By signing the pro t forecast, Mr Nel, has contravened the Rules Regarding
Improper Conduct by allowing his name to be used in connection with an estimate
of earnings that is dependent on future transactions. It may be perceived by the
bank that he vouches for the accuracy of the pro t forecast.
2.4.2 SAICA’s punishable offences

e SAICA punishable offences are contained in the SAICA by-laws. e punishable
offences applicable to professional accountants and trainee accountants are set out in Part
B paragraph 34 of the by-laws. ere are also punishable offences applicable to associate
general accountants (AGAs) and accounting technicians (AATs) and students who are
associated with SAICA in Parts C, D and E respectively of the by-laws. Only the punishable
offences applicable to professional accountants are discussed in this text. Refer to Figure
2.3 opposite.
EXAMPLE
Remind yourself of the facts regarding the example involving Mr Nel in section
2.4.1. Now assuming Mr Nel is also a Chartered Accountant (SA). Can he be
found guilty of a punishable offence by SAICA?
In by-law 34 of SAICA, there is no equivalent to Rule 2.9 of IRBA. However, given
that one cannot guarantee the reasonableness of a pro t forecast, Mr Nel clearly
also acted without professional competence. Accordingly, he can be found guilty by
SAICA of a punishable offence in terms of the following by-laws: by-law 34.1; 34.2;
34.3; and/or 34.10 (as professional competence and due care is a fundamental
principle of the SAICA Code).
Figure 2.2: Summary of the IRBA Rules Regarding Improper Conduct applicable to RAs
Figure 2.3: Summary of SAICA punishable offences (by-law 34)
2.5 How do the SAICA and IRBA disciplinary

processes work?
2.5.1 SAICA disciplinary process
e disciplinary process of SAICA applies to any person registered or previously registered
with SAICA, whether as a CA [CA(SA) (member)], or Associate General Accountant
[AGA(SA) (Associate)].
In terms of the SAICA by-laws, the SAICA Board annually appoints a Professional
Conduct Committee and a Disciplinary Committee.
e process followed when a complaint is received is as follows:

• If the accused is registered with the IRBA, the complaint is referred to the IRBA.
• If the accused is not registered with the IRBA, the following process is followed:
• Upon receipt of a complaint, the Professional Conduct Committee may, where there
is a prima facie case for improper conduct on the part of the accused (based on the
evidence presented by the complainant), advise the accused in writing of the details
of the complaint and ask the accused to provide a written answer within 21 days of
the issue of the notice.
• e Professional Conduct Committee can call for a meeting to discuss the matter at a
speci ed date and time, with no representation present.
• If the Professional Conduct Committee is satis ed that the accused has provided a
reasonable explanation or that the act did not constitute improper conduct, the
Professional Conduct Committee may decide that it is not going to proceed further
with the matter. e Professional Conduct Committee shall then advise the
complainant and accused in writing of the decision.
• If the Professional Conduct Committee is not satis ed with the explanation or no
explanation is received, the Professional Conduct Committee has the power to
caution or reprimand the accused, or to impose a ne that is not more than half the
maximum amount that the Disciplinary Committee may impose, or to lodge a formal
complaint against the accused and refer the case to the Disciplinary Committee.
• If the accused has been cautioned or reprimanded by the Professional Conduct
Committee, the accused can within 21 days demand that the matter be referred to
the Disciplinary Committee.
e following steps are followed by the Disciplinary Committee:

• Written notice is given to the accused of the Committee’s intention to consider the
complaint and of the time and place of the enquiry. e accused is allowed
representation.
• If the accused fails to attend the enquiry, the Disciplinary Committee may proceed with
the matter without the accused present.
• e Disciplinary Committee may inspect any books or documents and may call
witnesses.
• If the accused is found guilty, the accused may be:
• Cautioned;
• Reprimanded;
• Fined up to a maximum amount to be determined by the SAICA Board from time to
time;
• Suspended from membership, associateship or registration as a trainee accountant
for a period not exceeding ve years;
• Excluded from membership, associateship, or from registration as a trainee
accountant; or
• Disquali ed from applying for SAICA membership permanently or for such period
as the Disciplinary Committee may determine.
• If the accused is found guilty, the Disciplinary Committee can order that the name of
the accused be published.
• If the accused is found not guilty, the name of the accused is not published, unless the
accused has requested otherwise.23
2.5.2 IRBA disciplinary process

e IRBA’s disciplinary process applies to RAs registered with the IRBA. Any member of the
public, an association or organisation may lodge a complaint against an RA if they believe
that the RA is guilty of improper conduct. e IRBA will then investigate the alleged
improper conduct.
A member of the public who wishes to submit a complaint should do so by submitting
an affidavit (a sworn statement signed in the presence of a Commissioner of Oaths).
According to section 48 of the Auditing Profession Act, the Board must refer the complaint
to an investigation committee if it believes it to be justi ed.
• e investigation committee investigates the matter and obtains evidence.
• e RA has the right to be assisted or represented by another person.
• e investigation committee can require the RA to provide any working papers,
statements, books or other documentation and inspect these documents.
• After concluding its investigation, the investigation committee must submit a report to
the Board of the IRBA stating its recommendations.
• If the Board believes that sufficient grounds exist for the RA to be charged with
improper conduct, it then issues a charge sheet to the RA by hand or registered mail.
e RA may then submit a written explanation regarding the improper conduct within a
reasonable time not exceeding 60 days.
• e charge sheet and any written explanation received from the RA are then referred to
the disciplinary committee.
• e disciplinary committee will hold a meeting according to the procedures set out in
section 50 of the Auditing Profession Act.
• If the disciplinary committee nds the RA guilty or the RA has admitted guilt (in which
case the RA is considered to be found guilty as charged) the disciplinary committee
must:
• Caution or reprimand the RA; or
• Impose a ne not exceeding a speci ed amount; or
• Suspend the right to practise as an RA for a speci c period; or
• Cancel the registration and remove the RA’s name from the register of auditors.
• e Board may publish the nding and sanction imposed on the RA.24
2.5.3 Examples of SAICA and IRBA disciplinary processes
EXAMPLE
Outcome of SAICA disciplinary process
An Associate General Accountant (registered as an AGA with SAICA) was found
guilty as he sent out a misleading letter to a client pretending to be an RA. He
failed to respond to correspondence and did not attend the hearing. He was
permanently excluded from associate membership, a previous suspended ne of
R25 000 became payable and he had to contribute to the legal costs of R20
000.25
Outcome of IRBA disciplinary process
The respondents’ audit rm prepared the annual nancial statements or performed
accounting services for clients where the respondents were the audit engagement
partners. In so doing, the respondents contravened section 90(2) of the
Companies Act. The respondents were each sentenced to a ne of R80 000, of
which R40 000 has been suspended for three years (on condition that the
respondents are not found guilty of unprofessional conduct committed during the
period of suspension), a cost order of R5 000, and publication by the IRBA of the
details of the case in general terms.26
The respondent was appointed as executor of a deceased estate. Despite the
client making numerous requests for various copies of documentation, the
respondent failed to provide the client with the documentation. The respondent
was sentenced to a ne of R50 000, of which R20 000 was suspended for three
years (on condition that the respondent is not found guilty of unprofessional
conduct committed during the period of suspension), no costs order and
publication of the details of the case by the IRBA in general terms.27
An audit team member was a bene ciary in a trust that held a signi cant interest
in an audit client. The respondent failed to identify and respond to this
independence threat for which no safeguards exist. The respondent was
sentenced to a ne of R80 000, of which R40 000 has been suspended for three
years (on condition that the respondent is not found guilty of unprofessional
conduct committed during the period of suspension), no costs order and
publication by the IRBA of the details of the case in general terms.28
IN THE NEWS
Auditor ethics
Enron, Parmalat, WorldCom and Steinhoff – these corporate reporting and
accounting scandals have shaken the foundations of investor con dence in the
transparency, integrity and accountability of corporations and capital markets. There
has also been public disquiet about the role professional auditors and auditing
rms have played in these corporate scandals.
For the audit profession, these highlighted the gaps between public expectations
and the reality of the role of the auditor. The biggest challenges for auditors ahead
is to identify how ethical behaviour can be – and be seen to be – restored, as it is
this that will be the basis for the reconstruction of public trust in the profession and
in the practice of auditing.
The revised IFAC International Code of Ethics for Professional Accountants,
issued in 2018, strengthened independence provisions contained in the Code to
raise public trust in the accounting profession.29
2.6 What is the content of the SAICA and IRBA
Codes of Professional Conduct?
2.6.1 Background to the SAICA and IRBA Codes of
Global corporate nancial reporting scandals, such as those involving Enron, WorldCom
and Steinhoff, negatively affected the standing of the auditing profession and questions
arose about auditor ethics (e.g. auditors not avoiding situations where their independence
is compromised).
Due to the nature of the work carried out by auditors, ethics are of the utmost
importance – auditors should be ethical at all times and in all circumstances. Various
stakeholders rely on the outcome of the work performed by the auditor as conveyed in the
opinion section of the auditor’s report. Owing to the nature of the auditor’s report, it is very
difficult to gauge the exact nature of the work performed by the auditor. Hence the
stakeholder has to rely on the auditor to do a proper job. Any de ciency in the auditor’s
professional conduct or any improper conduct in their personal life places the integrity of
the auditor in question, and may raise doubts about the reliability of the auditor’s report
(and speci cally the audit opinion). e adoption and application of a code of ethics for
auditors promotes stakeholders’ trust and con dence in auditors and their work.30
As discussed in Chapter 1, IFAC is responsible for the establishment and promotion of
standards, including ethical codes. IFAC’s International Ethics Standards Board for
Accountants (IESBA) maintains the International Code of Ethics for Professional
Accountants to serve as a model for all codes of ethics developed and used by national
accountancy organisations (including SAICA). In 2001, IFAC for the rst time adopted a
conceptual framework approach for a section of the code of ethics dealing with
independence. In 2003, the IFAC ethics committee issued a revised code of ethics in order
to restore the standing of the auditing profession after the global corporate collapses. is
2003 code contained a conceptual framework for the entire code whereby threats to the
fundamental principles had to be identi ed, their signi cance evaluated and safeguards
implemented. Most recently in 2018, the IESBA completed a restructuring of its code of
professional ethics to make the code more understandable and easier to use, but also to be
more robust with substantial improvements in many areas, including auditor
independence.
SAICA formally adopted the 2003 version of the IFAC International Code of Ethics for
Professional Accountants with effect from 30 June 2006, but added an additional part
(called Part D or section 400), which speci cally focused on professional accountants in
South Africa. e adoption of the IFAC Code was done to improve con dence in the local
accounting profession. From November 2010, the Board of SAICA resolved to accept the
IFAC Code issued on 1 April 2006 in its entirety, but added limited additional guidance in
Part A to assist with the local application of certain requirements applicable to all
professional accountants in SA. Part D (or section 400) of the SAICA Code was removed in
the 2010 version of the SAICA Code. At the time of writing, all indications are that the IFAC
restructured code issued in 2018 will also be accepted by SAICA, with certain South African
amendments, and will be applicable from 15 June 2019. A South African work group is
adapting the IFAC Code for South African circumstances.
After careful consideration and a mapping exercise between the IRBA Code of
Professional Conduct in issue at the time and the IFAC International Code of Ethics for
Professional Accountants, the IRBA decided to adopt Parts A and B of the IFAC
International Code of Ethics for Professional Accountants (issued 1 April 2006). e then-
IRBA Code of Professional Conduct was repealed and replaced by a new IRBA Code of
Professional Conduct based on the IFAC International Code of Ethics for Professional
Accountants with effect from 1 January 2011. At the time of writing, all indications are that
the IFAC restructured code issued in 2018 will also be accepted by IRBA, with some South
African amendments, which will be effective from 15 June 2019.
2.6.2 Differences between SAICA and IRBA Codes of

At the time of writing, all indications are that SAICA will adopt the IFAC International Code
of Ethics for Professional Accountants (issued on 1 April 2018) in its entirety (i.e. Parts 1, 2,
3 and 4), with a few changes to accommodate matters for South African circumstances. All
the modi cations to the IFAC Code are indicated via underlined and italicised text in the
SAICA Code of Professional Conduct.
At the time of writing all indications are also that IRBA will adopt Parts 1, 3 and 4 of the
IFAC International Code of Ethics for Professional Accountants (issued on 1 April 2018),
and all adaptations are indicated by way of underlined and italicised text. e IRBA
proposes to modify this code for the South African environment by, for example, replacing
the IFAC term ‘professional accountant’ with the more relevant term ‘registered auditor’.
Part 2 of the IFAC Code applies to professional accountants working in business
(commerce) and is also now applicable to individual professional accountants in public
practice when performing professional activities pursuant to their relationship with the
rm. is Part will, however, only be contained in the SAICA Code of Professional Conduct
and not in the IRBA version.
From the foregoing, it can rightly be concluded that there is little difference between
the SAICA Code of Professional Conduct (CPC) and the IRBA Code of Professional
Conduct. In the next section, the SAICA CPC is explained as it is applicable to ‘professional
accountants’ – i.e. Chartered Accountants (SA), and Associate General Accountants
(AGAs). However, given the similarity of the content of these two pronouncements, in
virtually all instances the content is equally applicable to RAs. Accordingly, the chapter
does not contain a detailed exposition of the IRBA Code of Professional Conduct.
Table 2.1: Differences between the IFAC International Code of Ethics for Professional
Accountants, the IRBA Code of Professional Conduct and the SAICA Code of
IFAC IRBA31 SAICA32
Refers to Professional Refers to Registered Auditors Refers to Professional

Accountants Accountants (which includes
CAs, AGA’s and trainee
accountants)
Contains: Contains: Contains:

• Part 1 General • Part 1 Complying with • Part 1 Complying with
application of the code; the code, fundamental the code, fundamental
• Part 2 Professional principles and principles and
Accountants in conceptual framework; conceptual framework;
business; • Part 3 Registered • Part 2 Professional
• Part 3 Professional auditors performing Accountants in
Accountants in public professional services; business;
practice; • Part 4A Independence • Part 3 Professional
• Part 4A Independence for audit and review Accountants in public
for audit and review engagements; practice;
engagements; • Part 4B Independence • Part 4A Independence
• Part 4B Independence for assurance for audit and review
for assurance engagements other engagements;
engagements other than audit and review • Part 4B Independence
than audit and review engagements. for assurance
engagements. engagements other than
audit and review
engagements.
Section 115: Fundamental Section 115: The Section 115: The

principle of professional fundamental principle of fundamental principle of
behaviour professional behaviour professional behaviour was
was expanded to include expanded to include the
additional guidance for the following additional matters
local application of the in Part 1 under professional
code. The following behaviour:
additional matters were • Multiple rms and
included in Part 1 under assisted holding out
‘professional behaviour’: • Signing convention for
• Multiple rms and reports and certi cates
assisted holding out
IFAC IRBA31 SAICA32
Section 320: Professional Section 320 provides additional guidance regarding

appointment communication from a proposed, existing or predecessor
accountant including con dential information as well as
when the client refuses to give permission to contact the
existing accountant.
Section 330 Fees and Section 330 provides additional guidance regarding the
other types of charging of contingent fees when preparing tax returns.
remuneration Additional safeguards, i.e. obtaining advance agreement
upfront and in writing from the client for commission or
referral arrangements, were also added.
Section 350: Custody of Section 350: Custody of client assets was expanded to
client assets include additional guidance for the local application of
the code.
The following additional matters were included:
• Section 350.4a SA: Guidance on what to do when it
is believed that money was received from illegal
activities.
• Section 350.6 SA: Speci c instructions regarding
what to do with client monies received.
• Section 350.7a SA: Speci c instructions regarding
what to do with client assets other than monies
received.
• Section 350.8A1 SA: Speci c instructions regarding
possible measures of protection (of client assets).
• Section 350.9 SA: Speci c instructions regarding
custody of client assets for audit or other assurance
clients.
Section 400.8: Public Section 400.8 was updated to expand the de nition of
interest entities public interest entities in a South African context.
Section 540.5: Long Section 540.5a SA was added to include guidance that
association the professional accountant might need to consider
threats relating to non-assurance services when
considering the association with clients.
2.6.3 e SAICA Code of Professional Conduct (CPC)

2.6.3.1 Guide to the code
A non-authoritative guide precedes the code to explain the purpose of the code, how the
code is structured, and how the code is to be used. e guide sets out that the purpose of
the code is to set out the fundamental principles to the code, which re ects the public
interest responsibility of the accounting profession. e guide also explains that the code
provides a conceptual framework that needs to be applied to identify, evaluate and address
threats to the fundamental principles. Before working through the code, it is useful to work
through this guide.
roughout the code, reference is made to the fact that it applies to ‘professional
accountants’. According to the de nitions contained in the code, this term means (for
purposes of the SAICA code):
Serves as a generic term in this Code to refer to a chartered accountant … or an

associate … as required by the context of its use in a requirement or application
material of this Code, and taking into account that this Code is applicable to all
chartered accountants and associates in terms of the SAICA By-laws.
2.6.3.2 Part 1: Complying with the code (section 100): Fundamental
principles
A characteristic of the accountancy profession is its acceptance of the responsibility to act
in the public interest. erefore, the professional accountant has a responsibility not only
to satisfy the needs of the individual client or employer. In doing so, professional
accountants shall comply with the SAICA CPC.
e code contains requirements marked with an ‘R’ (which are obligations that need to
be complied with) as well as application material marked with an ‘A’ (which provides
context, explanations and suggestions for action) to enable professional accountants to
meet their responsibility to act in public interest. If a professional accountant is prohibited
by law or regulation from complying with certain parts of the code, the professional
accountant shall comply with all other parts of the code. e principle of professional
behaviour requires that professional accountants comply with relevant laws and
regulations. Some jurisdictions may have provisions that differ from or go beyond the code.
Professional accountants in those jurisdictions need to be aware of the differences and
comply with the more stringent provisions.
If a professional accountant identi es a breach to the code, the professional accountant
should evaluate its signi cance, take steps to address the consequences of the breach and
report it to relevant parties if necessary.
Part 1 of the CPC contains fundamental principles applicable to all professional
accountants and provides a conceptual framework for applying these principles.
e ve fundamental principles, applicable to all professional accountants, contained
in Part 1 of the Code are discussed in this section.
Integrity (section 111)

Integrity has to do with honesty and truthfulness.
A professional accountant may not knowingly be associated with any statement, account or
return that:
• Contains a materially false or misleading statement;
• Is issued recklessly; or
• Omits or obscures information.
Objectivity (section 112)

Professional accountants may not compromise their professional or business judgement
because of bias, con ict of interest or undue in uences.
Professional competence and due care (section 113)

• e professional accountant should maintain sufficient professional knowledge and
skill to ensure that clients receive competent professional service. is includes any new
technical and business developments. SAICA (and the IRBA) have speci c continuing
professional development requirements that require their members to spend a
minimum number of hours per year on professional development activities aimed at
maintaining professional competence.
• e professional accountant should apply technical and professional standards and act
diligently when providing professional services to a client.
• e professional accountant should ensure that those working under his or her
authority have received the appropriate training and supervision.
• Professional accountants should not undertake any professional work for which they
are not competent, unless they obtain the necessary advice and assistance from other
parties and make clients aware of any limitations.
Con dentiality (section 114)

• Con dentiality of an existing, prospective or previous client or employer’s information
should be maintained at all times in order to serve the public interest.
• e professional accountant should ensure that information acquired in a professional
capacity is kept con dential in:
• A social environment;
• Amongst business associates;
• Amongst immediate family; and
• Within a rm or organisation.
• e professional accountant and his or her staff should speci cally refrain from:
• Disclosing con dential information without speci c authority, unless:
• Permitted by law and authorised by the client or employer; or
• Required by law for legal proceedings or disclosure of infringements of law; or
• A professional duty or right to disclose exists (when not prohibited by law), for
example, (1) to comply with the quality review of IRBA or SAICA, (2) to respond
to an enquiry or investigation by IRBA or SAICA or (3) to protect professional
interests in legal proceedings, or (4) to comply with technical and professional
standards, including ethics requirements such as non-compliance with rules and
regulations (NOCLAR) as discussed later in this chapter.
• Using con dential information for own personal advantage or the advantage of third
parties.
• In deciding whether to disclose con dential information, the professional accountant
should consider:
• If the interest of all parties (including third parties) could be harmed if the client
consents to the disclosure of information;
• If all information is known and can be substantiated; and
• e type of communication, to whom it will be addressed, and if they are appropriate
recipients.
EXAMPLE
Susan Smith, a registered auditor, is the audit partner assigned to the audit of
Seagull Limited, a listed company. Susan advises her friend to purchase shares
in Seagull as the company will take over another company after the release of its
nancial results and it is expected that the share price will increase
substantially. Did Susan Smith act unethically?
Yes, con dential information may not be used for personal advantage or advantage
of third parties. (Note: Susan Smith is also likely to be guilty of an insider trading
offence in terms of the Financial Markets Act 19 of 2012 – and as such in breach
of the principle of professional behaviour).
WHAT What if a member of the audit team becomes aware of fraud in which
the directors of an auditee are involved? Can this be disclosed?
IF? This fraud can (and has to) be disclosed to the IRBA if the requirements
of section 45 of the Auditing Profession Act are met – as the auditor will
have a professional duty to report this information (refer to Chapter 3 for
a detailed discussion of the relevant requirements of this Act). If the fraud
has an impact on the fair presentation of the nancial statements, this
will also be disclosed in the auditor’s report.
Professional behaviour (section 115)

• e professional accountant should comply with relevant rules and regulations.
• e professional accountant should avoid actions that may bring the profession into
discredit, which a reasonable informed third party would be likely to conclude
adversely affects the good reputation of the profession.
• e professional accountant should not knowingly engage in any business, occupation
or activity that may impair integrity, objectivity or good reputation of the profession.
Multiple rms and assisted holding out

• A professional accountant may be associated with more than one auditing or
professional services rm. Such association shall not cause confusion and a clear
distinction between different rms is needed.
• A professional accountant may practise under different rm names for different offices,
but this must not be misleading.
• A clear distinction should be made if rms have members who are not registered
auditors, in order not to contravene section 41(2) of the Auditing Profession Act. Refer to
Chapter 3 for a detailed discussion of the relevant requirements of this Act.
Signing convention for reports or certi cates

• A professional accountant shall not delegate the power to sign audit, review or other
assurance reports or certi cates to any person who is not a partner or fellow director.
• is prohibition may be relaxed when emergencies of sufficient gravity arise, in
which case, the full circumstances for the need to delegate should be reported to the
client and the IRBA.
• Any audit, review or other assurance report or certi cate should contain:
• e individual professional accountant’s full name;
• e capacity in which the person is signing if not as sole proprietor (for example,
partner or director);
• e designation, for example ‘Chartered Accountant (SA),’ underneath the
professional’s name;
• e name of the professional accountant’s rm if the report is not issued on the
letterhead of the rm.
Figure 2.4: Conceptual framework
2.6.4 Part 1: Complying with the code: Conceptual

framework approach
As illustrated in Figure 2.4, this conceptual approach requires the professional accountant
to (paragraphs 120.1–120.13A2.):
• Identify threats to the ve fundamental principles;
• Evaluate the threats identi ed; and
• Address the threats by eliminating or reducing them to an acceptable level.
e professional accountant shall consider the context in which the issue has arisen.
2.6.4.1 When applying the conceptual framework the professional

accountant shall:
• Exercise professional judgement
is involves the application of relevant training, professional knowledge, skill and
experience applied to the facts to make informed decisions about the courses of action
to take.
e professional accountant should consider the following:
• Whether relevant information might be missing from the facts;
• Whether there are inconsistencies between the facts and circumstances;
• Whether experience and expertise are sufficient in reaching a conclusion;
• e need to consult with others;
• Whether information provides a reasonable basis to reach a conclusion;
• e professional accountant’s own perception or bias; and
• Other reasonable conclusions from available information.
• Remain alert for new information and changes to facts and circumstances
• Use the reasonable informed third-party test
is involves:
• e consideration of whether the same conclusion will be reached by another
person who possesses the relevant knowledge and experience to understand;
• An evaluation of the professional accountant’s conclusions; and
• e weighing up all the relevant facts and circumstances that the professional
accountant knows or is expected to know.
2.6.4.2 Identifying threats (paragraph 120.6)

When a relationship or circumstances may compromise, or could be perceived by third
parties to compromise, a professional accountant’s compliance with the fundamental
principles, a threat(s) is/are created. reats fall into one of the following categories:
• Self-interest threat
reat arises from nancial or other interests of the professional accountant that could
inappropriately in uence his or her judgement or behaviour.
• Intimidation threat
reat arises when the professional accountant is deterred from acting objectively by
pressures, actual or perceived.
• Self-review threat
reat arises when a previous judgement needs to be re-evaluated by the professional
accountant responsible for making the judgement and that this may therefore not be
appropriately evaluated.
• Advocacy threat
reat arises when a position or opinion is promoted by the professional accountant to
the point that subsequent objectivity is compromised.
• Familiarity threat
reat arises because of a close relationship with the client when the professional
accountant becomes too sympathetic to the client’s interests.
2.6.4.3 Evaluating threats (paragraph 120.7)

• When the professional accountant identi es threats to fundamental principles, he or
she needs to evaluate whether the threats are at an acceptable level using the
reasonable informed third-party test (as referred to above) to conclude that he or she
complies with fundamental principles.
• Factors relevant in evaluating the level of threats:
• Qualitative and quantitative factors need to be considered; and
• Available policies and procedures, e.g.:
• corporate governance requirements;
• educational, training and experience requirements;
• effective compliance systems which enable the professional accountant and the
general public to draw attention to unethical behaviour (such as SAICA and IRBA
disciplinary processes);
• an explicit duty to report breaches; and
• professional or regulatory monitoring.
• e professional accountant needs to remain alert throughout the professional activity
to determine whether new information has emerged, or existing information has
changed, which leads to the identi cation of a new threat or impacts the level of the
threat or affects the accountant’s conclusions about the safeguards applied.
2.6.4.4 Addressing threats (paragraph 120.10)

If the professional accountant determines that the identi ed threats to fundamental
principles are not an acceptable level the professional accountant shall address the threat
by:
• Eliminating circumstances, interests or relationships creating the threats;
• Applying safeguards (actions or measures) to reduce the threat to an acceptable level;
• Declining or ending the professional activity.
2.6.4.4.1 Considerations of signi cant judgements made and overall conclusions

reached (paragraphs 120.11-12)
e professional accountant shall form an overall conclusion whether the actions to
address the threats will eliminate or reduce threats to an acceptable level by reviewing
signi cant judgements made or conclusions reached and by using the reasonable and
informed third-party test.
2.6.4.4.2 Considerations for audits, reviews and other assurance engagements:
2.6.4.4.2.1 Independence
e professional accountant in public practice is required by International Independence
Standards to be independent when conducting these engagements. Independence is
linked to fundamental principles of objectivity and integrity, and includes independence
in mind and in appearance.
e IAASB Glossary of Terms de nes these terms as follows (SAICA Handbook Vol 2):
• Independence in mind: A state of mind that permits the provision of an opinion without
being affected by in uences that compromise professional judgement, allowing an
individual to act with integrity and exercise objectivity and professional scepticism.
• Independence in appearance: e avoidance of facts and circumstances that are so
signi cant that a reasonable informed third party, having knowledge of all relevant
information, including safeguards applied, would reasonably conclude that a rm’s or a
member of the assurance team’s integrity, objectivity or professional scepticism has
been compromised.
2.6.4.4.2.2 Professional scepticism

Professional accountants in public practice are required to apply professional scepticism
when planning, and performing audits, reviews and other assurance engagements.
Professional scepticism is inter-related with these fundamental principles:
• Integrity
Being straightforward and honest in raising concerns at a client and pursuing enquiries
about inconsistent information and seeking further audit evidence about false or
misleading statements.
• Objectivity
Recognising relationships such as familiarity that may compromise professional
judgement and considering the impact of such circumstances on the accountant’s
judgement when evaluating the sufficiency and appropriateness of audit evidence.
• Professional competence and due care
Applying knowledge to the client’s industry, designing and performing appropriate
audit procedures, and applying relevant knowledge when assessing whether audit
evidence is sufficient and appropriate.
2.6.5 Part 2: Professional accountants in business

is section is applicable to professional accountants who are employees, contractors,
partners, or directors and who are salaried employees or directors in an employing
organisation and who may be involved in preparing nancial statements. An individual
who is a professional accountant in public practice, when performing professional
activities relating to his or her relationship with the accounting rm now also falls under
section 200. Investors, creditors and employing organisations might rely on the work of
professional accountants in business. As discussed in Chapter 1, the nancial statements
form the basis for the audit and it is therefore important that if professional accountants
are involved in the preparation of nancial statements, they also comply with the CPC.
Part 2 of the CPC contains examples of situations that may create threats for
professional accountants in business – refer to Figure 2.5 and Table 2.2. Note that the
examples are not intended to be a complete list of all circumstances that may exist for the
professional accountant in business.
In order to reduce threats to an acceptable level, the professional accountant in
business can apply certain safeguards. Examples of safeguards are included in Figure 2.6.
Figure 2.5: Examples of situations for professional accountants in business
Table 2.2: Examples of threats for professional accountants in business
SELF-INTEREST SELF-REVIEW ADVOCACY INTIMIDATION FAMILIARITY

THREAT THREAT THREAT THREAT THREAT
SELF-INTEREST SELF-REVIEW ADVOCACY INTIMIDATION FAMILIARITY
THREAT THREAT THREAT THREAT THREAT
• Holding • Determining • Opportunity • Dominant • Responsible

shares in the the to personality for nancial
employing accounting manipulate who tries to reporting if
company; treatment information in uence family
• Loans from after in a decision- member is
the employing performing prospectus making responsible
company; the in order to process (e.g. for
Guarantees feasibility obtain awarding of decisions
from the study (e.g. favourable contracts); regarding
employer; performing nancing. • Professional the nancial
• the accountant or reporting
• Participating
feasibility immediate or (e.g.
in incentive
study on a close family nancial
compensation
new joint member director is
arrangements;
venture and facing threat married to
• Inappropriate then the nancial
of dismissal
personal use deciding on manager);
or
of corporate the replacement • Long
assets; accounting arising from association
• Gifts or treatment a with
special of the joint disagreement business
treatment venture). about the contacts
from application of in uencing
suppliers. an business
accounting decisions.
principle or
how nancial
information
is reported
(e.g. threat of
dismissal
when a
disagreement
exists about
when
revenue is to
be
recognised).
Figure 2.6: Examples of safeguards in the business environment
2.6.5.1 Con icts of interest (section 210)

Con icts may exist between the professional accountant and the parties to whom the
professional accountant is providing professional services. ese parties may include the
employee organisation, vendors, customers, lenders, shareholders and others. Professional
accountants shall not allow con icts of interests to compromise their professional or
business judgement. A professional accountant should remain alert to changes over time
that might create con icts.
Examples of circumstances that might create con ict of interest include:

• Serving in a management or governance position for two companies and acquiring
con dential information from one company that might be used by the professional
accountant for the advantage or disadvantage of the other company;
• Assisting both partners in a partnership to dissolve the partnership;
• Preparing nancial information for management of an employer who are seeking a
management buy-out;
• Selecting a vendor for an employer where a family member of the professional
accountant might gain nancially from the transaction; and
• Serving in a governance capacity at an employer that is responsible for approving
investments which will increase the investment portfolio of the professional accountant
or an immediate family member.
Steps to identify con icts:

• Identifying the nature of the interests and relationships between the involved parties;
and
• Identifying the activity and its implications for relevant parties.
Steps to address the con icts:

• Withdrawing from the decision making process;
• Restructuring or segregating certain responsibilities;
• Obtaining appropriate oversight, e.g. a non-executive director oversees the process;
• Disclosing the nature of the con ict and threats created to all relevant parties, and
obtaining consent from the relevant parties;
• Documenting the nature of circumstances, safeguards applied and consent obtained;
and
• Obtaining guidance from within the employing organisation, or from the professional
body, legal counsel or another professional accountant.
2.6.5.2 Preparation and presentation of information (section 220)

Preparing and presenting information (including recording, maintaining and approving
information) could create self-interest or intimidation threats to compliance with the
fundamental principles. Professional accountants at all levels are involved in the
preparation and presentation of information for management, those charged with
governance, investors, lenders or other creditors and regulatory bodies. is information
(e.g. operating and performance reports, budgets and forecasts, tax returns, general and
special purpose nancial statements) might assist shareholders in understanding and
evaluating the employers’ state of affairs and include nancial and non- nancial
information.
When preparing or presenting information a professional accountant shall prepare and

present information:
• In accordance with the applicable nancial reporting framework (e.g. IFRS);
• In a manner that is not intended to mislead or in uence contractual or regulatory
outcomes inappropriately;
• Exercising professional judgement to:
• Represent facts accurately and completely in all material respects;
• Describe clearly the true nature of transactions; and
• Classify and record information timely and in a proper manner;
• Not omit anything to mislead information or in uence outcomes inappropriately; and
• Exercise discretion in making professional judgements in:
• Determining estimates (e.g. fair value estimates);
• Selecting or changing accounting policies;
• Determining the timing of transactions (e.g. timing of the sale of an asset near the
nancial year-end);
• Determining the structuring of transactions; and
• Selecting disclosures.
A professional accountant shall exercise professional judgement to identify and consider:

• e purpose of the information;
• e context within which it is given; and
• e audience to whom it is addressed.
A professional accountant who intends to rely on the work of others (whether internal or
external from the employer) shall take steps to ensure that he or she complies with the
requirements of preparation and presentation of information and consider:
• e reputation, expertise and resources available to the other individual; and
• Whether the other individual is subject to professional and ethical standards.
When a professional accountant knows or has reason to believe that the information that
the professional accountant is associated with is misleading, the professional accountant
shall take appropriate actions such as:
• Discussing these concerns with a superior, management or those charged with
governance of the employer and request that appropriate action is taken such as:
• Having the information corrected;
• Informing users and correcting information if already disclosed to users; and
• Consulting the policies and procedures within the employer (such as ethics and
whistle-blowing policies).
If appropriate actions have not been taken by the employer, and the professional
accountant believes that the information is misleading, the professional accountant, while
remaining cognisant of the principle of con dentiality, might consider:
• Consulting with a relevant professional body;
• Consulting with the internal and external auditor;
• Legal counsel;
• Determining whether any requirements exist to communicate with:
• ird parties including users;
• Regulatory or oversight bodies; and
• If after exhausting all feasible options, the professional accountant shall refuse to be
associated with the information in which case it might be appropriate to resign.
e professional accountant is encouraged to document the facts, the accounting

principles or standards involved, the communications with parties, the courses of actions
considered, and how the professional accountant attempted to address the matter.
EXAMPLE
Viwe Khumalo CA(SA) is the nancial manager of Furniture Limited (‘Furniture’).
She is responsible for the preparation of the nancial statements of Furniture.
The chief executive of cer (CEO) of Furniture expects Viwe to not consolidate
all subsidiaries and only include those that are pro t-making (and not those that
are loss-making) – in order to make earnings appear better than they actually
are.
Discuss this with reference to the CPC.
If Viwe only includes pro t-making subsidiaries, and not those that are loss-
making, self-interest and intimidation threats to integrity, objectivity, professional
competence and due care, and professional behaviour will be created.
The threats will be signi cant, as she is expected to act contrary to the
Companies Act and IFRS by fraudulently misrepresenting information and not
consolidating subsidiaries fully.
Safeguards include the following:
• Refuse to selectively consolidate the subsidiaries nancial information, and
explain the reasons why she cannot do so. If the CEO still insists that this be
done, she should obtain advice from the audit committee or independent
directors of Furniture (if any), or seek advice from an independent professional
or SAICA;
• Use the formal dispute resolution process or whistle-blowing process in
operation in Furniture (if applicable); and/or
• Seek legal advice.
If these safeguards fail to yield a satisfactory outcome, she should resign and
provide her reasons to the board of directors of Furniture.
2.6.5.3 Acting with sufficient expertise (section 230)

e employing organisation shall not be intentionally misled concerning the level of
expertise or experience that the professional accountant possesses. e principle of
professional competence and due care requires that the professional accountant to only
undertake signi cant services for which the professional accountant has or can obtain
sufficient training or expertise.
For example, accepting a position as tax consultant without sufficient expertise and
training could create a self-interest threat to professional competence and due care.
A self-interest threat to professional competence and due care could be created when the
professional accountant has:
• Insufficient time for performing or completing tasks;
• Incomplete, restricted or inadequate information when performing duties;
• Insufficient expertise, training or education; or
• Inadequate resources for performance of duties.
Factors that are relevant in evaluating the level of such a threat will depend on the:
• Extent of working with others (e.g. whether there are superiors or peers available to ask
advice or help);
• Seniority of the individual; and
• Level of supervision and review.
Potential actions that might be safeguards include:

• Obtaining appropriate training and assistance from someone with the necessary
expertise;
• Ensuring that sufficient time is available to complete the relevant duties; and
• If the threat cannot be addressed at an appropriate level, a professional accountant shall
consider declining to perform the duties and communicate the reasons.
EXAMPLE
Isak Tenene recently quali ed as a CA(SA). He has been offered a position as a
nancial manager at Goto Bank (‘Goto’). Isak has never worked in the nancial
services industry before. Discuss this with reference to the CPC.
A self-interest threat to professional competence and due care could arise if Isak
Tenene accepts this appointment.
The threat will be signi cant, as Isak has never been employed in the nancial
services industry before and thus has no knowledge of the laws and regulations,
nancial management practices, and nancial reporting standards applicable to
this industry.
Safeguards that can be implemented are:

• Obtaining appropriate training in the laws and regulations, nancial
management practices, and nancial reporting standards applicable to the
nancial services industry;
• Obtaining advice and assistance when preparing the nancial statements from
superiors within Goto;
• Ensuring that suf cient time is available to complete tasks, including the
nancial statements; and
• Consultation with independent experts with nancial services industry
experience or SAICA.
2.6.5.4 Financial interests, compensation and incentives linked to nancial

reporting and decision making (section 240)
If the professional accountant in business or his or her close family members hold nancial
interests (e.g. shares) in the employing company, self-interest threats to objectivity and
con dentiality may arise, as the knowledge he or she possesses regarding, for example, the
company’s poor nancial performance (which is not public knowledge) could lead to the
decision to sell his or her shares in the company based on this ‘inside information’. is
could also amount to insider trading, a contravention of the Financial Markets Act 19 of
2012.
reats may also be created by:

• Explicit or implicit pressure from superiors or colleagues to manipulate nancial
information on which bonuses or share rights are based; and
• e professional accountant having a motive or opportunity to manipulate price
sensitive information (e.g. due to pro t-related bonuses, share rights or share options
and compensation arrangements providing incentives to achieve targets), in order to
gain nancially.
Factors relevant in evaluating the level of the threat include:
• Magnitude of the nancial interest taking into account personal circumstances and
materiality of the interest;
• Policies and procedures for a committee independent of management (e.g. a
remuneration committee) to determine the level and form of management
remuneration;
• Disclosure to those charged with governance of all relevant interests and the employee’s
plans to trade in the entity’s shares; and
• Internal and external audit procedures (e.g. where internal auditors audit the awarding
of performance-related elements of remuneration and external auditors audit the
nancial statements that re ect the pro t gure used to compute the performance-
related bonuses).
EXAMPLE
Karin Booth CA(SA), the nancial manager of Zeelight Limited (‘Zeelight’), is
responsible for the preparation of the nancial statements of Zeelight. She will
receive an incentive bonus based on the company’s reported pro t after tax for
the 20X1 nancial year. She therefore wants to present the best possible
nancial results for Zeelight.
Discuss this matter with reference to the CPC.
If Karin Booth receives a performance-related bonus, it will create a self-interest
threat for objectivity.
The threat will be signi cant as the incentive bonus is based on the pro t after
tax gure.
Safeguards that could be implemented are internal and external audit
procedures on the appropriateness of the pro t after tax gure for the 20X1
nancial year and the awarding of bonuses.
2.6.5.5 Inducements including gifts and hospitality (section 250)

A professional accountant in business, or his or her close family members could be offered
an inducement (such as a bribe not to disclose information). Refer to Figure 2.7 for the
de nition of an inducement. A professional accountant in business may also be in a
situation where he or she is expected or is under pressure to offer an inducement. is
could create self-interest, familiarity or intimidation threats to integrity, objectivity,
professional behaviour and possibly con dentiality. A professional accountant shall not
offer or accept or encourage others to offer or accept any inducement from which the
professional accountant or an informed third party would be likely to conclude that it is
made to improperly in uence the behaviour of the recipient or other individual. e
professional accountant shall obtain an understanding of relevant laws and regulations
prohibiting the offering and acceptance of inducements and comply with them when
necessary. e factors contained in Figure 2.8 have to be considered to determine the
actual or perceived intent behind the inducement. Figure 2.9 includes actions that might
be regarded as safeguards.
Figure 2.7: De nition and examples of inducements
Figure 2.8: Factors to consider when determining whether there is an actual or perceived intent to in uence
behaviour
Figure 2.9: Examples of actions that might be safeguards
Inducements made with no intent to improperly in uence behaviour can still create threats
to the fundamental principles. Self-interest threats can be created where the professional
accountant is offered part-time employment by a vendor. Familiarity threats may be
created if a professional accountant regularly takes a vendor or a supplier to sporting
events. Intimidation threats may be created if the professional accountant accepts
hospitality which could be perceived to be inappropriate were it to be publicly disclosed.
If the inducement is trivial and inconsequential the threats will be at an acceptable
level.
EXAMPLE
Mr Ricardo is a professional accountant working as an internal auditor at Nala
Limited (‘Nala’). During the performance of an internal audit of the sales division
of Nala, he detected fraud committed by the sales clerk. The sales clerk offered
to pay a substantial amount into Mr Ricardo’s bank account in return for not
disclosing this fraud.
Discuss this matter with reference to the CPC.
A self-interest threat and an intimidation threat to integrity, objectivity and
professional behaviour will be created if the amount is accepted.
The threat will be signi cant, as it is an amount offered not to disclose fraud,
which is an illegal act.
The safeguards will be:

• Not to accept the amount offered; and
• Informing higher levels of management of Nala Limited or those charged with
governance (e.g. the audit committee chairman) about the offer.
2.6.5.6 Responding to non-compliance with laws and regulations

(NOCLAR) (section 260)
Refer to Figure 2.10 for the de nition of NOCLAR.
Figure 2.10: NOCLAR de nition
NOCLAR is applicable to:

• Laws and regulations generally recognised to have an effect on the determination of
material amounts and disclosures in the employer’s nancial statements; and
• Other laws and regulations that may be fundamental to the operating aspects of the
employer’s business or its ability to continue in business or to avoid material penalties.
Non-compliance might result in nes, litigation or other consequences for the employing
organisation, potentially materially affecting its nancial statements, and may have wider
public interest implications of potential harm to investors, creditors, employees or the
general public (e.g. breaches of environmental laws and regulations endangering health
and safety of employees or the public). NOCLAR can be committed by the employing
organisation, those charged with governance, management or other individuals working
for or under the direction of the employing organisation.
If a professional accountant becomes aware of NOCLAR in the course of carrying out
professional activities, a self-interest or intimidation threat is created to integrity and
professional behaviour. Refer to Figure 2.11 for examples of laws and regulations that could
be transgressed which will trigger NOCLAR responsibilities for the professional
accountant. Refer to Figure 2.12 for actions required. In exceptional circumstances,
immediate disclosure to the appropriate authority may be required.
A distinguishing mark of the accounting profession is the acceptance of the
responsibility to act in the public interest. When responding to NOCLAR the objectives of
the professional accountant are:
• To comply with the principles of integrity and professional behaviour;
• By alerting management or those charged with governance to seek to:
• Enable them to rectify, remediate or mitigate the consequences of NOCLAR; or
• Deter the NOCLAR if it has not yet occurred.
• To take such further action as appropriate in the public interest.
e code distinguishes between responsibilities of senior professional accountants and

other professional accountants. Senior professional accountants in business follow the
process as indicated in Figure 2.12. Other accountants in business follow points 1–3 in
Figure 2.12 and then inform an immediate superior or higher level of authority if the
immediate superior is involved. In exceptional circumstances, the other professional
accountant may disclose it to an appropriate authority. e other professional accountant
should also document the process as indicated in point 9 in Figure 2.12.
Figure 2.11: Examples of laws and regulations that could be transgressed for NOCLAR
Figure 2.12: Actions required for NOCLAR
EXAMPLE
Ricardo January is a CA(SA) working as the head of internal audit at Siesa
Proprietary Limited (‘Siesa’), a waste water management facility. During the
performance of an internal audit, Ricardo detected that Siesa released polluted
water into the Vaal River which exceeded the permitted pollution levels by 50
times.
Discuss whether there are any actions that Ricardo January should take with
reference to the CPC.
• If a NOCLAR exists, a self-interest or intimidation threat is created to integrity
and professional behaviour.
• Ricardo January must consider whether the pollution constitutes a possible
NOCLAR:
• It is an action;
• By the management of Siesa; and
• It is contradictory with Health and Safety Acts (e.g. Waste Act 59 of 2008).
Therefore, it does constitute a possible NOCLAR.

• Ricardo January must investigate the matter further to obtain a better
understanding thereof.
• Ricardo January must discuss the matter with management and those charged
with governance of Siesa.
• If the pollution has taken place, Ricardo January must inform management that
it constitutes a NOCLAR and that the matter should be recti ed and reported.
• If pollution has taken place and management does not do anything about it:
• Ricardo January should discuss the matter with the external audit rm’s
engagement partner.
• Ricardo January could consider getting legal advice;
• Ricardo January should consider reporting the matter to the relevant
authority (in this case the Department of Water Affairs and Sanitation); and
• Ricardo January could consider resigning.
• Ricardo January must document the following:
• The NOCLAR matter;
• Signi cant judgement and conclusions made;
• Discussions with management and how they reacted; and
• Further actions to consider and decisions made by Ricardo January.
2.6.5.7 Pressure to breach fundamental principles

Pressure to breach the fundamental principles in the CPC from a colleague, superior,
vendor, customer, lender or targets might create an intimidation threat or other threats to
the fundamental principles. A professional accountant shall not allow pressure from others
to result in a breach of compliance with fundamental principles or place pressure on
others to breach the code.
Factors that should be considered in evaluating the level of threats include:

• e intent of the individual who is exerting the pressure;
• e application of laws, regulations and professional standards;
• e culture and leadership of the employing organisation which emphasise ethical
behaviour; and
• Policies and procedures that the employing organisation has established to address
pressures.
Steps that could be taken by the professional accountant:

• Discussing the circumstances creating the pressure and consulting with others to
evaluate the level of the threat:
• Discussing with the individual who is exerting the pressure;
• Discussing with the professional accountant’s superior;
• Escalating the matter, when appropriate, to:
• Higher levels of management;
• Internal or external auditors; and
• ose charged with governance.
• Disclosing the matter in line with policies;
• Consulting with:
• A colleague, a superior, HR personnel or another professional accountant;
• Relevant professional body (e.g. SAICA); or
• Legal counsel; and
• Documenting the facts, communications with parties with whom it was discussed, the
courses of action and how the matter was addressed.
2.6.6 Part 3: Professional accountants in public practice

Public practice is de ned in the CPC as: ‘the practice of a professional accountant who
places professional services at the disposal of the public for reward.’ e de nition of a
professional accountant in public practice includes a professional accountant who
provides any professional service, including accounting, auditing, taxation, management
consulting and nancial management services. erefore, a professional accountant
registered with the IRBA as an RA will also fall within this de nition, as these professional
accountants provide auditing services.
Figure 2.13: Examples of situations for professional accountants in public practice
Part 3 of the CPC contains examples of situations that may create threats to ethical
behaviour for the professional accountant in public practice – refer to Figure 2.13 and to
Table 2.3. Note that the examples are not intended to be a complete list of all circumstances
that may arise for the professional accountant in public practice.
In order to reduce these threats to an acceptable level, the professional accountant can
apply certain safeguards – refer to Figure 2.14 for factors which may in uence the
evaluation of threats, and to Figure 2.15 for safeguards that can be applied. To determine if
safeguards are still appropriate consideration should be given to changes at the client
(expansion of scope of professional service or if the client becomes a listed entity) or new
information that comes to the attention of the professional accountant.
Some of the safeguards are incorporated into the quality control system implemented
in the professional services (auditing) rm. For example, International Standard on Quality
Control 1 (ISQC 1) paragraph 20 requires the rm to abide by ethical principles for all
professional services it renders to the public, including the external audit. In order to
ensure that this is achieved, the rm will have to establish policies and procedures to
ensure that the rm and its staff adhere to the fundamental principles contained in the
Codes of Professional Conduct. Such policies and procedures (e.g. requiring staff training
to ensure that they know the requirements of, say, the SAICA/IRBA CPC and implementing
structures to monitor staff’s adherence to the fundamental ethical principles) will create an
environment in which these principles are adhered to, thereby mitigating the signi cance
of threats.
Table 2.3: Examples of ethical threats to professional accountants in public practice
SELF- INTIMIDATION SELF-REVIEW ADVOCACY FAMILIARITY

INTEREST THREAT THREAT THREAT THREAT
THREAT
• Direct • Being • Reporting on • Promoting • Member of

nancial threatened the operation shares in assurance
interest in with of nancial a listed team has a
client (e.g. dismissal or systems after entity close or
shares in a replacement being involved when immediate
client); (e.g. the in entity is family
• Quoting a client implementation an audit member
low fee to threatens to of the system client who is a
obtain a replace (e.g. IT division (e.g. director or
new auditor if he of the auditing selling of cer at
engagement or she does rm was shares on the client
(e.g. so low not issue an responsible for behalf of (e.g. the
that it is unmodi ed the design and a client); audit
dif cult to auditor’s implementation • Acting as senior’s
perform the report); of client’s new advocate wife is the
professional • Feeling accounting on behalf nancial
service in pressured to system; the IT of director at
accordance agree with division must assurance the client);
with judgement of now provide a clients in • A director or
professional the client, report on the litigation of cer or an
standards); because working of this or employee in
• Close client has system to a disputes a position
business more supplier); and with third to exert
relationship expertise; • Reporting on parties direct or
with a • Being records when (e.g. signi cant
client; informed responsible for testi es in uence
the preparation on behalf over the
Having
SELF- INTIMIDATION SELF-REVIEW ADVOCACY FAMILIARITY
access
INTEREST to THREAT THREAT THREAT THREAT
con dential
THREAT
information
that might that planned of the original of a client subject
• promotion data used to in a court matter of
be used for
personal will not occur generate case); the
gain; and unless the records (e.g. and engagement
professional senior audit • Lobbying have served
• Discovering
accountant trainee was in favour as the
a signi cant
agrees with responsible for of engagement
error when
inappropriate the preparation legislation partner
evaluating
accounting of the on behalf (e.g. the
the results
treatment; accounting of the previous
of a
and records and client. audit
previous
she is now on engagement
professional • Having
accepted a the audit team partner is
service
signi cant auditing these now the
performed.
gift from a records). nancial
client and director at
being the client);
threatened and
that the • Long
acceptance association
of the gift of senior
will be made personnel
public. with client
(e.g. the
audit
partner has
been the
partner
assigned to
the audit for
the past 10
years).
Figure 2.14: Factors which may in uence the evaluation of the threats: (paragraphs 300.7A1-300.7A5)
Figure 2.15: Examples of safeguards (paragraph 300.8A2)
2.6.6.1 Con icts of interest (section 310)

Con icts of interest could create threats to objectivity and other fundamental principles
and can arise:
• Where the professional accountant’s interest and the client’s interest in a matter are in
con ict (e.g. advising a client to invest in a business where the spouse of the
professional accountant has a nancial interest or advising a client on acquiring a
business in which the rm is also interested in acquiring); and
• From the provision of services to clients whose interests are in con ict (e.g. acting for
two clients who operate as competitors in the same industry or providing services to a
seller and a buyer in the same transaction).
Before accepting a new client, an engagement or a business relationship, the professional

accountant shall take reasonable steps to identify con icts of interest. e nature of
interests and relationships as well as the service and its implications for relevant parties
need to be identi ed. Factors such as the nature of service provided, size and structure of
the rm and size and nature of client base need to be taken into account when identifying
con icts of interests. e professional accountant should also remain alert for changes in
circumstances that may create con icts of interests.
e level of the threats should be evaluated. Relevant factors include measures in place to
prevent unauthorised disclosure of con dential information such as:
• Separate practice areas within a professional services rm;
• Implementing procedures to prevent one engagement team from gaining access to the
working papers of the other engagement team in the rm;
• Entering into con dentiality agreements with the engagement teams; and
• Separation of con dential information physically (e.g. by keeping client les separate).
Appropriate safeguards include:

• Using different engagement teams for the clients whose interests are in con ict; and
• A senior individual not involved in the engagement reviewing the key judgements and
conclusions reached to ensure that they are appropriate.
A professional accountant should evaluate whether it is necessary to disclose the con ict of
interest, and obtain explicit consent in order to address the resulting threat. Factors such as
the circumstances creating the con ict, the parties involved and the nature of the con ict
of interest should be evaluated.
Disclosure and consent may take different forms such as:

• General disclosure to clients that a professional accountant cannot provide professional
services exclusively for one client;
• Speci c disclosure to affected clients of the con ict of interest and how threats will be
addressed – thereby enabling the client to make an informed decision; and
• Implied consent by the client’s conduct after a detailed presentation of the
circumstances has been made to the client and if they do not raise an objection to the
existence of the con ict.
If the client refuses to give consent, the professional accountant shall end or decline to
perform the speci c engagement, or terminate con icting relationships or dispose of
interests.
e professional accountant shall remain alert to the fundamental principle of
con dentiality when making disclosures to clients.
When making disclosures for obtaining speci c consent from the client and this would
breach the fundamental principle of con dentiality, and such consent cannot be obtained,
the rm shall only accept or continue the engagement if:
• e rm does not act in an advocacy role for one client against another client in the
same matter;
• Speci c measures are in place to prevent disclosure of information between
engagement teams of two clients; and
• e rm applies the reasonable and informed third-party test, and concludes that it is
appropriate to accept or continue with the engagement.
e professional accountant should document the nature of the con ict of interest, the
safeguards applied, consent obtained, speci c measures in place to prevent disclosure of
information, if applicable, and why it is appropriate to accept the engagement.
EXAMPLE
Books Limited, a publishing company, is a major external audit client of Henn
and Associates. Publish Limited, another publishing company, also approached
Henn and Associates with the request to act as its external auditors.
Can Henn and Associates accept the external audit of Publish Limited?
A self-interest threat for objectivity and con dentiality could be created if Henn and
Associates acts as external auditors for Books Limited and Publish Limited.
The threat will be signi cant, as important con dential information could ‘leak’
between the audit teams of Books Limited and Publish Limited, both of which are
in the same industry.
Additional steps that Henn and Associates could implement to mitigate these
threats are:
• Preventing access to information of the two companies through, for example,
physical separation of teams and secure ling of client information;
• Providing policies and procedures to members of the engagement teams about
security and con dentiality;
• Entering into con dentiality agreements with the engagement team members;
• Notifying Books Limited that Henn and Associates has been approached by
Publish Limited to act as its external auditor;
• Notifying Publish Limited that Henn and Associates already acts as external
auditor of Books Limited;
• Notifying Books Limited and Publish Limited that a professional accountant
cannot act exclusively for one client;
• Obtaining consent from Books Limited and Publish Limited;
• Using separate engagement teams to conduct the audits of the two companies
in the same sector; and
• Reviewing the key judgements and conclusions to ensure that they are
appropriate by a senior individual not involved in the engagement.
Unless the threat can be eliminated or reduced suf ciently, Henn and Associates
should not accept the engagement of performing the external audit for Publish
Limited.
Note: In all the examples in section 2.6.6, it is assumed that the persons rendering external
audit services are not only RAs, but also professional accountants. As such, the SAICA Code
of Professional Conduct will apply to them (in addition to the IRBA Code of Professional
Conduct).
2.6.6.2 Professional appointment: Client and engagement acceptance
(section 320, paragraphs 320.3A1–320. 3A5)
In addition to carefully evaluating whether a new client can be accepted (i.e. whether this
creates threats to the fundamental principles), existing clients should be reviewed at least
annually to determine whether the relationship should be continued. Whether a client or
potential client is involved in, for example, illegal activities, dishonesty or questionable
reporting practices (identi ed by a professional accountant during a client evaluation), this
could create threats with the professional accountant’s compliance with the fundamental
principles of professional behaviour and integrity.
Factors relevant in evaluating the level of the threat include:

• Normal pre-engagement activities, including obtaining/updating knowledge and
understanding of the potential client (refer to Chapter 12); and
• Securing the client’s commitment to improve corporate governance practices and
internal controls within the entity (refer to Chapter 4).
EXAMPLE
Coffee Limited (‘Coffee’) contacted Temba and Associates (‘Temba’) with a
request to act as its external auditors. As part of the pre-engagement activities,
Temba obtained the following information about Coffee:
• The Competition Tribunal is currently investigating a price- xing charge in
relation to one of the divisions of Coffee. The charge has to do with the
application of a pricing formula and the exchange of information relating to
the pricing of a product with a competitor.
• Coffee is currently involved in court cases with the SA Revenue Service.
• In addition, there are allegations that Coffee is involved in illegal activities.
Will threats to the fundamental principles arise if this client is accepted?

If the allegations about the illegal activities, as well as the other investigations and
court cases, are true and the client is accepted, this will create self-interest
threats in respect of the integrity and professional competence and due care
principles. The threat to integrity arises because the auditor could be associated
with false information. The threat to professional competence and due care arises
because the auditor may nd it very dif cult, if not impossible, to comply with the
requirements of the auditing standards (e.g. should management lack integrity).
The signi cance of these threats must therefore be evaluated (e.g. are the staff
who were involved in alleged price- xing still in the employ of the company, and
what is their role in the management of the company?).
Safeguards that could be implemented are:

• Obtain a more detailed knowledge and understanding of Coffee’s business to
ascertain if the allegations are true;
• Obtain the management of Coffee’s commitment to implementing effective
corporate governance and sound internal controls; and
• Decline the audit engagement if it is found that the allegations are true or if the
probability is high that the allegations are true.
Having accepted the client, a self-interest threat to professional competence and due care
could arise when a professional accountant is not competent or experienced enough to
provide the service contracted or does not have enough time or resources to complete the
engagement timeously.
Factors relevant to evaluate the level of the threat include:

• Acquiring knowledge and understanding of the client’s business complexity of
operations and the requirements of the engagement (i.e. the purpose, nature and scope
of the work to be performed);
• Knowledge of relevant industries and experience of relevant regulatory or reporting
requirements;
• e existence of quality control policies and procedures when accepting engagements.
Safeguards that might be implemented:

• Assigning sufficient staff with the necessary competencies;
• Using experts (particularly relevant in today’s increasingly complex environment); and
• Agreeing on a realistic time frame for completing the engagement.
EXAMPLE
Media Proprietary Limited approached Sandiswa and Associates (‘Sandiswa’) to
provide a review engagement (refer to Chapter 16 for a detailed description of
this type of engagement). No one in Sandiswa is up-to-date on the requirements
of this type of engagement.
Discuss whether Sandiswa can accept the engagement.
The acceptance of an engagement without the necessary knowledge creates a
self-interest threat to professional competence and due care.
The threat will be signi cant, since nobody in the rm is aware of what a review
engagement entails – the risk of it being performed inadequately is high.
Safeguards that can be implemented to bring the threat to an acceptable level are:
• Inform Media Proprietary Limited that Sandiswa does not have knowledge to
perform the engagement and decline the engagement;
• Use an expert from outside of the rm who has the knowledge of how to
conduct review engagements; and
• Assign one or more staff time to gain an understanding of the requirements for
a review engagement.
2.6.6.3 Professional appointment: Changes in professional appointment

(section 320, paragraphs 320.4–320.8)
A professional accountant shall determine whether there are any reasons, professional or
otherwise, not to accept the engagement when he or she:
• has been asked to replace an existing (current) professional accountant;
• considers tendering for an engagement; or
• considers providing complementary work.
If a professional accountant were to accept an engagement before contacting the current

professional accountant and obtaining all the pertinent facts, this could create a self-
interest threat to professional competence and due care.
Examples of actions that might be safeguards include:

• Discussions with the current professional accountant to evaluate the signi cance of any
threat(s) and also identify suitable safeguards; and
• Obtaining information from other sources, such as inquiries of third parties and
background investigations of senior management.
e fundamental principle of con dentiality should, however, still be honoured when

changes in appointments occur and any information provided should be treated in the
strictest con dence. e incoming professional accountant will need the client’s
permission, preferably in writing, to initiate discussions with the current professional
accountant. All legal and other regulations should be complied with when communicating
with the current professional accountant. Also, the professional accountant who receives
requests to communicate information to the incoming professional accountant should
consider whether the client’s permission has been obtained and the legal and ethical
requirements related to such communication have been met. If the client refuses
permission for the incoming professional accountant to contact the current professional
accountant, the incoming professional accountant should decline the appointment, unless
there are exceptional circumstances. When providing information, this should be done
honestly and unambiguously.
If it is not possible to contact the current professional accountant, information can also
be obtained by other means, including enquiries from third parties and performing
background checks on the proposed client. However, the CPC stipulates that if the
professional accountant cannot reduce the threats to professional competence and due
care to an acceptable level, the engagement shall be declined.
When a professional accountant replies to the request of an entity to submit a tender
relating to services to be rendered by the professional accountant, permission to contact
the existing professional accountant should be requested from the entity.
For recurring client engagements, the professional accountant shall periodically review
whether to continue with the engagement.
When a professional accountant intends to use the work of an expert, the professional
accountant shall determine whether the use is warranted and needs to consider reputation
and experience of the expert, resources available to the expert and professional and ethical
standards applicable to the expert. is information may be gained from prior association
or by consulting with others.
EXAMPLE
Health Limited (‘Health’) had a disagreement with its current external auditors,
Stan and Associates, over the accounting treatment relating to the purchase of
a new subsidiary. Health asked Sisulu and Associates to take over the audit of
Health and not to contact Stan and Associates.
Can Sisulu and Associates accept the engagement?
A self-interest threat to professional competence and due care may be created if
Stan and Associates are not contacted.
The threat will be signi cant, as Health asked Sisulu and Associates not to
contact Stan and Associates and it will therefore be impossible to obtain all the
important information needed to make the decision about accepting the
engagement.

• Sisulu and Associates should obtain Health’s permission, preferably in writing,
to contact Stan and Associates;
• Stan and Associates should obtain Health’s permission, preferably in writing, to
provide relevant information to Sisulu and Associates;
• If Health gives permission, Sisulu and Associates have to enquire from Stan
and Associates whether there are any reasons, professional or otherwise, why
the rm should not accept the engagement; and
• If Health does not want to give permission to contact Stan and Associates, then
Sisulu and Associates should decline the engagement.
2.6.6.4 Second opinions (section 321)

A professional accountant could be asked to provide a second opinion on the application
of accounting, auditing, reporting or other standards or principles to a speci c set of
circumstances or transactions for an entity that is not an existing client. e professional
accountant should evaluate whether it is appropriate to provide the second opinion given
that this engagement could create a self-interest threat to professional competence and
due care and to professional behaviour.
When evaluating the level of the threat the circumstances surrounding the request and
the available facts and assumptions relevant to the expression of professional judgement
need to be considered.
Examples of actions that may be safeguards to address threats include:

• Contacting the existing professional accountant (with the client’s permission) to obtain
material information on the area on which the second opinion is to be provided;
• Informing the client of the limitations under which this second opinion is given; and
• Providing the existing professional accountant with a copy of the opinion.
If the professional accountant who is to provide the second opinion is not granted
permission by the client to contact the current professional accountant, the possibility of
providing the second opinion should the carefully considered.
EXAMPLE
Furnishings Group Limited (‘FG’) approached Kunene and Associates to provide a
second opinion on whether a material subsidiary should be consolidated or not.
The current external auditors of FG are of the opinion that the subsidiary should
be consolidated, whereas FG feels that consolidation is not necessary. May
Kunene and Associates accept this engagement and are there any steps they
can implement if they decide to accept the engagement?
The provision of a second opinion about the need to consolidate the subsidiary
can create a self-interest threat to professional competence and due care if it is
not based on the same facts as available to the current auditor in arriving at his or
her opinion.
The threat will be signi cant since a second opinion on the consolidation of a
material subsidiary is requested, which could possibly not be based on the same
facts as the rst opinion. This could result in the second opinion being factually
incorrect.
Steps that could be taken are:

• Obtain consent from FG to contact the current auditor to obtain material
information about the subsidiary;
• Contact the current auditor of FG and discuss all material information regarding
the subsidiary;
• Provide a copy of the second opinion to the current auditor of FG;
• Discuss any limitations regarding the opinion with the management team of FG;
and
• If FG refuses to allow its current auditor to be contacted, consider whether it is
appropriate to provide a second opinion on the consolidation of the subsidiary.
2.6.6.5 Fees and other types of remuneration (section 330)

e level and nature of fees and other remuneration arrangements might create a self-
interest threat to one or more fundamental principles.
2.6.6.5.1 Level of fees (section 330.3)

e level of fees quoted may impact the professional accountant’s ability to perform the
professional services in accordance to professional standards. e fact that a professional
accountant quotes a lower fee than another professional accountant is not in itself
unethical. However, the level of quoted fees creates a self-interest threat to professional
competence and due care if it would be difficult to perform the engagement at the
appropriate technical and professional standards given the available budget.
Factors relevant in evaluating the level of such threat include:

• Whether the client is aware of the terms of the engagement and the basis on which the
fees are charged and which services are covered; and
• Whether the level of the fee is set by a third party as a regulatory body.
Examples of actions that might be safeguards to address the self-interest threat include:
• Adjusting the level of the fees or scope of the engagement; and
• Having an appropriate reviewer to review the work performed.
EXAMPLE
The auditing rm, Anton and Associates, was recently founded. In order to
obtain audit clients, Anton and Associates quotes fees that are 50% lower than
those charged by other auditing rms. Is this permissible and, if not, can any
steps be taken to ensure the permissibility?
A self-interest threat for professional competence and due care will be created if
the quote is so low that it will be dif cult to perform the audit according to the
requirements of the International Standards on Auditing.
The threat will be signi cant, as a fee that is 50% lower than other auditing
rm’s fees is markedly lower, which may make it dif cult to perform the audit in
accordance with auditing standards.

• Making the client aware of the terms of the engagement, the basis on which
fees are calculated and which services are covered;
• Adjusting the level of the fees; and
• Having an appropriate reviewer to review the work performed.
If the above-mentioned safeguards cannot be implemented, the engagement

should not be accepted.
2.6.6.5.2 Contingent fees (paragraphs 330.4; 410.9 A1-410.12 A3)

Contingent fees are widely used for certain non-assurance engagements. Self-interest
threats to objectivity may be created in certain circumstances.
Factors relevant in evaluating the level of the threats may depend on:
• e nature of the engagement;
• e range of possible fee amounts;
• e basis for determining fees;
• Disclosure to intended users of the work performed by the professional accountant and
basis of remuneration;
• Quality control procedures;
• Whether the outcome of the transaction is to be reviewed by an independent third
party; and
• Whether the level of the fee is set by an independent third party.
Examples of actions that might be safeguards to address the self-interest threat:

• Having an independent third party review the work performed; and
• Obtaining advance written agreement with the client on the basis of remuneration.
Under no circumstances may contingent fees be charged for the preparation of an original
or amended tax return, owing to the unacceptable self-interest threat to objectivity that
arise in such situations.
EXAMPLE
Alwyn and Associates, a rm of professional accountants, provides a wide range
of services to its clients. Auditing services are provided to ve clients. The audit
fees are calculated as 5% of the clients’ pro t before tax for the year.
This basis is applicable to all clients.
Is the basis on which these fees are determined allowed?
• This type of fee is not allowed for assurance clients as it creates a self-interest
threat to objectivity.
• The threat will be signi cant, since the contingent fees are levied for assurance
engagements (audits).
• The threat is so signi cant that no safeguards will reduce the threat to an
acceptable level.
• The fee that is levied for the audit services must be calculated taking into
account, among other things, the time and experience of the persons working
on the audit.
2.6.6.5.3 Referral fees or commissions (paragraph 330.5)

If a professional accountant receives or pays a commission or a referral fee relating to
services offered to clients, this may give rise to self-interest threats to objectivity and
professional competence and due care. Such referral fees may include a fee paid to another
professional accountant for obtaining a new client, a fee received for referring a client to
another professional accountant or other expert, or a commission received from a third
party (e.g. software vendor) for the sale of goods or services to the client.
Examples of actions that might be safeguards to address such self-interest threat include:
• Obtaining prior agreement in writing from the client for the commission arrangements;
and
• Disclosing any referral fees or commission arrangements paid to or received from
another professional accountant or third party to the client and obtaining written
approval in advance.
2.6.6.5.4 Purchase or sale of a rm (paragraph 330.6)

A professional accountant may purchase all or part of another rm on the basis that
payments will be made to the individuals formerly owning the rm. Such payments are not
considered to be referral fees or commission.
EXAMPLE
Gumede and Associates (‘Gumede’) does not provide taxation services. Gumede
refers its clients requiring taxation services to Tiaan and Associates (‘Tiaan’).
For this referral, Tiaan pays 7.5% commission of the total fees charged for
taxation services provided for Gumede’s clients to Gumede.
Is this allowed according to the CPC?
The payment of commission to Gumede for taxation services provided creates a
self-interest threat to objectivity, professional competence and due care.
The threat will be signi cant, as it is a signi cant amount of remuneration
(commission) that will be received for the work referred.
The safeguards that can be implemented are:

• Obtaining advance agreement from the client for the commission arrangement;
and
• Disclosing to the client in advance, in writing, any arrangements to pay
commission for the work referred.
2.6.6.6 Inducements including gifts and hospitality (section 340)

Where a professional accountant in public practice (or his or her immediate family) is
offered gifts or hospitality by a client, a self-interest or familiarity threat to integrity,
objectivity and professional behaviour is created. An intimidation threat to objectivity is
created when the client threatens to make these offers public. A professional accountant
shall not offer or accept or encourage others to offer or accept any inducement from which
the professional accountant or an informed third party would be likely to conclude that it is
made to improperly in uence the behaviour of the recipient or other individual. e
professional accountant shall obtain an understanding of relevant laws and regulations
prohibiting the offering and acceptance of inducements and comply with them when
necessary. Refer to Figure 2.8 for the de nition of an inducement. e factors contained in
Figure 2.9 have to be considered to determine the actual or perceived intent behind the
inducement.
Inducements made with no intent to improperly in uence behaviour can still create
threats to the fundamental principles. Self-interest threats can be created where the
professional accountant is offered hospitality from a prospective acquirer of a client, while
providing corporate nance advisory services. Familiarity threats may be created if a
professional accountant regularly takes an existing or prospective client to sporting events.
Intimidation threats may be created if the professional accountant accepts hospitality
which could be perceived to be inappropriate were it to be publicly disclosed.
If the inducement is trivial and inconsequential the threats will be at an acceptable
level.
EXAMPLE
The nancial director of KL Limited (‘KL’) invited the lead engagement partner
on the external audit of KL and his wife to his exclusive game farm in Botswana
for a week-long stay. The nancial director also mentioned that the audit partner
would be allowed to hunt free of charge on the farm.
May the lead engagement partner accept this offer?
No, he may not accept the offer.

A self-interest threat and familiarity threat to independence will be created if
the offer is accepted.
The threat will be signi cant, as it will be a gift of signi cant value.
Safeguards that can be implemented include that the partner should tactfully
decline the offer.
2.6.6.7 Custody of client assets (section 350)

A self-interest threat to professional behaviour and objectivity may arise from holding
clients’ assets, while providing other professional services.
A professional accountant should only accept custody of clients’ assets if this is in terms
of applicable laws, such as the Financial Intelligence Centre Act 38 of 2001 (FICA), which
may require the client to provide proof of residence and identi cation before client assets
are accepted into custody of the rm. If the source of the asset is unknown, appropriate
enquiries should be made about the source of such assets. Inquiries about the source of the
assets might reveal that the assets were derived from illegal activities such as money
laundering. e professional accountant shall not accept or hold the asset and the
provisions of section 360 would apply.
2.6.6.7.1 Before taking custody

A professional accountant should not assume custody of client monies or other assets,
unless permitted to do so by law and, if so, should comply with any additional legal duties
imposed on him or her.
As part of client engagement acceptance procedures to take custody of a client’s assets the
professional accountant shall:
• Make inquiries into the source of the assets; and
• Consider related legal and regulatory requirements such as the Financial Intelligence
Centre Act 38 of 2001 (FICA), which may require the client to provide proof of residence
and identi cation before client assets are accepted into custody of the rm.
2.6.6.7.2 After taking custody

A professional accountant entrusted with money or other assets shall:
• Comply with the laws and regulations relevant to holding and accounting on assets (e.g.
FICA);
• Keep the assets separate from personal and rm assets;
• Use the assets only for the purpose intended; and
Be ready at all times to account for the assets and any income, dividends or gains
• generated to any entity or individuals entitled to that information.
For all client monies which the professional accountant controls or is liable to account for:
• e professional accountant shall not refer to such monies as being ‘in trust’ or in a
‘trust account’ as this could be misleading;
• Separate bank accounts have to be opened at an institution that is registered in terms of
the Banks Act 74 of 1990;
• e accounts have to be appropriately named to distinguish them from the rm’s
normal business accounts or a speci c account named and operated per relevant client
(e.g. ABC’s Client Account or John Smith account);
• e client’s monies have to be deposited into the appropriate bank account without
delay;
• e professional accountant shall maintain such records to ensure that the money can
be readily identi ed as the property of the client (e.g. detailed bookkeeping to supply
client with analysis of the account);
• e professional accountant shall perform a reconciliation between the designated
bank account and the client’s monies ledger accounts; and
• Client monies should not be held inde nitely unless speci cally allowed by regulations.
For property other than money in his or her custody the professional accountant should:
• Not refer to such assets as being ‘in trust’ or in a ‘trust account’ as this could be
misleading.
• Maintain such records to ensure that the client’s assets can be readily identi ed as the
property of the client; and
• For documents of title, the professional accountant should make arrangements to
safeguard the documents against unauthorised use.
e professional accountant should take appropriate measures to protect the client’s

assets. Examples of such measures include:
• Utilising umbrella accounts with sub-accounts for each client;
• Opening separate accounts with power of attorney if client monies are kept for a long
period;
• Consider if the rm’s indemnity and delity insurance is sufficient; and
• Where a formal engagement letter is entered into, the risks and responsibilities should
be addressed in the engagement letter.
For audit or assurance clients, a professional accountant may not accept custody of these
client’s assets, unless the threat to independence can be eliminated or reduced to an
acceptable level.
EXAMPLE
Opera Limited (‘Opera’) handed a cheque in the amount of R500 000 to Xolani
and Associates (‘Xolani’), a rm of professional accountants, to purchase a
property on Opera’s behalf. Xolani deposited the money into Xolani’s money-
market account.
Is the way the money was treated acceptable according to the CPC? If not, list
any steps that could be taken to make it appropriate.
No it is not appropriate, as a self-interest threat to objectivity and professional

behaviour will be created if the client’s cheque is accepted and deposited into the
money-market account of Xolani.
The threat will be signi cant, as the cheque is not treated in the manner
required by the CPC.
Safeguards that can be implemented:

• The cheque must be deposited without delay:
• In an account that is recognised in terms of the Banks Act;
• The account must be separate from Xolani’s business account; and
• The account must be appropriately named (e.g. Opera Limited Account).
• Xolani must be ready to account for the income earned on the account at any
time;
• All laws and regulations must be met in terms of the money received; and
• The money must always be used only for the purpose for which it was intended
(the purchase of a property).
2.6.6.8 Responding to non-compliance with laws and regulations

(NOCLAR) (section 360)
Refer to Figure 2.10 for the de nition of NOCLAR. If a professional accountant becomes
aware of NOCLAR when providing professional services, a self-interest or intimidation
threat is created to integrity and professional behaviour. NOCLAR is applicable to laws and
regulations generally recognised to have an effect on the determination of material
amounts and disclosures in the client’s nancial statements, as well as other laws and
regulations which may be fundamental to the operating aspects of the employer’s business,
its ability to continue business or to avoid material penalties. NOCLAR can be committed
by a client, those charged with governance at the client, management of the client or other
individuals working for or under the direction of the client. Refer to Figure 2.11 for
examples of laws and regulations that could be transgressed. Non-compliance might result
in nes, litigation or other consequences for the client, could potentially material affect its
nancial statements, and may have wider public interest implications of potential harm to
investors, creditors, employees or the general public. Examples include fraud resulting in
substantial nancial losses, breaches of environmental laws and regulations endangering
health and safety of employees or the public. Refer to Figure 2.12 for actions required. In
exceptional circumstances immediate disclosure to the appropriate authority may be
required.
A distinguishing mark of the accounting profession is the acceptance of the responsibility

to act in the public interest. When responding to NOCLAR the objectives of the
professional accountant are:
• To comply with the principles of integrity and professional behaviour;
• By alerting management or those charged with governance of the client to seek to:
• Enable them to rectify, remediate or mitigate the consequences of NOCLAR; or
• Deter the NOCLAR if it has not yet occurred; and
• To take such further action as appropriate in the public interest.
EXAMPLE
Riaan Ernst is a professional accountant (SA) working as a tax practitioner. He
was approached by Fil Proprietary Limited (‘Fil’) to help to get their tax affairs in
order. While performing his duties, he noted that certain of the tax returns led
with the SA Revenue Service (SARS) were incorrectly completed (resulting in an
understatement of the company’s tax liabilities). This resulted in Fil still owing
SARS more than R2 million (additional to the taxes already paid).
Discuss whether there are any actions that Riaan Ernst should take with
reference to the CPC.
• Riaan Ernst must consider whether the inaccurate tax returns constitute a
possible NOCLAR.
• It is an action
• By the management of Fil
• It is contradictory with the Income Tax Act 58 of 1962
• It does constitute a possible NOCLAR.
• Riaan Ernst must investigate the matter further to obtain a better
understanding of the matter.
• Riaan Ernst must discuss the matter with management and those charged with
governance of Fil.
• If the tax act transgressions have taken place, Riaan Ernst must inform
management that it constitutes a NOCLAR and that the matter should be
recti ed and reported.
• If a NOCLAR exists, a self-interest or intimidation threat is created to integrity
and professional behaviour.
• If tax act transgressions have taken place and management does not do
anything about it:
• Riaan Ernst should discuss the matter with the audit rm’s engagement
partner;
• Riaan Ernst could consider getting legal advice;
• Riaan Ernst should consider reporting the matter to the relevant authority (in
this case the SA Revenue Service); and
• Riaan Ernst could consider resigning.
• Riaan Ernst must document the following:
• The NOCLAR matter;
• Signi cant judgement and conclusions made;
• Discussions with management and how they reacted; and
• Further actions to consider and decisions made by Riaan Ernst.
2.6.7 International Independence Standards (Part 4)

When providing professional services, the professional accountant in public practice must
determine whether there are any threats to the accountant’s independence. Independence
is linked to the principles of objectivity and integrity, and comprises independence in
mind and independence in appearance.
2.6.7.1 Independence
e section on independence in the CPC is divided into two areas:
• Section 4A: Independence – Audit and Review Engagements; and
• Section 4B: Independence: Other Assurance Engagements.
Both independence sections are divided into various subsections and there are certain
considerations that the professional accountant has to take into account when determining
the signi cance of threats.
Note that this text includes only selected examples from section 4A of the CPC. Readers are
encouraged to read these thoroughly themselves to gain an understanding of the whole
range of examples included in the CPC.
e CPC also imposes additional requirements for audit clients that are public interest
entities (e.g. listed companies), which result in even stricter independence requirements
for the audits of such entities. is approach is followed in the CPC because the audited
nancial statements of public interest entities have a greater public interest, and because of
the greater adverse repercussions if the audit opinion expressed on a public interest entity’s
nancial statements is inappropriate. For more on this, read paragraphs 400.8 of the CPC,
as well as all those paragraphs in section 4A headed by ‘Audit Clients that are Public
Interest Entities’.
2.6.7.2 Breaches of independence

Breaches relate to breaches to the code that have already occurred as opposed to
implementing safeguards to prevent the breach from occurring. An example of this is when
a professional accountant has already accepted a signi cant gift from the client. Refer to
Figure 2.16 for actions required when breaches of independence occur.
Figure 2.16: Actions required for breaches of independence
2.6.7.3 Relative size of fees (paragraph 410.3)

Self-interest and intimidation threats to independence are created if the fees from an audit
client represent a large portion of the revenues of the auditing rm or the individual
partner or one office. When determining the signi cance of the threats, the following
should be considered:
• e operating structure of the rm, for example the number of partners or directors in
the auditing rm;
• Whether the rm is new or established; and
• e signi cance and extent of the client’s fees in relation to the rm’s total revenues.

• Reducing the dependency on the particular audit client by increasing the client base;
and
• Engagement quality control reviews on audit work. e reviews should be undertaken
by a rm that is not performing the audit.
EXAMPLE
Mnunu Auditors (‘Mnunu’) is a medium-sized auditing rm. The audit fee of one
of the rm’s clients, Loophole Proprietary Limited (‘Loophole’), constitutes a
large portion of the current year’s fees generated by one of the partners of
Mnunu.
Discuss the resulting threats in terms of the CPC.
If the audit fee of one of the audit clients constitutes a material part of the audit
fees earned by one partner, it will create a self-interest and intimidation threat to
independence (paragraph 410.3A4).
The threat will be signi cant as the partner could be over-reliant on the fees of
that client.
Actions to take as safeguards to implement include:

• Reducing the dependency on the fees of Loophole by accepting more audit
clients; and
• Performing an engagement quality control review on the audit work undertaken
for Loophole.
2.6.7.4 Overdue fees (paragraph 410.7)

Self-interest threats to independence could be created if fees that are due by an audit client
are not settled before the auditor’s report for the following year is issued. e auditing rm
should determine whether the overdue fees should not be regarded as a loan to the client
(refer to section 2.6.7.8 of this chapter, where loans between auditors and clients are
discussed).
Examples of actions that might be safeguards are:

• Obtaining partial payment of overdue fees; and
• Having an additional professional accountant who was not on the audit team review the
audit work performed.
2.6.7.5 Gifts and hospitality (section 420)

Accepting gifts and hospitality from an audit client might create a self-interest, familiarity
or intimidation threat.
A rm, network rm or audit team member shall not accept gifts and hospitality from
an audit client, unless the value is trivial and inconsequential.
2.6.7.6 Actual or threatened litigation (section 430)

Self-interest and intimidation threats to independence could be created if litigation takes
place between the auditing rm or a member of the audit team and the audit client.
Factors that are relevant in evaluating the level of such threat include:
• e materiality of the litigation; and
• Whether the litigation relates to a prior audit engagement.
An example of an action that might be a safeguard is having a quality control review on the
audit work performed.
2.6.7.7 Financial interests in clients (section 510)

Financial interests may include direct or material indirect nancial interest in the client
held by a member of the audit team, immediate family members of audit team members,
or the auditing rm. Financial interests include the owning of shares and collective
investments (e.g. unit trusts) invested in audit clients. e holding of nancial interests in
clients may create a self-interest threat to independence.
When determining the level of the threats, the professional accountant should consider:
• e role of the person holding the interest;
• Whether it is a direct or indirect interest; and
• e materiality of the interest.
Examples of actions that might eliminate the threat are:

• Selling of the direct nancial interest or selling a sufficient portion of the material
indirect nancial interest to make it immaterial to the professional accountant or his or
her close or immediate family members;
• Having another professional accountant review the work performed by the professional
accountant with the interest; and
• Removing the individual who is faced with self-interest threats from the audit team.
EXAMPLE
Ria Limited (‘Ria’) appointed Funeka and Associates as its external auditor. The
audit engagement partner assigned is Ms Funeka. She has a material
shareholding in Ria Limited. Is it appropriate that Ms Funeka is the audit
engagement partner?
The direct nancial interest in Ria creates a self-interest threat to independence.
The threat is signi cant, as the holding is material.
Actions that could be taken to eliminate the threat are the following:
• Ms Funeka will only be allowed to be the audit engagement partner if she sells
her shareholding in Ria; or
• Ms Funeka must be removed from the audit of Ria and another engagement
partner appointed.
2.6.7.8 Loans and guarantees (section 511)

No threat to independence arises from a loan or a guarantee that is made to a member of
the assurance team under the normal lending terms and conditions from an audit client
that is a nancial institution.
A loan from an audit client that is a nancial institution to an auditing rm that is made
under the normal lending terms and conditions, but which is material to either the audit
client or the auditing rm, will create a threat, but it will be possible to apply safeguards.
e following will create signi cant self-interest threats to independence for which no
safeguards will be able to reduce the threat to an acceptable level:
• When an auditing rm, or member of the audit team or his or her immediate family
member, accepts a loan or a borrowing guarantee from an audit client that is not a
nancial institution.
• When the auditing rm, or member of the audit team or his or her immediate family
member, makes or guarantees a loan to an audit client or any director or officer of the
audit client.
An auditing rm, or member of the audit team or his or her immediate family member,
may only accept (make) a loan or guarantee by (to) an audit client that is not a bank if the
loan or guarantee is immaterial to the auditing rm or to the client.
EXAMPLE
Best Bank (‘Best’) is an external audit client of Sarah and Associates. Mrs
Sarah, the engagement partner assigned to the audit of Best, obtained a home
loan from Best under the normal lending terms offered to all of the bank’s
clients.
Will the loan provided create a threat to Mrs Sarah’s independence?
No threat will be created as the loan is made under the normal lending terms
offered to all clients of Best, which is a nancial institution.
EXAMPLE
Marketing Limited (‘Marketing’) is an external audit client of Jonono and
Associates (‘Jonono’). Jonono agreed to provide a sizeable loan to Marketing to
nance the company’s expansion. Interest at market-related rates will be
charged on this loan.
Is Jonono allowed to provide this loan?
Jonono cannot provide this loan, as it will create a self-interest threat to the rm’s
independence. The threat will be signi cant, because the auditing rm is providing
a material loan to an audit client. The threat will be so signi cant that no
safeguards will reduce the threat to an acceptable level.
The way forward: The loan should not be provided to Marketing, or Jonono
should resign as Marketing’s external auditors.
2.6.7.9 Business relationships with clients (section 520)
Unless a business relationship is insigni cant to the rm and the client, the self-interest
and intimidation threats to independence created will be signi cant. e relationship
should not be entered into or should be reduced to an insigni cant level. If this cannot be
achieved, it should be terminated or the audit team member involved should be removed
from the audit team.
EXAMPLE
Mr Peter is an audit partner at Peter & Smit and Associates (‘Peter & Smit’). Mr
Peter wants to start marketing the accounting software package developed by
Up Proprietary Limited, one of the rm’s audit clients, to the rm’s other clients
in exchange for a fee.
Will Mr Peter be allowed to start to market the accounting software?
No, Mr Peter will not be allowed to market the accounting software to other clients.
If Mr Peter markets the products of the audit client of Peter & Smit, a signi cant
self-interest threat to independence will be created.
The threat will be so signi cant that no safeguard will reduce the threat to an
acceptable level. Therefore, this marketing initiative should not be undertaken.
2.6.7.10 Family or personal relationships with clients (section 521)

Family and personal relationships between a member of the audit team and a director,
officer or certain employees at the client may create self-interest, familiarity and
intimidation threats to independence.
Factors that are relevant in evaluating the level of the threat include:
• Position of person at client; and
• Role of the member in the audit team.
Examples of actions that might be safeguards that can be implemented include:

• Removing the individual with the relationship from the audit team; or
• Structuring the responsibilities of the audit team such that the member of the team with
the relationship does not deal with matters that are the responsibility of the related staff
member at the client.
EXAMPLE
Darnell and Associates (‘Darnell’) is the external auditor of Malik Proprietary
Limited (‘Malik’). Mr Tyron is a rst-year trainee accountant at Darnell. Mr
Tyron’s father is the nancial director of Malik.
Can Mr Tyron be assigned as a member of the external audit team of Malik?
No, Mr Tyron cannot be on the external audit team of Malik. If he is on the audit
team, it will create self-interest and familiarity threats to independence. The
threats will be signi cant, as Malik is an audit client of Darnell and Mr Tyron’s
father is the client’s nancial director responsible for the preparation of the
nancial statements subject to audit by the audit team.
2.6.7.11 Recent service with an audit client (section 522)

Self-interest, self-review and familiarity threats to independence could arise if a member of
the audit team recently worked as a director, officer or employee of an audit client and
exerted signi cant in uence in areas related to the nancial statements.
When determining the signi cance of the threat, the following should be considered:
• e position that the person held at the client;
• e length of time that has elapsed since the person left the employ of the client; and
• e role of the person in the audit team.
Actions that may be regarded as safeguards include:

• Removing the individual from the audit team; and
• Reviewing the work performed by that individual as a member of the audit team.
EXAMPLE
Ms Lindelwa joined the auditing rm Natasha and Associates (‘Natasha’) four
months ago. Natasha wants to assign Ms Lindelwa as the audit engagement
partner of Reya Limited (‘Reya’). Ms Lindelwa is highly competent and very
knowledgeable of Reya’s affairs, as she was the nancial manager at Reya
before joining Natasha.
Discuss whether the assignment of Ms Lindelwa will be in accordance with the
CPC.
Self-interest, self-review and familiarity threats to independence will arise if Ms
Lindelwa is allowed to be the engagement partner on Natasha’s audit.
The threat will be signi cant, as she was the nancial manager at Natasha
previously (until joining Natasha four months ago) and will now be the engagement
partner on the audit of Natasha, in which position she may have to review
information that she prepared as nancial manager.
A safeguard that could be implemented is to not assign Ms Lindelwa as the
engagement partner responsible for the audit of Natasha.
2.6.7.12 Serving as director or officer of an audit client (section 523)

Serving as a director or officer of an audit client creates self-interest and self-review threats.
e Code forbids an employee or partner of an auditing rm from acting as an officer or
director of an audit client. An employee or partner of an auditing rm shall not serve as
company secretary for an audit client of the rm, unless management makes all the
decisions and duties are limited to routine and administrative tasks.
2.6.7.13 Employment with an audit client (section 524)

Former partner or member of the audit team joins an audit client
Familiarity and intimidation threats to independence could be created if a member of the
audit team or a partner at the rm joins the client as a director, officer or employee who
can exert signi cant in uence over the nancial statements.
When determining the signi cance of the threats, the following factors should be
considered:
• e position of the former audit rm employee at the client;
• e former position of the employee on the audit team;
• e involvement of the former audit rm employee with the audit team; and
• e length of time that has elapsed since the former audit rm employee left the employ
of the rm.

• Modifying the audit plan for the audit;
• Assigning individuals with sufficient expertise to the audit team; and
• Having an appropriate reviewer review the work of the former member of the auditing
team.
EXAMPLE
Maurice and Associates (‘Maurice’) is the external auditor of Xavier Limited
(‘Xavier’). Mrs Alexus, previously a partner of Maurice, accepted a position as
nancial director of Xavier six months ago.
Will Maurice be still be allowed to be the external auditor of Xavier?
If Maurice were to continue as the external auditor of Xavier, it would create
familiarity and possible intimidation threats to independence.
The threats will be signi cant, as a former partner of Maurice is the nancial
director at Xavier and will be involved in the audit process of Xavier. It has only
been six months since she joined Xavier.
Safeguards that can be implemented are having an engagement quality control
review performed on the audit and assigning individuals to the team with suf cient
expertise. Moreover, Mrs Alexus should also no longer be involved with any
activities of Maurice.
An audit team member enters into employment negotiations with audit client
A self-interest threat to independence could be created if a member of the audit team
participates in the audit engagement while knowing that he or she might join the client in
the foreseeable future. Firm policies should be implemented that require the member of
the audit team to notify the rm when he or she enters into employment negotiations with
an audit client.
An action that might be a safeguard is removing the individual from the audit team.
EXAMPLE
Ms Jasmin is a third-year trainee accountant working at the auditing rm of
Allison and Associates (‘Allison’). She is currently assigned to the audit of
Precious Proprietary Limited (‘Precious’). Precious approached Ms Jasmin to
become the nancial manager at Precious after completion of the audit.
What steps must Ms Jasmin and Allison take?
A self-interest threat to independence would be created. The threat will be
signi cant, as Ms Jasmin, a member of the audit team, is being offered a position
as the nancial manager at Precious and would therefore be under pressure not to
act in a way that could jeopardise the offer.
Ms Jasmin should inform Allison when entering serious employment
negotiations.
Allison, upon being noti ed of this, should remove Ms Jasmin from the audit
team.
2.6.7.14 Temporary staff assignments (section 525)

e secondment of staff by an auditing rm to an audit client may create self-review,
advocacy or familiarity threats to independence. It may be acceptable if the secondment is
only for a short period of time and if the staff of the auditing rm is not involved in
management activities or non-assurance services to the audit client that would be
otherwise prohibited. Circumstances may arise in such secondments that the rm
becomes too closely aligned with the audit client, and it would be preferable not to provide
the secondment at all.

• Additional review of the work performed by the seconded staff;
• Not giving the seconded staff member audit responsibility for any function performed
by him or her during the secondment; and
• Not including the seconded staff on the audit team.
EXAMPLE
Mr Scott is a third-year trainee accountant at Bradley and Associates
(‘Bradley’). He assisted George Proprietary Limited (‘George’), an external audit
client of Bradley, for one month of the current nancial year by standing in for
the nancial manager while she was in hospital.
Can Mr Scott be assigned to the team to audit George? What safeguards must
be implemented by Bradley while Mr Scott is seconded to George?
No, Mr Scott cannot be on the audit team of George. This will create self-review,
familiarity and possible advocacy threats to independence. Additional safeguards
will be that Mr Scott during his assignment cannot be involved in any management
activities and must not take any management decisions at George.
2.6.7.15 Long association of senior personnel with an audit client (section

540)
A familiarity threat to independence could be created if the same person has been on the
audit team of a client for a long period of time, thereby becoming too familiar with senior
management of the client or with the nancial statements on which the rm will express
an opinion, or the nancial information forming the basis of the nancial statements. A
self-interest threat may be created as a result of the audit team member’s concern about
losing the longstanding client or the team member’s interest in maintaining a close
relationship with a member of senior management at the client. Such a threat might
in uence the judgement of the audit team member unduly.
e factors that are relevant in evaluating the level of the threats include:
• e length of time that the individual has been on the team;
• e role of the individual on the team;
• e extent to which the individual’s work is directed, reviewed or supervised;
• e extent to which the individual can in uence the outcome of the audit;
• e closeness and nature, frequency and extent of the personal relationship with senior
management;
• e nature of complexity of the client’s accounting and nancial reporting issues; and
• Any recent changes in senior management or structure at the client.
Actions that might be safeguards are:

• To rotate senior staff off the engagement team (the Companies Act (section 92) requires
that the engagement partner rotates off after ve years);
• Changing the role of the individual on the audit team;
• Having a professional accountant who is not on the engagement team review the work
of the senior personnel; and
• Regular independent internal or external quality reviews of the engagement.
For audits of public interest entities an individual may not act in the following roles for
more than seven cumulative years:
• Engagement partner;
• Individual responsible for quality control on the engagement; and
• Any other key audit partner role.
EXAMPLE
Mr Eon has worked as an audit partner at Ananas and Associates, a small
auditing rm, for the past 20 years. He has been the lead engagement partner
on the audits of some of his clients for more than 10 years.
Discuss this in terms of the CPC.
Since Mr Eon has been the lead engagement partner on the audits of some clients
for a signi cant period of time (longer than 10 years), the threat would be
signi cant. A familiarity threat to independence may result in Mr Eon being loath to
engage with the management of clients about issues identi ed during their audit
for fear of jeopardising the friendships that have developed over the years.
Moreover, he may have become too close to the clients to be able to view
misstatements in the nancial statements objectively (i.e. with an open-minded
perspective).
The following safeguards can be considered to reduce the threats to an acceptable

level:
• The audit of those clients must be rotated to another engagement partner; and
• Regular independent internal or external quality reviews should be performed.
2.6.7.16 Provision of non-assurance services to audit clients (section 600)

reats to independence could be created when non-assurance services are provided to
audit clients. ere is a wide range of non-assurance services that could be provided to
audit clients. While sections 601–610 of the CPC provide a detailed discussion of these, this
text only deals with the general (overall) provisions. Readers should thus consult the
sections of the CPC identi ed above for the details of the threats and safeguards regarding
speci c non-assurance services.
e factors that are relevant to assessing the level of the threats created include:
• Type of client (whether it is an audit client or not and whether the client is a public
interest entity);
• Type of non-assurance service to be provided to the client (e.g. taxation services);
• Who provides the non-assurance service (whether the person is on the audit team or
not);
• e extent to which the non-assurance service impacts on the accounting system,
internal control system or nancial statements (e.g. valuation services will have a direct
in uence on the gures re ected in the nancial statements); and
• e level of expertise of the client’s employees with respect to the service provided (e.g.
the client’s staff may have no expertise in relation to IT systems and IT consulting
services are provided).
If an auditing rm provides non-assurance services that involve assuming management

responsibilities at an audit client, the self-interest and self-review threats to independence
created would be so signi cant that no safeguards can reduce them to an acceptable level
and only one of the engagements (i.e. the audit or the non-assurance service) should be
accepted (or continued) by the auditing rm.
Actions that might be considered as safeguards include:

• Excluding the person performing the non-assurance services from the audit team; and
• If the person is on the audit team, a senior staff member with appropriate experience
and who is not on the audit team should review the work of that person.
In considering the acceptability of rendering non-assurance services concurrently with the

audit, it is important to note the requirements of section 90(2) of the Companies Act, which
prohibits certain non-assurance services (e.g. bookkeeping and certain company
secretarial services) being rendered if the audit is required by statute (i.e. in terms of the
Companies Act, Companies Regulations or the company’s Memorandum of
Incorporation).
REFLECTION
After reading section 90(2) of the Companies Act, answer the following question:
Are any other non-assurance services prohibited for statutory audit clients?
In determining the acceptability of rendering non-assurance services with the audit,

especially for public interest entities that have an audit committee, the requirements of
section 94 of the Companies Act must also be taken into account.
e audit committee (if it exists) must:

• Determine the nature and extent of any non-audit services that the auditor may or must
provide to the company; and
• Pre-approve any proposed agreement with the auditor for the provision of non-audit
services.
is means that even though it may be legal to provide a particular non-assurance service
to a client, and the auditor does not identify any unacceptable threats to independence, the
rendering of this service may still be disallowed by the audit committee as the independent
directors serving on this committee believe that it will jeopardise the independence of the
auditor in fact or in appearance.
EXAMPLE
Small auditing rms are often in the situation where they provide a
comprehensive range of accounting and auditing services to sole proprietors and
partnerships. Are they allowed to render these services?
Rendering a comprehensive range of accounting and auditing services to these
audit clients will create a self-review and threat, threat to independence (section
601).
Rendering accounting services to these audit clients will create a signi cant
threat, as accounting information that is vital to the audit is being prepared by the
rm auditing this information.
Since the audit clients are not companies, safeguards can be implemented to
reduce the threats to an acceptable level. (Had they been companies, section
90(2)(b) of the Companies Act would prohibit the rendering of the accounting
service concurrently with the audit – unless the audits were undertaken voluntarily,
i.e. undertaken in terms of a resolution of the shareholders or directors.)
Safeguards include:
• Staff members who render the accounting services must not be assigned to the
audit team;
• Having policies and procedures in the rm that prohibit such staff members
from making management decisions on behalf of the client; and
• The client should approve journal entries or any changes made to the nancial
statements by the auditing rm staff.

According to ISA 200.14, when conducting an audit of nancial statements, the auditor
shall comply with relevant ethical requirements, including those relating to independence.
is means that ethical requirements, such as those embodied in the CPC, have to be
adhered to by the audit team throughout the audit process.
e Audit Process Overview Diagram was introduced in Chapter 1. During the pre-
engagement activities stage, for instance, the auditor has to identify and evaluate threats to
objectivity (independence) in deciding whether or not to accept the client and audit
engagement. roughout the audit process, any information that could create threats to
the fundamental ethical principles has to be taken into consideration and acted upon. is
is as ISA 220.9 speci cally imposes an obligation on the audit engagement partner to
remain alert for evidence of non-compliance with the ethical requirements by the
members of the audit team. If such actions are identi ed, the engagement partner must
ensure that appropriate action is taken. Refer to Figure 2.17.
Figure 2.17: Ethics in the audit process
1. De ne and explain the concept of ethics. (LO 1)
2. State where in the audit process the ethical requirements have to be considered. (LO 2)
3. Explain why professions have codes of ethics. (LO 1)
4. What is the difference between a principles-based approach to ethics and a rules-

based approach to ethics? Which is preferable, and why? (LO 3)
5. What ethical codes and rules are applicable to external auditors in South Africa? (LO 4)
6. Which actions constitute prohibited actions for an external auditor in South Africa?
(LO 4)
7. Brie y describe the disciplinary processes of the IRBA and SAICA. (LO 5)
8. Identify and describe the steps to be followed in the conceptual framework approach
to ethics. (LO 6)
9. List the ve fundamental principles of the SAICA Code of Professional Conduct that
should be adhered to by professional accountants. (LO 6)
10. Explain the fundamental principle of con dentiality. (LO 6)
11. Below are three columns that contain information regarding situations the
professional accountant may encounter. e situations are listed in column A. e
threats that these situations may cause are listed in column B. e fundamental
principles that could be threatened are listed in column C. Link the three columns
with each other by writing for each situation in column A, the letter of the
corresponding threat from column B and the number of the relevant fundamental
principle from column C. (LO 6 & 7)
COLUMN A COLUMN B COLUMN C
11.1 Susan Human is the nancial a) Self-interest 1. Professional

manager of Cumalu Limited. She threat competence
has resigned after being offered a and due care
position as audit manager at Botha
Inc., an auditing rm. Botha Inc.
has recently been appointed as
the external auditor of Cumalu
Limited. Susan will be assigned to
this audit owing to her knowledge
of Cumalu Limited.
COLUMN A COLUMN B COLUMN C
11.2 Smit and Goosen, an auditing rm, b) Familiarity 2. Objectivity

has recently been appointed as threat
the external auditor of Bealer Steel
Limited. The nancial director of
Bealer Steel Limited is very
aggressive and dismissive of the
auditing function.
11.3 Shani King, a partner in an c) Intimidation 3. Con dentiality

auditing rm, has recently been threat
appointed as the partner
responsible for the external audit
of Accuracy Limited. Shani’s
husband, Joseph, owns 20% of the
shares of Accuracy Limited.
11.4 The nancial manager of Peer d) Self-review 4. Professional

Limited was so impressed with the threat behaviour
speed with which the external
audit was conducted that he
offered an all-expenses paid trip to
the Kruger National Park for all
audit team members and their
spouses.
11.5 Autotel Limited, an external audit e) Advocacy threat 5. Integrity

client of Le Roux and Jordaan,
offered Sebastiaan Joubert a job
after the conclusion of the current
year’s audit. Sebastiaan is the
audit manager on the Autotel
Limited audit.
11.6 Zolani Xulu, a senior trainee

accountant at Audit Inc., prepared
the 20X1 nancial statements for
OPP Limited. Zalani Xulu will be the
senior on the audit team during
the 20X1 audit of OPP Limited.

12. A professional accountant who fails to perform professional duties in accordance with
relevant standards is acting contrary to which one of the following fundamental
principles? (LO 6)
a) Professional competence and due care
b) Integrity
c) Objectivity
d) Con dentiality
e) Professional behaviour
13. Which of the following will create a threat to integrity: (LO 7)

a) Performing both assurance and non-assurance services at a client
b) Disclosing information which was obtained from a client to a third party
c) Completing a tax return knowing that the information used to complete the tax
form contains false information
d) Receiving a fully paid holiday from a client
14. Which of the following will create a familiarity threat? (Only one option is possible.)
(LO 7)
a) Owning shares in the audit client
b) Receiving sporting event tickets from a client
c) Having a family member working at the client
d) Performing auditing and accounting work for a client
For questions 15 to 19, indicate whether the statement is true or false:

15. e following would all create threats to independence: (LO 7)
a) Establishing a business relationship with an audit client
b) Accepting a fully paid holiday from an audit client
c) Owning shares in an audit client
d) Receiving a loan from an audit client, which is a bank, at an interest rate lower
than that offered to the general public
16. e following would all create a self-review threat: (LO 7)

a) Testifying in a court case on behalf of an audit client
b) Selling shares on behalf of an audit client
c) An audit client threatens you with litigation
d) Implementing a new accounting system for a client and performing the audit of
the client
17. Mr Wilson is the audit manager in charge of the audit of Tuscany Limited and his wife
is a material shareholder of Tuscany Limited. Mr Wilson will be allowed to be the audit
manager on Tuscany Limited if his wife sells her shares in Tuscany Limited. (LO 7)
18. e IRBA has its own Code of Professional Conduct. (LO 8)

19. e SAICA Code of Professional Conduct promotes a conceptual framework to which
professional accountants must adhere. (LO 6)
1 CFO.com 20/09/2016 [Online]. Available: http://ww2.cfo.com/regulation/2016/09/ey- ned-9m-auditor-intimacy-

clients [Accessed July 2018].
2 Business Day. 04/07/2017. [Online]. Available: https://www.businesslive.co.za/bd/national/2017-07-04-registration-
of-kpmg-at-risk-over-gupta-audit. [Accessed 27 March 2018]. Copyright Tiso Blackstar Group Limited All rights
reserved.
3 Moneyweb. 13/04/2018. [Online]. Available: https://www.moneyweb.co.za/news/south-africa/inside-irbas-deloitte-
disciplinary-hearings/ [Accessed August 2018]. Printed with permission of Moneyweb.
4 Business Insider 16/4/2018. [Online]. Available: https://www.businessinsider.co.za/sipho-malaba-and-dumi-
tshuma-quit-kpmg-amid-the-vbs-investigation-2018-4. [Accessed April 2018]. Copyright © 2018 Business Insider Inc.
Part of Media24.
5 Eyewitness News 19/04/2018. [Online]. Available at: http://ewn.co.za/2018/04/19/reserve-bank-says-continues-to-
meet-with-kpmg-following-vbs-bank-scandal. [Accessed April 2018].
6 Velasquez, M., Andre, C., Shanks, T., Meyer, SJ., Meyer, MJ. What is ethics. [Online]. Available:
http://www.scu.edu/ethics/practicing/decision/whatisethics.html; Dictionary reference. [Online]. Available:
http://dictionary.reference.com/browse/ethics [Accessed 19 March 2013].
7 [Online.] Available: http://dusk2.geo.orst.edu/ethics/papers/Davis_ rst_code_of_ethics.pdf
8 Ethics. [Online]. Available: http://www.ethics.org/resource/why-have-code-conduce [Accessed May 2012].
9 [Online]. Available: http://www.ethics.org.au/faq/whats-difference-between-code-ethics-and-code-conduct
10 News hour. [Online]. Available: http://www.pbs.org/newshour/bb/business/enron/player6.2.html [Accessed May
2012].
11 SolePurposeTest. [Online]. Available: https://www.solepurposetest.com/news/two-smsf-auditors-disquali ed-
independence [Accessed July 2018].
12 Accounting Weekly. [Online]. Available: https://accountingweekly.com/former-kpmg-partners-arrested-leaking-
con dential-information-regulator [Accessed July 2018].
13 Quintal, G., Hosken, G. KPMG’s ngerprints all over the Gupta empire. Sunday Times. 10/09/2017. [Online]. Available:
https://www.timeslive.co.za/sunday-times/business/2017-09-10-kpmgs- ngerprints-all-over-the-gupta-empire
[Accessed 27 March 2018].
14 Ziady, H. Gears turn slowly in audit probes. Business Day. 22/03/2018. [Online]. Available:
https://www.businesslive.co.za/bd/business-and-economy/2018-03-22-gears-turn-slowly-in-audit-probes [Accessed
March 2018].
15 News 24. 18/09/2018. [Online]. Available: https://www.news24.com/Analysis/rogue-unit-retraction-5-questions-
answered-20170918 [Accessed March 2018].
16 amm, M. SARS wars: KPMG report- the rm, the lawyers, the auditor and the blame game. Daily Maverick.
[Online]. Available: https://www.dailymaverick.co.za/article/2017-10-03-sars-wars-kpmg-report-the- rm-the-
lawyers-the-auditor-and-the-blame-game/#.Wrn-Jy5ubX4 [Accessed March 2018].
17 SABC. [Online]. Available: http://www.sabcnews.com/sabcnews/two-kpmg-partners-resign-wake-vbs-mutal-bank-
issue [Accessed April 2018].
18 amm, M. SARS wars: KPMG report - the rm the lawyers the auditor and the blame game. Daily Maverick. [Online].
Available: https://www.dailymaverick.co.za/article/2017-10-03-sars-wars-kpmg-report-the- rm-the-lawyers-the-
auditor-and-the-blame-game/#.Wrn-Jy5ubX4. [Accessed March 2018].
19 SABC. [Online]. Available: http://www.sabcnews.com/sabcnews/two-kpmg-partners-resign-wake-vbs-mutal-bank-
issue [Accessed April 2018].
20 Khumalo, S. [Online]: https://www. n24.com/Companies/Financial-Services/ex-kpmg-partners-in-vbs-saga-failed-
to-disclose-links-with-the-bank-20180415. [Accessed April 2018].
21 Fin24. [Online]. Available: https://www. n24.com/Economy/the-nkonki-pact-part-1-how-the-guptas-bought-
themselves-an-auditor-20180328. [Accessed July 2018].
22 Fin 24. [Online]. Available: https://www. n24.com/Economy/steer-clear-of-nkonki-inc-until-you-know-who-
owners-are-mps-tell-ag-20180506. [Accessed July 2018].
23 SAICA. [Online]. Available:
https://www.saica.co.za/TechnicalInformation/Discipline/Disciplinaryprocess/tabid/778/language/en-
ZA/Default.aspx
24 IRBA. [Online]. Available: https://www.irba.co.za/upload/APA%2026%20of%202005%20Amended%202015.pdf
25 Accountancy SA. [Online]. Available: http://www.accountancysa.org.za/documents/ASAApril08-pgs1-6.pdf
[Accessed May 2012].
26 IRBA. [Online]. Available: https://www.irba.co.za/upload/IRBA%20newsletter%2039%20b.pdf [Accessed March
2018].
27 IRBA. [Online]. Available https://www.irba.co.za/upload/IRBA%20News%20%2337.pdf [Accessed March 2018].
28 IFAC. [Online]. Available: https://www.ifac.org/news-events/2018-04/global-ethics-board-releases-revamped-code-
ethics-professional-accountants. [Accessed July 2018].
29 Campbell, T. & Houghton, K. Ethics and auditing. [Online]. Available: www.epress.anv.av/wp-
content/upload/2011/05/ethics_auditing.pdf [Accessed 13 April 2013].
30 e challenge forum. [Online]. Available: http://www.chforum.org/methods/xc417.html [Accessed May 2012].
31 is overview is based on the exposure draft that was issued by IRBA – as the nal publication was not available at the
time of writing.
32 is overview is based on the exposure draft that was issued by SAICA – as the nal publication was not available at
the time of writing.
Legal CHAPTER 3
responsibilities
of the auditor
Graeme O’Reilly
CHAPTER CONTENTS
Learning outcomes
Reference list
3.1 Introduction
3.2 What are the statutory and regulatory requirements for an
audit?
3.3 How does the statutory appointment, removal and rotation of
the auditor work and what are his or her rights?
3.4 What are the statutory requirements to practise as an auditor?
3.5 What does the auditor’s statutory responsibility to identify and
respond to Reportable Irregularities entail?
3.6 How is auditing in the public sector different from auditing in
the private sector?
3.7 What other legislation and regulations may impact on the
scope of the audit function?
3.8 What role can the auditor play to aid good corporate
governance?
LEARNING OUTCOMES
1. Identify the legislation that governs the appointment, duties, and

regulation of auditors.
2. Describe, and be able to identify, the conditions that give rise to
the statutory requirements for an audit.
3. Describe the alternatives for a company that does not speci cally
have to be audited in terms of the legislation (voluntary audits,
independent reviews, or neither of these).
4. Describe the conditions that need to be met in order for a person,
or rm, to be eligible for appointment as the auditor of a
company.
5. Describe how a company appoints or replaces its auditor.
6. Describe the statutory rights and functions of a company’s
auditor.
7. Describe how the conduct of auditors is regulated and to what
extent auditors can be held accountable for their actions.
8. Describe the auditor’s reporting responsibilities regarding
Reportable Irregularities and identify the circumstances leading
to a Reportable Irregularity.
9. Describe the unique requirements that govern auditing in the
public sector.
10. Describe the additional requirements that apply speci cally to
the audit of JSE listed entities.
Describe the impact of the Sarbanes-Oxley Act on the audit of a
11. South African subsidiary of an American holding company.
12. Describe the King IV™ recommendations relating to the external

audit function and explain the need for combined assurance.
REFERENCE LIST
Companies Act 71 of 2008, sections 30, and 90 to 94.

Companies Regulations 2011, regulations 26, 28 and 29.
Auditing Profession Act 26 of 2005.
Institute of Directors Southern Africa (2016) King IV™ Report on
Corporate Governance for South Africa 2016.
IN THE NEWS
2001 Accounting scandal
In 2001, after a series of revelations involving irregular
accounting procedures bordering on fraud perpetrated throughout
the 1990s involving Enron and its accounting rm Arthur
Andersen, Enron suffered the largest Chapter 11 bankruptcy in
history (since surpassed by those of WorldCom in 2002 and
Lehman Brothers in 2008).
As the scandal unravelled, Enron shares dropped from over
$90.00 in the summer of 2000 to just cents. Enron had been
considered a blue chip stock, so this was an unprecedented
event in the nancial world. Enron’s plunge occurred after the
revelation that much of its pro t and revenue were the result of
deals with special purpose entities (limited partnerships which it
controlled). This meant that many of Enron’s debts and the
losses that it suffered were not reported in its nancial
statements. Enron led for bankruptcy on 2 December 2001.
In addition, the scandal caused the dissolution of Arthur
Andersen, which at the time was one of the world’s top
accounting rms. The rm was found guilty of obstruction of
justice in 2002 for destroying documents related to the Enron
audit. Since the Securities and Exchange Commission (SEC) is
not allowed to accept audits from convicted felons, Andersen was
forced to stop auditing public companies. Although the conviction
was thrown out in 2005 by the Supreme Court, the damage to
the Andersen name prevented it from returning as a viable
business even on a limited scale.
Oakbay/SARS scandals
KPMG (one of the ‘big four’ audit rms in South Africa – along
with Deloitte, Ernst & Young and PwC) has a heritage in South
Africa dating back to 1895, and the rm has been part of the
international KPMG organisation since its formation in 1979.
During 2017, KPMG South Africa became embroiled in scandals
involving the notorious Gupta family, which has led to the closure
of several of its of ces and resulting (at the time of writing) in
considerable uncertainty about its continued operations in South
Africa.
In June 2017, the amaBhungane Centre for Investigative
Journalism revealed some fascinating correspondence between
KPMG and Oakbay Resources and Energy (a Gupta-owned entity
in the mining sector). KPMG had been the auditors of the Oakbay
group for 15 years prior to the revelations of corruption and
collusion, at which point KPMG then resigned. One of the more
controversial transactions to emerge was the nancing of a
R30m wedding for one of the Gupta daughters, allegedly using
funding earmarked by the Free State government to a dairy farm.
It appears that funds were redirected from this project via related
party entities (Linkway Trading and Accurate Investments) to
nance the wedding. KPMG’s chief executive and KPMG’s lead
engagement partner for the audit of Oakbay were both guests at
the wedding.
To make matters even worse for KPMG, they also issued a
controversial report in 2015 implicating former Finance Minister
Pravin Gordhan in the creation of an illegal rogue intelligence
gathering unit of the South African Revenue Service (SARS). This
report was seen by many to be part of a wider Gupta-linked state
capture conspiracy, with the aim of forcing Gordhan out of his
post. The report was withdrawn by KPMG in September 2017
creating large-scale public backlash.
These scandals ultimately resulted in the resignation of
several partners within KPMG’s senior leadership in South Africa,
including its chairman, its chief executive of cer and its chief
operating of cer.
Numerous large South African companies dismissed KPMG as
their auditors in the immediate aftermath of the scandal,
including the Auditor General of South Africa and ABSA Group
Limited. Many of their other clients will no-doubt be seriously re-
considering their continued relationship with KPMG.
At the time of writing, KPMG is still under investigation by the
IRBA in relation to their conduct.
3.1 Introduction
Given the vital role that auditors play in providing assurance to people
and organisations that rely on nancial statement information to make
economic decisions, it is not surprising to see the signi cant extent to
which the profession is regulated.
e Enron and KPMG scandals referred to in the newspaper articles
above paint a clear picture of what can happen when auditors do not
ful l their responsibilities properly or are perceived not to have done so.
Despite their knowledge of the serious aws in the nancial statements
of Enron, the auditors (Arthur Andersen) continued to issue an
unmodi ed (or ‘clean’) opinion on the nancial statements. is
resulted ultimately in both investors and lenders suffering huge losses,
and led to a lawsuit against the auditor from which it could not recover.
It is worth noting from the Enron article that the SEC (to an extent
the equivalent of South Africa’s JSE) has a regulation prohibiting
auditing rms that have been found guilty of performing audits in
contravention of legislation from continuing to audit publicly listed
companies. e loss of credibility associated with a conviction of this
nature would no doubt have a large impact on the level of assurance
third parties can take from an audit opinion issued by the convicted
auditor.
is event (along with several others around the same time) led to a
widespread loss of public con dence in the opinions being expressed
by auditors on nancial statements.
CRITICAL THINKING
Just how prevalent are scandals that involve auditing rms?
Do an internet search for ‘scandals involving audit rms’ and see
what comes up …
In order for the public to retain high levels of con dence in the opinions
expressed by auditors on nancial statements, it is vital that the
auditing profession be properly monitored and regulated. In South
Africa, the Independent Regulatory Board for Auditors (IRBA) was
created in 2005 to do just that. (Note that its predecessor was the Public
Accountants and Auditors Board – refer to Chapter 1 for the history of
the auditing profession.)
DID YOU KNOW?

Prior to its 2017/2018 Global Competitiveness Report, the
World Economic Forum Survey placed South Africa, for the
previous seven reports, as the world leader in terms of strength
of auditing and reporting standards regarding company nancial
performance. In the 2017/18 report, South Africa dropped to
30th place! This was largely due to a signi cant deterioration in
the level of global con dence in South Africa’s nancial markets
as a result of levels of corruption, crime, downgrades, and
perceptions about nancial institutions. The decline in ranking
was also in uenced by a change in the manner in which the
survey was conducted.
The full survey can be downloaded at
https://www.weforum.org/reports/.
Regulation of the auditing profession means that there are numerous

statutory requirements that need to be met regarding the appointment
and conduct of an auditor. is chapter examines these requirements in
detail.
Given the technical nature of this chapter and the ease with which one
can become disoriented, it is appropriate to start with a high-level
overview of this chapter’s overall structure and ow:
• We start with an introduction in section 3.1 of this chapter to the two
pieces of legislation that form the basis for the bulk of the content of
this chapter – the Companies Act 71 of 2008 and the Auditing
Profession Act 26 of 2005.
• In section 3.2, we turn our attention to the statutory requirements for
an audit as established by the Companies Act. Not all companies
need to be audited. Consequently, before considering the legislation
governing the auditor, you need rst to be clear as to when auditors
are required. Section 3.2 also explains what happens if a company
does not have to be audited.
• Having established when the need for an audit arises, section 3.3
then considers the requirements that need to be met by companies
when appointing their auditor and what they need to do should they
wish to reappoint, or even remove, the auditor.
• Section 3.4 considers who is able to act as an auditor, as well as the
regulations that govern the scope, duties and conduct of the auditor.
• Section 3.5 discusses Reportable Irregularities, including what they
are and what the auditor’s responsibilities are with regard to them.
• Sections 3.6 and 3.7 contain a brief look at some of the other
environments in which audits might take place and the related
additional requirements that may arise. ese environments include
auditing in the public sector, auditing companies listed on the JSE,
and auditing South African subsidiaries of American holding
companies.
• e nal section considers the impact of good corporate governance
on the audit function. (Corporate governance is covered in detail in
Chapter 4.)
3.1.1 Legislation and regulations governing

the audit function
ere are two pieces of legislation that govern the audit function
directly – the Companies Act, to be read together with the related
Companies Regulations of 2011, and the Auditing Profession Act.
e Companies Act provides for the incorporation, registration,
organisation and management of South African companies. It contains
speci c sections dealing with, among other things, when an audit is
required, who may perform an audit and a company’s relationship with
its auditors.
In addition to the Companies Act, the Companies Regulations
contain several regulations relating to the administration of companies.
ese regulations took effect at the same time as the Companies Act,
and supplement the Companies Act.
e Auditing Profession Act (‘APA’) provides for the establishment of
the IRBA and for the education, registration and regulation of
Registered Auditors (RAs).
A summary of the major sections and/or regulations in each Act that
speci cally govern the audit function follows in Table 3.1. is chapter
explores many of these sections and regulations in more detail.
3.1.2 Legislation and regulations with which
the auditor has to be familiar
In addition to being familiar with the laws and regulations that
speci cally govern the audit function, the RA also has to be familiar
with other laws and regulations affecting the auditee.
ISA 250 Consideration of Laws and Regulations in an Audit of
Financial Statements requires that an auditor understands and gathers
sufficient appropriate audit evidence about the auditee’s compliance
with laws and regulations that directly affect the nancial statements.
Examples of such laws and regulations include:

• e Companies Act (which governs the actions and decision-making
processes of companies, the consequences of which are re ected in
the nancial statements);
• e Income Tax Act 58 of 1962 (which governs the determination
and payment of income taxes that have to be recognised and
measured in the nancial statements);
• e Value-Added Tax Act 89 of 1991 (which governs the
determination and payment of VAT for almost every transaction that
is entered into and which has to be appropriately recognised and
measured in the auditee’s nancial records);
• e National Credit Act 34 of 2005 (which will be particularly
important, for example, to auditees who provide credit facilities to
consumers);
• e Financial Intelligence Centre Act 38 of 2011 and the Financial
Intelligence Centre Amendment Act 1 of 2017 (which governs money
laundering and terrorism nancing); and
• e Protection of Personal Information Act 4 of 2013 (which governs
the protection of personal information by public and private bodies).
ere may well be several more, depending on the nature of the

company being audited and the industry in which it operates.
CRITICAL THINKING
What other legislation may directly affect the nancial
statements of Ntsimbi Piping?
Ntsimbi Piping distributes its products throughout Africa and
imports approximately 70% of its raw materials, predominantly
from Australia and New Zealand. It would therefore be important
for the auditor to have an understanding of export and import
regulations, and exchange control regulations to the extent that
these affect the revenue, purchases, and inventory gures
contained in the nancial statements.
Table 3.1: Summary of Acts and Regulations governing the audit

function
SPECIFIC ASPECTS
LEGISLATION RELATING TO THE
GOVERNING AUDIT FUNCTION SECTION/REGULATION
THE AUDIT THAT ARE REFERENCE
FUNCTION GOVERNED BY THIS
LEGISLATION
Companies Act • The requirement Section 30

for certain
companies to be
audited.
SPECIFIC ASPECTS
LEGISLATION
• The requirement Section 90

that certain
companies
appoint an
auditor and the
conditions which
have to be met to
ll this position.
• The requirements Section 91

relating to the
resignation of an
auditor and the
resulting vacancy
that arises.
• The requirement Section 92

to rotate auditors
every ve
consecutive
nancial years.
• The rights and Section 93

restricted
functions of
auditors.
SPECIFIC ASPECTS
LEGISLATION
Companies • The requirement Regulation 26(2)

Regulations for every
company to
calculate its
public interest
score at the end
of each nancial
year (which
determines
whether that
company needs
to be audited or
not).
• The categories of Regulation 28

companies that
are required to
be audited (read
in conjunction
with section 30
of the Companies
Act and
regulation 26(2)
above).
SPECIFIC ASPECTS
LEGISLATION
• The requirements Regulation 29

relating to the
independent
review (for
companies that
do not need to be
audited).
Auditing • The Sections 3–31

Profession Act establishment,
functions,
powers, Sections 32–36
governance,
committees, Sections 37–40
nancial

management and
national Section 44
government Section 45
oversight of the
Section 46
IRBA.
Sections 47–51
• The accreditation
of professional Sections 52–54
bodies to
educate and train
RAs.
• The registration
of individual
SPECIFIC ASPECTS
LEGISLATION
auditors and
rms as RAs.
• The conduct by,
and liability of,
RAs including:
• Duties in
relation to the
audit;
• Duty to report
on
irregularities;
and
• The limitation
of the auditor’s
liability.
• Improper conduct
and disciplinary
procedures.
• Offences
(including those
associated with
Reportable
Irregularities).
3.2 What are the statutory and regulatory
requirements for an audit?
Having become acquainted with the legislation governing the audit
function, we turn our attention to understanding when an audit is
required in terms of this legislation. It is important to note that not all
companies need to be audited and therefore not all companies need to
be concerned with the appointment of auditors.
3.2.1 Companies that have to be audited

e Companies Act (section 30(2)) requires that the following
companies must be audited (i.e. they have no choice in the matter):
1. Any public company; or
2. In the case of any other pro t or non-pro t company:
a) If so required by the Companies Regulations; or
b) If so chosen by that company, and the requirement is
incorporated in its Memorandum of Incorporation.
Section 1 of the Companies Act de nes a public company as being ‘a

pro t company that is not a state-owned company, a private company,
or a personal liability company’. To understand this de nition, it is
necessary to ‘unpack’ it:
EXAMPLE
Pro t company (section 1)
A company incorporated for the purpose of nancial gain for its
shareholders.
State-owned company (section 1)
An enterprise that is registered in terms of the Companies Act
as a company and is either listed as a public entity in the Public
Finance Management Act 1 of 1999 (PFMA), or is owned by a
municipality (as contemplated in the Local Government:
Municipal Systems Act 32 of 2000) and is otherwise similar to
the enterprises listed in the PFMA.
Private company (sections 1 and 8)
A pro t company that is not a state-owned company and in
terms of its Memorandum of Incorporation is prohibited from
offering any of its securities to the public and is restricted when
it comes to the transferability of its securities.
Personal liability company (sections 1 and 8)
A private company where its Memorandum of Incorporation
speci cally states that it is a personal liability company. Section
19 then provides that where a company is a personal liability
company, the directors and past directors are jointly and
severally liable, together with the company, for any debts and
liabilities of the company.
e text above has unpacked the de nition of a public company; any

company meeting this de nition is required to be audited in terms of
the Companies Act. To understand which of the other categories of
companies are required to be audited, section 30(7) of the Companies
Act directs one to the Companies Regulations.
Regulation 28 requires that the following categories of companies must

be audited:
1. Public companies (repeating the Companies Act requirements);
2. State-owned companies (de ned in section 1 of the Companies
Act); and
3. Pro t or non-pro t companies (de ned in section 1 of the
Companies Act) that, in the ordinary course of their primary
activities, hold assets in a duciary capacity for persons who are
not related to the company and if at any time during the nancial
year the aggregate value of these assets exceeded R5 million.
CRITICAL THINKING
Think of examples of companies that might fall into this third
category.
1. Estate agent companies that hold deposits in trust.
2. Investment companies that hold investor funds in trust.
3. Incorporated attorney practices that via their trust accounts
hold client monies.
4. Non-pro t companies:
a) Incorporated directly or indirectly by the State, an
international entity, a foreign state entity, or a foreign
company;
b) Incorporated primarily to perform a statutory or regulatory
function in terms of any legislation;
c) Incorporated to carry out a public function at the direct or
indirect initiation or direction of the State, an international
entity, a foreign state entity, or a foreign company; and
d) Incorporated for a purpose ancillary to items b) or c) above.
CRITICAL THINKING
Does the IRBA need to be audited?
Yes it does. It is incorporated primarily to perform a regulatory
function in terms of the Auditing Profession Act of 2005.
Any other company (pro t or non-pro t) whose public interest
5.
score in that nancial year:
a) Is equal to, or exceeds, 350; or
b) Falls in the range of 100 to 349 if its annual nancial
statements were internally compiled (i.e. compiled by staff of
the company without the use of an independent professional
accountant).
WHAT What if a private company that does not hold assets

in a duciary capacity as its main business and has a
IF? public interest score of greater than 100 (but less
than 350) has its nancial statements independently
compiled and reported on (as opposed to internally
compiled as referred to in point 5 above). Will this
company’s nancial statements have to be audited?
No, the company’s nancial statements will not have to
be audited because it does not meet any of the
requirements listed previously.
Have a look at the de nitions in regulation 26 to
understand what it means to have a set of nancial
statements independently compiled and reported on.
Also, refer to section 3.2.2 below to ascertain
whether any form of assurance on the company’s
nancial statements is required.
Clearly, a non-public and non-state-owned company’s public interest

score is an important determinant as to whether it will be required to be
audited or not. Logic dictates that a company in whose activities and
nancial statements the public has a greater degree of interest will have
a higher public interest score. Because of the greater levels of public
interest in such a company (and given the purpose of the audit to
provide reasonable assurance), there will then be a greater need to have
that company’s nancial statements audited.
Table 3.2 illustrates how to calculate a public interest score in

accordance with regulation 26(2).
Table 3.2: Calculating a public interest score
COMPONENT OF CALCULATION
PUBLIC INTEREST
Employment ‘a number of points equal to the average

This component takes number of employees of the company
into account the size of during the nancial year.’
the workforce. This includes both salaried employees
and wage earners and may include
certain temporary staff in addition to the
permanent staff complement.
Third-party liability ‘one point for every R1 million (or portion

This component takes thereof) in third-party liability of the
the creditors of the company, at the nancial year-end.’
company into account. Third-party liability is regarded as
amounts owing to parties external to the
entity. This would therefore include
amounts owing in respect of trade
creditors or bank overdrafts and loans
but would exclude amounts owing to
employees or shareholders.
PUBLIC INTEREST
Turnover ‘one point for every R1 million (or portion

This component takes thereof) in turnover during the nancial
into account the extent year.’
to which the company
has an effect in the
market place.
Shareholders/Members ‘in the case of a pro t company, one

This component takes point for every individual who at the end
into account the of the nancial year is known by the
interest of the investors company to have, directly or indirectly, a
or members of the bene cial interest in any of the
company. company’s issued securities.’
‘in the case of a non-pro t company, one
point for every individual who at the end
of the nancial year is known by the
company to be a member of the
company or a member of an association
that is a member of the company.’
Take note of the reference to individuals
and the reference to both direct and
indirect holdings. A subsidiary would
therefore need to look to the number of
individuals holding securities in the
company’s holding company to determine
its public interest score (i.e. take into
account the indirect bene cial interest
holders). Based on this, any company
with more than 350 individual
shareholders (directly or indirectly) will
have to be audited.
PUBLIC INTEREST
Note: There is an alternative school of
thought that the individual shareholders
of the holding company should not be
taken into account in the calculation as
these shareholders do not have an
entitlement/right to the distributions of
the subsidiary or to direct the voting at
the subsidiary’s shareholder meetings. As
such, the individual shareholders of the
holding company cannot be seen as the
holders of the bene cial interest in the
subsidiary company. But, for purposes of
this text, this alternative school of thought
will not be explored further.
WHY? Why did regulation 26 include these four components

of public interest in the calculation of a public
interest score?
Employment
Employees receive payments and other bene ts from
their employers. They have a signi cant interest in the
ability of their employer to be able to continue to
employ them.
Liability
Organisations or individuals that are owed money by
the company want to know that the company is
nancially sound enough to be able to repay what is
due to them.
Turnover
A company’s turnover provides an indication of the
relative size of the company and the degree to which it
interacts with its investors, funders, customers and
suppliers. The larger the volume of trading is, the wider
the impact of that company is and the greater the
degree of interest is in that company’s sustainability.
Shareholders/Members
Shareholders or members have a direct nancial
interest in the company in which they have invested
their money. They want to know the degree to which
their investment remains secure and/or viable. The
more investors there are, the greater the interest is in
the company’s performance.
EXAMPLE
A practical example of the calculation of a company’s public
interest score
Consider the following information about Stratus (Pty) Ltd, a
pro t company with a June nancial year-end that is involved in
the manufacture and retail of designer gumboots:
• 51% of the shares in Stratus are held by another company,
Big Brother (Pty) Ltd; 25% are held by Mr Smith, and the
remaining 24% are held by Mrs Doe.
• Big Brother has 12 shareholders, all of whom are individuals.
• Mr Smith and Mrs Doe are both directors of Stratus (Pty) Ltd.
• The company’s annual turnover for the current nancial year
is R37,439,021.
• Liabilities as at year-end comprised the following amounts
owing:
• Trade Payables (to non-related companies) – R 2,367,210
• Loan owing to Mr Smith – R1,239,000
• Loan owing to Big Brother (Pty) Ltd – R 4,367,996
• The company had 15 salaried employees and 36 wage-
earning employees on its payroll at the end of their nancial
year. During the year, four new wage-earning employees were
appointed. There were no resignations or dismissals.
• The company prepares its own annual nancial statements.
Calculate Stratus (Pty) Ltd’s public interest score and decide

whether it needs to be audited or not. Attempt the calculation
on your own before reviewing your attempt against the
suggested solution in Table 3.3.
Table 3.3: Suggested solution to the calculation of Stratus (Pty) Ltd’s

public interest score
PIS CALCULATION JUSTIFICATION

COMPONENT
Employment 49 The total number of employees at

the end of the year was 51 (15
salaried and 36 wage-earning).
There were 4 new wage-earning
employees appointed during the
year. Therefore, the number of
employees at the beginning of the
year was 47 (51 less the 4 new
employees). The average number
of employees was therefore (47 +
51) / 2 = 49 and therefore 49
points will be allocated to
employment.
COMPONENT
Third-party 3 Third-party debt relates to the

liability creditors of the company – it is
money owing to persons or
companies external to the
company. The loans to Mr Smith
and Big Brother (Pty) Ltd are both
loans to shareholders and are
thus not external to the company.
It is therefore only the trade
payables of R2,367,210 that will
count in the determination of
public interest and the score is 1
point per R1m or part thereof and
therefore 3 points will be
allocated for third-party liability.
Turnover 38 1 point for every R1m or part

thereof – turnover is R37,4m and
therefore 38 points will be
allocated for turnover.
COMPONENT
Shareholders/ 14 1 point is awarded for every

Members individual who has a direct or
indirect bene cial interest in the
company’s issued securities.
Direct interest: There are only 2
individuals with a direct interest
(Mr Smith and Mrs Doe) –
therefore 2 points. Indirect
interest: Big Brother (Pty) Ltd has
a direct interest but is not an
individual. The shareholders of
Big Brother have an indirect
interest in Stratus by virtue of
their company’s interest in
Stratus. Big Brother has 12
shareholders – all of whom are
individuals – and therefore a
further 12 public interest points
will be allocated for this
component. Total score for this
component is therefore 2 + 12 =
14.
Total score: 104
Stratus (Pty) Ltd is clearly not a public or state-owned company, nor is it

a non-pro t company. Moreover, it does not hold assets in a duciary
capacity as a main part of its business. e only determinant in terms of
whether it would need to be audited or not would therefore come from
its public interest score.
To be audited, its PIS must either be above 350 (regardless of who
prepares its nancial statements) – which is not the case here – or its PIS
must be from 100 to 349 and it must prepare its own nancial
statements – which is the case. Because Stratus (Pty) Ltd prepares its
own nancial statements, its nancial statements must therefore be
audited.
CRITICAL THINKING
Do the nancial statements of Ntsimbi Piping have to be
audited?
Given that Ntsimbi Piping prepares its own nancial statements,
like Stratus (Pty) Ltd in the example above, it would need a PIS
of greater than 100 for it to have to be audited.
Given that Ntsimbi Piping employs approximately 80 staff and
its revenue for the current year is R128,3 million, its PIS already
exceeds 200 before even considering the other public interest
components. Therefore, its nancial statements will have to be
audited.
3.2.2 What if a company does not have to be

audited?
If a company does not meet any of the preceding requirements for it to
be audited, then in terms of section 30(2) of the Companies Act, it must
be either:
1. Voluntarily audited, applicable where this is required by the
Memorandum of Incorporation, or a shareholders resolution, or a
resolution of the board of directors; or
2. Independently reviewed, in terms of the requirements contained in
the Companies Regulations; except when every person who is a
holder of (or who has a bene cial interest in) any securities issued
by the company is also a director of that company (section 30(2A)
of the Companies Act), in other words, a company that is managed
by all its owners. In this case, legislation does not require the
company to be independently reviewed or audited.
is exception for owner-managed entities is present because of the

limited extent of public interest in these entities. However, should this
type of company have external parties with an interest in the company
(banks or potential investors, for example), its directors would be wise
to consider voluntarily electing to be audited, or at least independently
reviewed, so as to provide some assurance to these parties that are likely
to place reliance on the nancial statements in making their decisions.
e independent review is covered in more depth in Chapter 16.
3.3 How does the statutory appointment,

removal and rotation of the auditor
work and what are his or her rights?
Having understood which companies have to be audited, let us now
turn our attention to the appointment of the auditor and any
subsequent changes to the status of that appointment, whether through
resignation or dismissal.
We will rst consider who can be appointed as an auditor and will
then work through the appointment process itself.
3.3.1 Requirements to be met by the auditor in

order to be appointed
Section 90(2) of the Companies Act sets out a number of requirements
that must be met by a person or rm in order to be appointed as auditor
to a company. (If a rm of auditors is appointed, as opposed to an
individual person, then the person in that rm who will be in charge of
the audit also has to meet these requirements.)
It is worth noting that the requirements of section 90(2) only apply
to mandatory audits (i.e. where the company has no choice in whether
it will be audited or not) or where this decision is the result of a
requirement in the company’s MOI. A company that elects to be
audited voluntarily by way of a resolution of the shareholders or board
of directors, however, does not need to comply with the requirements of
section 90(2).
e requirements can be summarised as follows:

1. ey must be RAs. is requires that they are registered with the
IRBA which is the only way to obtain the designation of RA. e
IRBA requirements that must be met to become an RA are
discussed in section 3.4.1 of this chapter.
2. ey must not be directors or prescribed officers of the company.
Auditors have to be independent of the company that they are
auditing. A person who is responsible for a senior management
role in a company cannot be seen to be suitably independent, and
therefore suitably objective, when it comes to expressing an
opinion on that company’s nancial statements.
CRITICAL THINKING
Who is a prescribed of cer?
In terms of regulation 38 of the Companies Regulations, a
prescribed of cer is de ned as being a person who, despite not
being a director, nonetheless exercises, or regularly participates
to a material degree in the exercising of, general executive
control over the management of the business.
A person cannot therefore avoid statutory responsibilities just
by not being a director in a formal capacity.
3. ey must not be an employee or consultant of the company who

has been engaged by that company for more than one year in
maintaining or preparing any of the company’s nancial records or
statements. Similar to point 2, this is required in order to ensure
that the auditor remains suitably independent, in fact and in
appearance.
4. ey must not be directors, officers or employees of a person
appointed as company secretary in terms of the Companies Act
(refer to sections 86–89 of the Companies Act for details of the
company secretary). Note that company secretaries can be either
individual persons or juristic bodies (e.g. companies).
CRITICAL THINKING
Can a person who has been the company secretary of a
company be appointed as their auditor?
Strictly speaking, point 4 above refers only to directors, of cers
or employees of a person appointed as company secretary and
not the actual person themselves.
Now have a look at the next prohibition!
5. ey must not be persons who, alone or with a partner or

employees, habitually or regularly perform the duties of
accountant or bookkeeper, or perform related secretarial work, for
the company. So, in response to the previous critical thinking
question, here is our answer. e company secretary performs
related secretarial work for the company and therefore cannot
become the auditor of the company.
6. ey must not be persons who at any time during the ve nancial
years immediately preceding the date of appointment (as auditor),
were persons contemplated in points 2 to 5 above.
CRITICAL THINKING
Why is it necessary to include point number 6?
If you are, for example, a current director (or employee, of cer,
etc.) of a company, then you could have resigned from that
position and immediately become its auditor were it not for point
number 6. This section now sets a time period (a ‘cooling off
period’, if you like) during which you must not have been
engaged in any of the capacities referred to in the previous four
points should you wish to be considered for appointment as that
company’s auditor. This ensures that the auditor will be
suf ciently independent.
7. Where a company has an audit committee (either because the

company has to have one or because it has chosen to do so), the
proposed auditor must be acceptable to the company’s audit
committee as being sufficiently independent of the company,
having regard to the matters set out in section 94(8) of the
Companies Act. ese matters require that the audit committee
considers:
a) at the proposed auditor does not receive any remuneration
for services rendered to the company other than the fee for the
audit or fees for non-audit services that were previously
approved by the audit committee;
b) e degree to which the proposed auditor’s independence
may have been compromised as a result of any prior
appointments as auditor or any consulting work done by the
proposed auditor for the company; and
c) e degree to which the proposed auditor complies with any
other criterion related to independence as prescribed by the
IRBA (which effectively therefore includes compliance with
the IRBA Code of Professional Conduct (CPC)).
3.3.2 Appointment of the auditor
Having considered the requirements to act as auditor, let us now have a
look at how companies should go about appointing an auditor.
Every company that must be audited (in terms of section 30 of the
Companies Act and/or regulation 28 of the Companies Regulations) or
that has voluntarily elected to be audited (section 30(2) of the
Companies Act) must appoint an auditor in terms of section 90 of the
Companies Act.
e statutory deadlines for the appointment of the auditor are as

follows:
1. If an auditor is not appointed by the company on incorporation,
the directors have 40 business days from the date of incorporation
to appoint the rst auditor.
2. e rst auditor always holds office until the conclusion of the rst
annual general meeting of the company.
3. An auditor is automatically reappointed at an annual general
meeting without any speci c resolution needing to be passed,
unless:
a) e auditor no longer quali es to act as auditor (refer to
section 3.3.1 of this chapter);
b) e auditor no longer wishes to act as auditor (refer to section
3.3.3 of this chapter);
c) e auditor is no longer allowed to serve as auditor because of
the requirements for rotation of the auditor every ve years
(refer to section 3.3.6 of this chapter);
d) e audit committee objects to the reappointment of the
auditor; or
e) e shareholders at the annual general meeting have chosen
to appoint another auditor.
CRITICAL THINKING
With reference to the news item at the beginning of this
chapter, what would have been the processes followed by
those companies who wished to terminate their relationship
with KPMG?
The board of directors would have recommended the
appointment of another auditor in the place of KPMG (or the
audit committee may have objected to the re-appointment of
KPMG) and this would then have needed to be approved by
shareholders at the annual general meeting. Refer to section
3.3.4 below.
4. If an auditor is not appointed or reappointed at the annual general

meeting, the directors have 40 business days after the date of the
meeting to appoint an auditor.
3.3.3 Resignation of the auditor

Auditors may choose to resign from their position of auditor of a
company at any time. Once they are appointed as auditors, there is no
statutory requirement that they serve out any term of office with the
company.
Resignation of an auditor is effective from the date that notice of the
resignation is led with the Companies and Intellectual Property
Commission (the ‘Commission’), as established by section 185 of the
Companies Act.
CRITICAL THINKING
Why might an auditor choose to resign from an audit
appointment?
1. The auditor no longer has the required knowledge, skills or
capacity to audit the company.
2. The auditor no longer wants to be associated with the
company or with the individuals who manage or own the
company.
3. The audit is not economically viable (the audit fee does not
recover the amount of time required for performing the audit).
4. An ethical con ict has arisen that creates a situation where
the auditor can no longer maintain the required level of
objectivity.
If a rm is appointed as auditor of a company and there is a change in

the composition of that rm whereby fewer than 50% of the original
members remain, then this is to be regarded as a resignation of that rm
and a vacancy arises.
3.3.4 Dismissal of the auditor

A company is perfectly entitled to dismiss (or remove from office) its
auditor if it so wishes. In this case, the directors are required to give
notice of their intention to dismiss and replace the auditor for
consideration and resolution by the shareholders at the annual general
meeting. In other words, the dismissal cannot happen at any time,
thereby affording the auditor a measure of protection in the
performance of his or her duties.
In addition, in terms of section 89, which applies to both the
removal of the company secretary and the auditor through section
91(6), if an auditor is removed from office by the board of directors, the
auditor may require the directors to include a statement in the annual
nancial statements in the directors’ report setting out the auditor’s
contentions surrounding the circumstances resulting in the dismissal.
In order to exercise this right, the auditor has to give the appropriate
notice to the company.
3.3.5 Appointment of a replacement auditor
Should a vacancy arise, the directors need to appoint a replacement
auditor within 40 business days of the effective date of resignation of the
previous auditor.
If the company has an audit committee, the board of directors has to
provide this committee with the name of at least one registered auditor
to replace the outgoing auditor within 15 business days of the vacancy
arising. e board may then appoint a registered auditor from the
names it has provided to the audit committee unless it receives written
notice from the audit committee rejecting the proposed auditor within
ve business days of having received the name of the proposed
replacement.
If the company does not have an audit committee, it falls to the
board of directors alone to appoint the replacement auditor.
3.3.6 Rotation of auditors

Section 92 requires that the same individual may not serve as auditor of
a company for a period longer than ve years. is section has been
introduced to contribute to the need for auditors to remain objective
during their appointment. e judgement of an auditor who has been
appointed in this capacity by the same company for too many years
may become clouded as he or she becomes more and more familiar
with the management team of that company. e longer the time
period together, the bigger the risk is that the relationship between
auditor and management starts to swing from an independent
professional relationship to a friendship that lacks objectivity.
Other considerations include:

1. If an individual auditor has been the RA of a company for two or
more consecutive years and then ceases to be the RA of the
company, that individual may not be reappointed as auditor of that
company for at least a further two consecutive nancial years; and
2. If a company has joint auditors, the company must manage the
rotation so that both auditors never end their rotation at the same
time so that they both need to be replaced in the same nancial
year.
It is important to note that section 92 of the Companies Act requires

that only the individual auditor (the individual ultimately responsible
for the audit) rotates and not the auditing rm as a whole. It is therefore
quite possible that the same auditing rm may continue to audit a
company for many years provided that the lead partner/director
responsible for the particular audit engagement rotates at least every
ve years.
DID YOU KNOW?

On 5 June 2017, the IRBA’s ‘Rule on Mandatory Audit Firm
Rotation’ (MAFR) was gazetted. This rule effectively prohibits an
audit rm from acting as auditors to a public interest entity (as
de ned in the IRBA Code of Professional Conduct for Registered
Auditors) for more than 10 consecutive years. A period of ve
years would need to pass before that audit rm could again be
considered for appointment as auditor of that entity. This rule
becomes effective as of 1 April 2023 – i.e. for nancial years
commencing after 1 April 2023, the auditor of that public
interest entity must not have been the auditor for the preceding
10, or more, years.
3.3.7 Statutory rights of the auditor

Auditors have certain statutory rights of access to information to obtain
the necessary evidence to express an opinion on the fair presentation of
the auditee’s nancial statements. Section 93(1) of the Companies Act
provides auditors with the following statutory rights:
1. e right of access at all times to the accounting records and all
books and documents of the company;
2. e right to require any information and explanations necessary
for the performance of their duties from the directors or prescribed
officers of the company;
3. In the case of an auditor of a holding company:
a) e right of access is to all current and former nancial
statements of any subsidiary of that company; and
b) e right to require any information and explanations
necessary for the performance of their duties from the
directors or prescribed officers of the company or of the
subsidiary;
REFLECTION
Did you notice the following point?
Auditors of the holding company do not have immediate right of
access to the subsidiary’s accounting records and need to direct
any information requirements through the directors or prescribed
of cers of the holding company or subsidiary.
c) e right to attend any general shareholders’ meeting;

d) e right to receive all notices of and communications relating
to any general shareholders’ meeting; and
e) e right to be heard at any general shareholders’ meeting on
any part of the business of that meeting that might concern
the auditor’s duties or functions.
WHAT What happens if a company refuses to co-operate

with their auditors in terms of granting them access
IF? to their records or providing them with the necessary
information or documents in response to their
enquiries?
Section 93(2) of the Companies Act enables an auditor
to apply to the courts if necessary to enforce their
rights of access as described above. Companies may
not restrict their auditors in terms of exercising any of
these rights and auditors can apply to have any
restrictions removed.
It is also an offence for a director wilfully and
knowingly to frustrate, or attempt to frustrate, the
performance of the auditor’s functions.
CRITICAL THINKING
Are there any services (other than the audit) that an auditor is
not permitted to perform for the auditee in terms of the
Companies Act?
We have already seen that in terms of section 90(2) the auditors
may not also act as bookkeeper, accountant or company
secretary to the company.
In addition to this, section 93(3) states that an auditor may not

perform any services for a company if:
1. The performance of those services would create a con ict of
interest for the auditors (this is supported by section 44(6) of
the Auditing Profession Act whereby an auditor may not
conduct an audit of an entity if they have, or had, a con ict of
interest); or
2. The audit committee (if the company has one) has
determined that the auditors may not perform those services.
3.4 What are the statutory requirements
to practise as an auditor?
Having become familiar with the Companies Act requirements
pertaining to the appointment, dismissal, replacement and rotation of
auditors as well as their statutory rights, let us now have a look at the
Auditing Profession Act (APA) requirements that pertain to RAs.
3.4.1 e requirements to become a Registered

Auditor
We have already seen that the Companies Act requires that a person
needs to be an RA to be appointed as the auditor of a company.
Section 37 of the APA prescribes the conditions that must be met for
a person to apply to the IRBA for registration.
CRITICAL THINKING
Why does the IRBA have to be satis ed regarding an auditor’s
eligibility to practise? Why not simply let companies evaluate
the auditors they wish to appoint?
Companies do not always have the resources or ability to
evaluate for themselves the credibility or competence of a
potential auditor.
Having a regulatory board consider the suitability of an
auditor establishes a common benchmark for the evaluation of
all auditors in terms of suitable criteria.
It is the role of the IRBA to protect the public interest in
nancial statements of companies. This must necessitate a
quality check on the auditors who are expressing opinions on the
nancial information on which the public is then placing their
reliance.
e IRBA must be satis ed as to the following before they will register
an applicant:
1. e applicant must have complied with the prescribed education,
training and competency requirements for RAs (i.e. he or she
should possess the requisite competence to practise as an auditor).
CRITICAL THINKING
What are the prescribed education, training and competency
requirements?
Currently, the only professional quali cation that meets the IRBA
education, training and competency requirements is the
Chartered Accountant (SA). So, generally, you cannot become an
RA unless you have met the requirements to be a CA(SA).
Note that this does not mean you have to be a member of
SAICA but only that you must have met their requirements for
quali cation, in other words that you are eligible to become a
CA(SA).
In addition to the requirement to be a CA(SA), the IRBA
introduced an additional requirement from 1 January 2015 that
quali ed CAs will also need to complete at least an 18-month
post-quali cation period of ‘apprenticeship’ – known as the
‘Audit Development Programme’ (ADP) – under the guidance and
supervision of an RA, who will serve as their mentor. During this
‘apprenticeship’, a prescribed number of hours on audit-related
matters will have to be completed at a level more senior than
that experienced during the three-year SAICA training contract. In
so doing, the CA(SA) will effectively become a specialist in
auditing.
2. e applicant must have arranged for his or her continuing

professional development (CPD) if he or she is not a member of an
accredited professional body. Currently, SAICA is the only
accredited professional body that can train RAs on behalf of the
IRBA. SAICA already has an established CPD policy and members
are monitored against this policy. erefore, for members of SAICA
(and therefore CAs), SAICA will effectively arrange their CPD and
will ensure that they meet their IRBA CPD requirements. However,
those applicants who have chosen not to be members of SAICA will
be required to arrange for their own CPD.
3. e applicant must be resident in South Africa.
4. e applicant must be seen to be a t and proper person to practise
in the profession (i.e. he or she should possess integrity and other
related characteristics to practise).
5. e applicant must meet any additional requirements for
registration (if any) that may be prescribed by the IRBA.
In addition to the above requirements having to be met, section 37 also

includes reference to certain circumstances under which the IRBA may
not register an individual (even if the above-mentioned conditions have
been met). ese circumstances include the following:
1. If the applicant has been removed from an office of trust because of
misconduct related to a discharge of their duties in respect of that
office;
2. If the applicant has been convicted (whether in South Africa or
elsewhere although, if committed elsewhere, the IRBA is entitled to
consider the prevailing circumstances in the foreign country) of:
• eft;
• Fraud;
• Forgery;
• Uttering a forged document;
• Perjury;
• An offence under the Prevention and Combating of Corrupt
Activities Act 12 of 2004 (PRECCA); or
• Any offence involving dishonesty (other than theft, fraud or
forgery committed prior to 27 April 1994 associated with
political objectives); and
• has been sentenced to imprisonment without the option of a
ne; or
• has been ned an amount that exceeds that which has been
prescribed by the Minister of Finance;
3. If the applicant has been declared by a court to be of unsound
mind, or unable to manage his or her own affairs; and
4. If the applicant is disquali ed from being registered under a
sanction imposed under the APA.
CRITICAL THINKING
What about unrehabilitated insolvents?
Section 37(5) directs that the IRBA may (not must, like the four
points before) decline to register an individual who:
• Is an unrehabilitated insolvent;
• Has entered into a compromise arrangement with their
creditors; or
• Has been provisionally sequestrated.
3.4.2 Firms as Registered Auditors

A rm can register to become an RA. Section 38 of the APA regulates the
circumstances under which a rm can apply for registration with the
IRBA.
e only rms that may register are the following:

1. Partnerships of which all partners are themselves RAs in their
individual capacities;
2. Sole proprietors where the proprietor is an RA;
3. Companies with the following characteristics:
a) ey are personal liability companies as de ned by sections 1,
8 and 19 of the Companies Act. Remember that this means
that all directors (past and current) are, together with the
company, jointly liable for any debts and liabilities contracted
during their period of office;
b) All shareholders are individuals who are RAs; and
c) Every shareholder of the company is also a director and every
director is a shareholder.
3.4.3 Limitations on what an auditor may do

In addition to the need to act in accordance with the IRBA’s CPC and its
Rules Regarding Improper Conduct (which are covered in Chapter 2,
section 2.4), section 41(6) of the APA speci cally prohibits auditors from
doing any of the following:
1. ey may not practise under a rm name or title unless on every
letterhead bearing the rm name or title appears:
a) e RA’s name and surname; or
b) In the case of a partnership, at least the name(s) and
surname(s) of the managing or active partners; or
c) In the case of a company, the names of the directors.
2. ey may not sign any account, statement, report or other
document that purports to represent an audit performed by them
unless:
a) e audit was performed by them, or under their supervision
and direction; and
b) e audit was performed in accordance with the prescribed
auditing standards (i.e. the ISAs).
3. ey may not perform audits unless adequate risk management
practices and procedures are in place.
4. ey may not engage in public practice (i.e. perform audits) during
any period in which they have been suspended from public
practice.
5. ey may not share any pro ts derived from performing an audit
with any person who is not also an RA.
3.4.4 Statutory duties of auditors

Section 44 of the APA requires that the auditor must be satis ed that
certain criteria relating to the audit have been met prior to expressing
an opinion (without quali cation) that the company’s nancial
statements fairly present the nancial position and results of its
operations and cash ows in accordance with the applicable nancial
reporting framework.
ese criteria include the following:

1. at the audit has been conducted free of any restrictions
whatsoever and in compliance with auditing pronouncements
(which include the ISAs);
2. at the auditor is satis ed as to the existence of all assets and
liabilities shown on the nancial statements;
3. at proper accounting records have been maintained in at least
one of the official languages of South Africa and that these re ect
and explain all transactions and record all assets and liabilities
correctly and adequately;
4. at the auditor has obtained all information, vouchers and other
documentation which in his or her opinion were necessary to
properly perform his or her duties;
5. at the auditor has not had cause to report to the IRBA in terms of
section 45 of the APA (Reportable Irregularities), or, if he or she did
have cause so to report, that a second report has subsequently
been sent to the IRBA indicating that there was in fact no
Reportable Irregularity (refer to section 3.5 of this chapter for a
discussion of Reportable Irregularities);
6. at the auditor has complied with all laws relating to the audit of
that company; and
7. at the auditor is satis ed as far as is reasonably practicable as to
the fairness of the nancial statements.
(It is worth noting that a number of the above criteria are super uous,
as compliance with the ISAs (required by criterion 1) automatically
ensures that criteria 2, 4, 6, and 7 are met.)
3.4.5 Inspections of auditors

In terms of section 47 of the APA, the IRBA may at any time inspect or
review the practice of an RA. e purpose of these inspections is to
establish that audits are being conducted in accordance with relevant
auditing standards and within relevant accounting frameworks.
As a minimum, auditors of public companies (given the degree of
public interest in these entities) must be inspected or reviewed by the
IRBA at least once every three years.
In addition to the inspection or review of an audit practice by the
IRBA, the IRBA must also investigate any matter referred to it where it
appears justi ed that an RA may be guilty of improper conduct (refer to
Chapter 2 of this book).
3.4.6 Liability of auditors for losses suffered by

the client and/or third parties
Now that we have worked through the statutory and regulatory aspects
relating to the auditor’s appointment and duties, let us turn our
attention to what happens if the auditor expresses the wrong opinion on
the client’s nancial statements! It might be a good idea to turn back to
the newspaper feature at the beginning of this chapter to revisit the
Enron collapse and the auditor’s role therein. Was it appropriate that
the auditors were found liable for the loss suffered by parties who had
placed reliance on their audit opinion?
e mere fact that the auditor expressed the wrong opinion on a
client’s nancial statements does not mean that the auditor did not do
his or her job properly. e wrong opinion could be a function of the
inherent limitations of the audit – refer to section 1.4.5.2 in Chapter 1.
In Chapter 1, it was also explained that the auditor expresses
reasonable, not absolute, assurance on whether the nancial statement
presents fairly. Hence, there is always a risk that the audit opinion will
be wrong even if the auditor performed the work with professional
competence and due care.
However, if the wrong opinion was the result of the auditor not
performing the audit properly (i.e. not adhering to the applicable audit
and ethical standards), then the auditor must be prepared to face the
consequences.
Section 46 of the APA sets out the conditions under which an
auditor may be found liable for loss suffered by clients or by third
parties who relied on an inappropriate audit opinion.
Section 46(1)(b) makes it quite clear that this section, dealing with
the liability of auditors, applies equally to the individual RA (appointed
by the rm to lead the audit) and the rm itself. ere is therefore no
distance between the individual auditor and the rm. If the individual is
found to be liable, the rm immediately becomes liable too.
DID YOU KNOW?

Most auditing rms are insured for public liability. This public
indemnity cover, in most cases, enables partners in an auditing
rm to settle claims arising from legal action taken against the
rm for issuing an inappropriate opinion.
In terms of section 46(2), no loss will be suffered by the auditor (i.e. they
cannot be held liable for any loss suffered by clients or by third parties)
unless it is proved that the opinion was expressed:
• Maliciously (done with the intent to cause harm);
• Fraudulently (done with the intent to deceive); or
• Negligently (done unintentionally through human error or oversight,
but nonetheless arising as a result of not having exercised due care in
performing the audit).
ere are some additional aspects that have to be considered that are
speci c to the auditor’s liability toward their client and toward third
parties (who rely on the opinion expressed by the auditor about their
client’s nancial statements).
3.4.6.1 Aspects of auditor liability relating speci cally to

engagement clients
By virtue of having signed an engagement letter, the auditor and
company have entered into a contractual arrangement regarding each
party’s responsibilities. If an auditor fails to meet these responsibilities
through negligence on his or her part and the company suffers loss as a
result, the auditor can be sued by the company for breach of contract
(contractual liability).
An example of this is where an auditor, by performing audit
procedures required in terms of the ISAs, detected fraudulent activity in
preparing the company’s nancial statements that resulted in nancial
losses for the company. Should an auditor have been negligent in terms
of conducting these audit procedures and thus have failed to detect the
fraud, the company may argue that it suffered nancial loss as a result
of the auditor not conducting the audit in the manner he or she should
have.
In addition to any contractual liability that may arise, the South
African law of delict may also apply to a situation where the auditor has,
through his or her actions or omissions, caused loss to the client. e
law of delict is part of common law in South Africa and applies where
one party suffers loss because of another party’s actions or omissions,
regardless of whether there are any contractual arrangements between
the parties or not.
3.4.6.2 Aspects of auditor liability relating speci cally to

third parties
Further to the requirements of section 46(2), section 46(3) goes on to
require that for an auditor who has been found to be negligent (note that
this only applies to negligence and not to malice or fraud), to be held
liable by a third party:
e auditor must have known (or have been expected to know,
• within reason) at the time that the negligence occurred that the
opinion would either be used by the client to induce a third party
• to act (or refrain from acting) or would be relied on by a third
party for purposes of a decision made in relation to the client’s
nancial statements; or
• e auditor represented to a third party, after expressing their
opinion, that the opinion was correct, while at the time knowing (or
being expected to know, within reason) that the third party would
rely on the opinion.
Since it is unlikely that audit opinions will be expressed maliciously or

fraudulently, the most common occasions leading to auditors being
found liable are those where it can be proved that the auditors have
been negligent in the performance of their duties while knowing (or
reasonably being expected to know) that third parties would place
reliance on the auditors’ opinions.
CRITICAL THINKING
How can it be proved that an auditor was negligent?
Audits are required to be conducted in terms of the ISAs. These
standards prescribe how auditors must conduct their audits and
will be the rst things that are looked at to establish negligence.
‘Did the auditors conduct the audit in terms of the
requirements laid out in the ISAs?’ If not, the auditors are likely
to be found to have been negligent in the performance of their
duties.
Although not directly relevant to auditor liability to clients and third

parties, it is worth remembering that an RA may also be investigated by
the IRBA for improper conduct (e.g. failing to adhere to the
requirements of the ISAs) and, if found guilty, sanctioned.
Details of the disciplinary process of the IRBA appear in section
2.5.2 of Chapter 2.
FURTHER READING
The following constitutes important case law regarding an

auditor’s legal liabilities for work performed:
• Cape Empowerment Trust Ltd v Fisher Hoffman Sithole1

• International Shipping Co (Pty) Ltd v Bentley2
• Thoroughbred Breeders Association of South Africa v Price
Waterhouse3
• Caparo Industries plc v Dickman4
• Scott Group Ltd v McFarlane5
3.5 What does the auditor’s statutory

responsibility to identify and respond
to Reportable Irregularities entail?
ere is much literature to support the argument that whistle-blowing
plays an important role in enhancing transparency and accountability.
In addition to the duties imposed by the IRBA’s Code of Professional
Conduct regarding the reporting of instances of non-compliance with
laws and regulations (see section 2.6.5.6 in Chapter 2), the APA
recognises that the external auditors of a company play a unique role
and can serve the public interest by blowing the whistle on wrong-
doings perpetrated by those in the governance structures of companies.
is is because they are independent from the companies that they
audit, and are, for example, not dependent on any one auditee for their
livelihood. e duty of external auditors to report wrongdoings or
‘Reportable Irregularities’ is contained in section 45 of the APA.
3.5.1 De nition of a Reportable Irregularity

In terms of section 45 of the APA, an auditor has a duty to send a written
report to the IRBA containing details about any Reportable
Irregularities that he or she is satis ed, or has reason to believe, have
happened or are happening.
Section 1 of the APA de nes a Reportable Irregularity. e de nition
has to be explored in a fair amount of detail to appreciate fully all the
conditions that need to be present for something to be regarded as a
Reportable Irregularity.
FURTHER READING
If you want to explore Reportable Irregularities in more depth:

Given the limited guidance in the APA on Reportable
Irregularities and the auditor’s statutory duty to report them, the
IRBA published a guideline document on Reportable
Irregularities in 2006. This document contains detailed guidance
on the determination of Reportable Irregularities, together with
practical examples to aid with understanding. This guide was
then revised in May 2015.
e de nition of a Reportable Irregularity as described in section 1 of

the Act is analysed in Table 3.4.
Table 3.4: Reportable Irregularities as de ned in section 1 of the

APA
DEFINITION EXPLANATION
Any unlawful act or omission … The starting point is that there

must have been a contravention
of an act of legislation or
accepted common-law principle
(either through doing something
that should not have been done
– an ‘unlawful act’ – or by
omitting to do something that
should have been done – an
‘unlawful omission’).
This contravention can be of any
act, including the Companies
Act and the Income Tax Act, for
example.
… committed by any person Persons responsible for the

responsible for the management management of an entity are
of an entity … typically persons who make
decisions affecting strategic
matters relating to the entity
and typically comprise the board
of directors and other
prescribed of cers.
This part of the de nition
excludes the nancial
accountant or any other junior
management or other employee
positions unless they are
committing the unlawful act or
omission with the consent or
knowledge of persons
responsible for management of
the entity. In this case, persons
responsible for management are
deemed to have committed the
unlawful act or omission
themselves.
… which … The de nition then goes on to

state three possible
consequences of this unlawful
act or omission that has been
committed by those responsible
for managing the company.
Any one of these three
consequences will result in a
Reportable Irregularity – it is not
necessary that they all be
present for a Reportable
Irregularity to arise.
a) has caused, or is likely to Notice that there is no reference

cause, material nancial to the concept of materiality in
loss to the entity or to any this part of the de nition. This
partner, member, suggests that the nature of the
shareholder, creditor, or act itself, and not the value
investor of the entity; OR involved, is the concern that
triggers the need to report.
Also note that the materiality of
the loss is not a reference to
audit materiality, but rather a
reference to what would be
regarded as material by the
party suffering the loss.
b) Is fraudulent or amounts to Fraud concerns acts committed

theft; OR with the intent to deceive
another person and theft
concerns the unlawful taking of
something that belongs to
another.
Notice that there is no reference
to the concept of materiality in
this part of the de nition. This
suggests that the nature of the
act itself, and not the value
involved, is the concern that
triggers the need to report.
c) Represents a material Fiduciary duty refers to the need

breach of duciary duty owed to act with the best interests of
by such person to the entity the entity and its stakeholders
or any partner, member, at heart. Actions (or inactions)
shareholder, creditor, or of the directors should not
investor of the entity. result in compromising the
entity and its stakeholders in
any way.
Note that reference is again
made here to the concept of
materiality suggesting that some
minor and inconsequential
breaches of duciary duty may
not be reportable.
3.5.2 e auditor’s reporting duties with

regard to Reportable Irregularities
Section 45 of the APA spells out the duties of the auditor when it comes
to reporting Reportable Irregularities to the IRBA.
ese duties can best be summarised as a series of steps in a process:

Step 1:
When an auditor is satis ed or has reason to believe that a Reportable
Irregularity has taken place, or is taking place, they are required to send
a written report to the IRBA advising the regulatory body of this without
delay.
Note the following:

• e duty to report arises even where the auditor only has ‘reason to
believe’. It is not necessary that the auditor become ‘satis ed’ before
reporting.
• e report needs to be sent ‘without delay’. Auditors cannot therefore
spend excessive time corroborating their ndings or suspicions
before reporting. While it is reasonable to expect that auditors will
take care to ensure that there is as reasonable a basis for their belief
as possible, this cannot result in any signi cant delay in the
reporting process.
• e report should contain sufficient detail regarding the particulars
of the Reportable Irregularity and must include any additional
information regarding the matter that the auditor feels is necessary.
• When determining whether a Reportable Irregularity has taken place
or not, the auditor is required to take into consideration information
from any source.
• e auditor reports the irregularity to the IRBA only and not to any
other party, such as the CIPC, the police, or SARS. e IRBA will then
decide whether it should report the matter to any other parties (refer
to section 3.5.3 for details).
Step 2:
Within three days of sending the report to the IRBA, the auditor must
notify the members of the management board of the entity, in writing,
of the fact that the report has been submitted.
is notice should include a copy of the report and must make
reference to section 45 of the APA and the auditor’s resultant duties in
respect of the reporting of possible Reportable Irregularities to the
IRBA.
Step 3:
As soon as is reasonably possible (but no later than 30 days from the
date that the report was sent to the IRBA), the auditor must take all
reasonable measures to discuss the report with management, including
providing management with an opportunity to make their own
representations regarding the contents of the report.
e purpose of this third step is to afford management an
opportunity to put across their perspective of the Reportable
Irregularity and thus potentially provide the auditors with further
information or evidence regarding the irregularity.
As a result of these discussions and any further information
provided by management, the auditor will then need to reach one of
three possible conclusions regarding the matter that has already been
reported to the IRBA:
1. No Reportable Irregularity had taken place or is taking place (i.e.
the auditor was wrong to have thought that the matter was a
Reportable Irregularity); or
2. e suspected Reportable Irregularity is no longer taking place and
management have taken adequate steps to prevent any further loss
and/or recover any possible loss that may have arisen from the
matter, if relevant (i.e. the auditor was correct to have reported the
matter but, having discussed it with management, management
saw where they were wrong and have taken adequate steps to
remedy the situation); or
3. e suspected Reportable Irregularity is continuing (i.e. the auditor
was correct to have reported the matter and, having discussed it
with management, management have done nothing, or have taken
inadequate steps, to remedy the situation).
Following their discussion with management in step 3 and having

determined which of the three possibilities mentioned above represents
the true state of affairs, the auditor will move into the nal step in the
reporting process.
Step 4:
Having discussed the report with management, the auditor will now
send a second report to the IRBA advising it of the results of the
discussion and the status of the Reportable Irregularity (i.e. which of the
three possibilities mentioned previously represents the current
position).
e auditors will provide the IRBA with any additional supporting
information to back up their statement regarding the current status of
the Reportable Irregularity.
On receipt of this second report, the IRBA will consider the evidence
presented by the auditor and, in the event that the matter was in fact a
Reportable Irregularity, will take any action that it believes may be
necessary in terms of advising (in writing) the appropriate regulator of
the Act that has been contravened, as well as providing full particulars
of the matter.
3.5.3 e implications of a Reportable

Irregularity for the auditee
e primary responsibility for the preparation of the nancial
statements rests with persons responsible for management of the entity
(e.g. the board of directors). Where a company is being mismanaged,
this casts doubt over the reliability of the nancial statement
information.
ird-party users of the nancial statement information presented
by a company have a right to be informed in situations where the entity
in which they have a nancial interest is being mismanaged. Section
44(2) and (3)(e) of the APA speci cally prohibits the auditor from
indicating in their auditor’s report, without any appropriate
quali cation, that the annual nancial statements are fairly presented if
a Reportable Irregularity has been identi ed and reported to the IRBA.
(Auditor’s reports and opinions are discussed in section 15.5 of Chapter
15.)
Given the prevalence of corruption and the role of the independent
auditor, it is not difficult to understand why auditors are given this
additional responsibility to assist further with the protection of the
public interest.
In addition to this, the APA’s requirement that the auditor
communicate irregularities perpetrated by the management of the
auditee to the IRBA ensures that management’s actions will not go
unnoticed. e IRBA is entitled to communicate any Reportable
Irregularity that it is informed about to any appropriate
statutory/regulatory body. So, if management evades tax, for example,
and this is detected by the auditor and reported to the IRBA, the IRBA
has the right to inform the SA Revenue Service of the contravention. In
this way, the appropriate regulatory authority or the SA Police Services
can become aware of the irregularities being perpetrated and take the
appropriate action (including holding those involved to account).
CRITICAL THINKING
What happens if the auditor does not detect a Reportable
Irregularity that did actually exist?
There is no requirement that auditors design speci c procedures
to identify possible Reportable Irregularities. Rather, should the
auditor become aware of them or have reason to believe that
they exist, the duty to report them arises.
Having said that, if an auditor does not detect a Reportable
Irregularity that they should have become aware of through the
normal course of their audit procedures, section 46(7) of the
APA holds that auditor potentially liable to any party suffering
loss as a result of the auditor’s non-reporting of the irregularity.
Should an auditor be found guilty of improper conduct in this
respect, in addition to the settlement of any loss incurred by a
party arising from the auditor’s failure to detect and report the
irregularity (through a civil claim against the auditor), the IRBA
might also take the following action in terms of section 51 of the
APA:
1. Issue a caution or reprimand to the auditing rm; and/or
2. Fine the auditor an amount not exceeding the equivalent of a
ve-year jail term; and/or
3. Suspend the right of that auditor to practise for a speci ed
period of time; and/or
4. Cancel the registration of that auditor, which would prevent
the auditor from conducting audits.
In addition to the above, section 52 speci cally states that

should an auditor fail to report an irregularity in terms of section
45, the auditor is regarded as being guilty of committing an
offence and, should he or she be convicted in a court of law
under this section, the auditor may be liable to a ne or to
imprisonment for a term not exceeding 10 years or to both a ne
and such imprisonment.
3.6 How is auditing in the public sector

different from auditing in the private
sector?
3.6.1 Background to auditing in the public
sector
Chapter 9 of the Constitution of the Republic of South Africa, 1996,
establishes the Auditor-General of South Africa as one of the state
institutions supporting constitutional democracy. e Constitution
recognises the importance of the Auditor-General and guarantees its
independence, stating that the Auditor-General must be impartial and
must exercise its powers and perform its functions without fear, favour
or prejudice.
e functions of the Auditor-General are described in the
Constitution and are further regulated in the Public Audit Act 25 of 2004
(PAA), which mandates the Auditor-General to perform constitutional
and other functions.
Constitutional functions are those that the Auditor-General performs to

comply with the broader mandate described in the Constitution and
include the mandatory audit of:
• All national and provincial state departments and administrations;
• All constitutional institutions;
• e administration of Parliament and of each provisional legislature;
• All municipalities and municipal entities; and
• Any other entity required by legislation to be audited by the Auditor-
General.
DID YOU KNOW?

The IRBA’s external auditors are the Auditor-General of South
Africa.
In addition to these functions, the Auditor-General is also required to

audit and report on the consolidated nancial statements of:
• National and provincial government in terms of the Public Finance
Management Act 1 of 1999 (PFMA); and
• Parent municipalities in terms of the Municipal Finance
Management Act 56 of 2003.
e Auditor-General may also audit and report on public entities listed

in the PFMA such as Eskom, SAA, and the SABC.
3.6.2 Who performs public sector audits?
Section 12 of the PAA requires that these audits be performed by either:
• A member of the staff of the Office of the Auditor-General; or
• A private practitioner who is an RA or someone who has the
requisite quali cations, competence and experience.
Where auditors in private practice are engaged to perform public sector

audits, their engagement and discharge is regulated through the PAA
with the Auditor-General assuming primary responsibility for the
appointment and dismissal of these auditors.
3.6.3 To what standards are these public sector

audits conducted?
In terms of sections 12 and 13 of the PAA, the Auditor-General is
responsible for determining the standards, nature and scope of public
sector audits. is needs to be done taking into account best auditing
practices both locally and internationally. As a result, these audits are
conducted largely in accordance with the International Standards on
Auditing. ere are, however, adaptations made to these standards,
where necessary, to tailor the procedures to meet the Auditor-General’s
reporting requirements in terms of the various legislation that guides
the scope of the work they need to perform.
FURTHER READING
The Auditor-General in collaboration with the IRBA issued a guide
in 2012 entitled ‘Guidance for auditing in the public sector’. This
guide provides an overview of the public sector environment
within which public sector audits are conducted, and is essential
reading for anyone wishing to gain insights into the nature of
auditing in the public sector. The guide can be accessed on the
website of the IRBA as follows:
https://www.irba.co.za/guidance-to-ras/technical-guidance-for-
auditors/public-sector
In addition to this, the IRBA published two further guidelines in
August 2015 that may also be of interest. They can also be
found at the link above.
3.7 What other legislation or regulations

may impact on the scope of the audit
function?
3.7.1 e JSE Listings Requirements
Section 22 of the JSE Listings Requirements stipulates certain
requirements that need to be met by auditors of companies listed on the
JSE in order to help the JSE uphold the integrity of the markets in which
the JSE operates.
3.7.2 What special quali cations are required

to audit a company listed on the JSE?
e JSE requires the following from auditors of listed companies:
• e auditing rm and at least three individual auditors from that
rm must be accredited on the ‘JSE list of auditors and their
advisors’;
• Where these auditors are registered with the IRBA, at least three
individual auditors must have had a le review/inspection done by
the IRBA and must only be subject to their next inspection in the
next IRBA inspection cycle; and
• e auditing rm must have at least one IFRS advisor (either internal
or external to the rm) that is accredited on the ‘JSE list of auditors
and their advisors’.
3.7.3 What are the speci c responsibilities of

auditing rms and individual auditors
conducting audits of companies listed on
the JSE?
Section 22.5 of the JSE ‘Listings Requirements’ contains a number of
speci c responsibilities for auditors of JSE-listed companies. ese
responsibilities result in audits of JSE-listed entities being signi cantly
more onerous that those of unlisted entities. is is, however, because
of the much greater degree of public interest in these entities and the
consequent need for greater protection for those placing reliance on
nancial statements from these entities.
3.7.4 e Sarbanes–Oxley Act of 2002

e Sarbanes-Oxley Act (SOX) is a United States federal law that
established new or enhanced standards for all USA public companies’
boards, management and public accounting rms. e bill was enacted
in response to a number of major corporate and accounting scandals
including those involving Enron (refer the news article at the beginning
of this chapter).
is Act has implications for South African auditors where they are
engaged to perform audits of South African companies that are
subsidiaries of public companies incorporated in the USA (and
therefore need to comply with SOX).
SOX contains 11 sections (or titles), ranging from additional
corporate board responsibilities to criminal penalties. It also facilitates
the establishment of a new, quasi-public agency, the Public Company
Accounting Oversight Board (PCAOB) charged with overseeing,
regulating, inspecting and disciplining accounting rms in their
capacity as auditors of public companies. Doesn’t this sound similar to
our South African IRBA established as part of the APA?
SOX also covers issues, for example auditor independence,
corporate governance, internal control assessment, and enhanced
nancial disclosure.
A few of the more relevant titles to South African auditors are
discussed below.
3.7.4.1 Title II – Auditor independence

Title II consists of nine sections and establishes standards for external
auditor independence to limit con icts of interest. It also addresses
auditor approval requirements, audit partner rotation requirements,
and auditor reporting requirements. It limits auditing rms from
providing non-audit services (e.g. consulting) to audit clients.
Notice the close similarity to what is addressed in South Africa
through our Companies Act and King IV™ (the latter is addressed in
more detail in Chapter 4).
3.7.4.2 Title III – Corporate responsibility

Title III consists of eight sections and mandates that senior executives of
companies take individual responsibility for the accuracy and
completeness of their corporate nancial reports. It de nes the
interaction of external auditors and corporate audit committees, and
speci es the responsibility of corporate officers for the accuracy and
validity of corporate nancial reports.
Again, a lot of this content is addressed by our own Companies Act
and King IV™ (the latter is addressed in more detail in Chapter 4).
3.7.4.3 Title IV – Enhanced nancial disclosures

Section 404 of SOX requires that companies le with the SEC annual
reports that report on management’s responsibilities to establish and
maintain adequate internal control over the company’s nancial
reporting process, as well as management’s assessment of the
effectiveness of those controls. In addition, the company’s external
auditors are required to report on management’s assessment, as well as
on the effectiveness of the company’s controls.
So, while SOX might create additional considerations for South
African auditors of American subsidiaries, in essence many of these
requirements, with the notable exception of the additional external
audit requirements imposed by section 404, have been incorporated
into South African company law and corporate governance principles
in recent years.
3.8 What role can the auditor play to aid

good corporate governance?
e King IV™ Report on Corporate Governance for South Africa 2016
(King IV™) was published on 1 November 2016. King IV™ is effective in
respect of nancial years starting on or after 1 April 2017 but immediate
transition was encouraged. King IV™ makes recommendations
regarding good governance practices for all South African
organisations. e recommended practices in King IV™ are not
mandatory but organisations should adopt an ‘apply and explain’
approach to their implementation of these recommendations.
Given the responsibilities of auditors to report on the fair
presentation of nancial statements, which enhances the integrity of
external reporting (and facilitates holding the governing body/directors
accountable for their actions), it is not surprising to nd
recommendations in King IV™ concerning the role of the auditor (both
external and internal) in assisting an organisation to establish good
governance practices.
King IV™ comprises 17 core principles of good corporate
governance, each of which then incorporates recommended practices
to assist in achieving the principle. Principle 15 deals speci cally with
‘assurance’ and requires that ‘[t]he governing body should ensure that
assurance services and functions enable an effective control
environment, and that these support the integrity of information for
internal decision-making and of the organisation’s external reports’.
With external auditors providing external assurance services to the
organisation, this principle includes recommended practices with
regard to the external audit function.
3.8.1 e combined assurance model

Recommended practice 41 of principle 15 of King IV™ states that ‘the
governing body should satisfy itself that a combined assurance model is
applied which incorporates and optimises the various assurance
services and functions so that, taken as a whole, these support the
objectives for assurance’.
Recommended practice 42 goes on to describe the various assurance

service providers and functions that should be combined to achieve this
combined assurance model. ey include:
• e organisation’s internal line functions that own and manage risks;
• e organisation’s specialist functions that facilitate and oversee risk
management and compliance;
• Internal auditors, internal forensic investigators and auditors, safety
and process assessors, and statutory actuaries;
• Independent external assurance providers such as external auditors;
• Other external assurance providers such as sustainability and
environmental auditors, external actuaries, and external forensic
fraud examiners and auditors; and
• Regulatory inspectors.
All of these different providers and functions should be co-ordinated in

a manner whereby they work together towards achieving the objectives
of the principle of assurance.
3.8.2 e concept of combined assurance

So, rather than have these various assurance providers and internal
functions all working at cross purposes, this concept has them all
working together toward the same common goal. is would reduce
inefficiencies and would provide stronger levels of overall comfort (or
assurance) for the company.
3.8.3 e role of the audit committee with
regard to the external audit function
Principle 8 of King IV™ provides recommended practices in respect of
the organisation’s committees of its governing body. One of these
committees is the Audit Committee and recommended practices 51 to
59 provide speci c guidance about the composition and functioning of
this committee.
Recommended practice 51 recommends that the audit committee
plays a pivotal role in the organisation’s management of its assurance
functions and services, with a particular focus on its combined
assurance arrangements, which will include its dealings with its
external auditors. Moreover, recommended practice 54 states that the
audit committee’s role is to oversee how nancial and other risks that
affect external reports issued by the organisation (such as nancial
statements and integrated reports) are managed.
As the audit committee should only comprise independent non-
executive members (in the case of a company, these members will be its
directors) and have an independent non-executive chair, there is a vital
‘distance’ between management of the entity and the external auditors.
As such, the committee, in the execution of its roles/duties, can play an
important role in ensuring that the external auditor is objective, is
independent, and renders a competent service in providing reasonable
assurance on the fair presentation of the organisation’s nancial
statements.
WHAT What if an entity has no audit committee (remember

that only public and state-owned companies are
IF? mandated to have audit committees)?
Will management appoint, remove and negotiate the
fee with their external auditors? Is this desirable
when it comes to preserving the auditor’s
independence? What about the possibility of
management dismissing the auditors if they do
anything contrary to management’s wishes? Might
this have a negative in uence on the auditor’s
independence?
What about a situation where management refuses to
pay the full audit fee or disputes the fees charged?
How likely is it that the auditors will oppose this,
given that it may lead to their not being reappointed
in the following year?
In the absence of an audit committee to oversee these
aspects, there are a few mitigating factors that should
help to retain the appropriate levels of auditor
objectivity and independence:
1. The appointment of the auditor still needs to be
approved at the annual general meeting by the
shareholders of the company (and auditors are
entitled to make representation to these
shareholders if they are inappropriately or unfairly
dismissed by management).
2. The auditor is required to adhere to the IRBA’s Code
of Professional Conduct, which requires the auditor
to continuously identify and adequately safeguard
any signi cant threats to his or her objectivity and
independence.
King IV™ (recommended practice 58) recommends that the audit

committee should meet annually with the external auditors, without
management being present, to facilitate an exchange of views and
concerns that may not be appropriate for discussion in an open forum.
Furthermore, King IV™ (recommended practice 59) recommends that
the following matters in respect of the audit committee’s role, with
regard to the external auditor speci cally, be disclosed:
1. Whether the audit committee is satis ed that the external auditor is
independent of the organisation, including reference to:
a) Policies and controls over the provision of non-audit services
by the external auditor;
b) e tenure of the external audit rm (the length of the
relationship between the external auditor and the
organisation);
c) e rotation of the designated external audit partner; and
d) Whether signi cant changes in the management of the
organisation may mitigate the risk of familiarity between the
external auditor and management.
2. Signi cant matters that the committee has considered in relation
to the annual nancial statements, and how these were addressed.
3. e committee’s views on the quality of the external audit, with
reference to ndings contained in any inspection reports issued by
the external audit regulators on the external auditor.
4. e arrangements put in place for combined assurance and their
view on how effective these are.
1. e Companies Act 71 of 2008, together with the Auditing
Profession Act 26 of 2005, prescribes and governs the appointment
of an external auditor for a public company. (LO 1)
2. A person who was the prescribed officer of the company four years
ago cannot be appointed as the auditor of that company. (LO 4)
3. Unrehabilitated insolvents can never become Registered Auditors.

(LO 4)
e external auditor of a holding company, who is not also the
4. external auditor of the subsidiaries, has the right of access to all
accounting records, books and documents of all companies in the
group. (LO 6)
5. An auditor can be sued by the company he or she audits for breach

of contract if the auditor is negligent in the performance of his or
her duties. (LO 7)
6. After having reported a matter to the IRBA as a Reportable

Irregularity, the auditors have to inform management of the
auditee of the contents of the report as soon as is reasonably
possible but not later than 30 days from the date of the report. (LO
8)
For questions 7 to 14, select the correct answer/s. More than one
answer is possible:
7. Which of the following statements is/are true for a company that
does not have a statutory requirement to be audited? (LO 3)
a) ey might have to be independently reviewed as a statutory
requirement.
b) eir directors might voluntarily choose to have the company
audited even if it does not need to be.
c) e company’s Memorandum of Incorporation might require
it to be audited even if it does not need to be.
d) e company might not even have to be independently
reviewed.
8. Which of the following statements is/are false? (LO 5)

a) Auditors cannot resign themselves. ey can only be removed
by the shareholders.
b) Auditors are allowed to resign if their audit fees are
outstanding and overdue.
An auditor should consider resigning if a signi cant ethical
c)
con ict arises in their appointment.
d) In terms of the Companies Act 71 of 2008, a company should
change its auditing rm every ve years.
e) A company’s auditor has the right to attend any general
shareholders’ meeting of the company.
9. Which of the following courses of action might the IRBA take

should a Registered Auditor be found guilty of improper conduct
following a disciplinary hearing? (LO 7)
a) ey can deregister the auditor from the IRBA.
b) ey can suspend the auditor’s right to practise as an auditor
for a speci ed time period.
c) ey can ne the auditor.
d) ey can imprison the auditor for a period of up to ve years.
10. Which of the following conditions are not likely to result in a matter
being regarded as a Reportable Irregularity? (LO 8)
a) An unlawful omission has taken place (i.e. the directors have
neglected to do something that they should have done in
terms of a statutory requirement).
b) An unlawful act was committed by a sales representative of the
company.
c) An unlawful act is only likely to cause potential loss (i.e. no
actual loss suffered yet).
d) An unlawful act amounts to theft but is an immaterial amount.
e) An unlawful act that constitutes a breach of duciary duty
through a relatively minor single infringement of the
Companies Act.
11. Which of the following options might be communicated by an
auditor to the IRBA in their second (follow-up) report? (LO 8)
a) e matter has been discussed with management and no
Reportable Irregularity has actually taken place.
b) e matter has not yet been discussed with management
despite reasonable attempts on the part of the auditor to do
so.
c) e matter has been discussed with management who have
subsequently taken steps to recover any loss and/or prevent
any further or future loss.
d) Although the matter has been discussed with management,
they have not yet taken steps to address the matter.
12. Which of the following statements is/are false? (LO 9, 10 & 11)
a) e audits of municipalities are regulated by the Public Audit
Act 25 of 2004 and not by the Auditing Profession Act 26 of
2005.
b) e Auditor-General is required to audit entities listed in the
Public Finance Management Act (such as Eskom or the SABC,
for example).
c) e Auditor-General is accountable to the IRBA and is subject
to the same IRBA disciplinary process as any registered
auditing rm.
d) Mandatory audits conducted by the Auditor-General in terms
of the Public Audit Act may only be carried out by staff who
are registered with the IRBA as Registered Auditors.
e) South African subsidiaries of American publicly listed
companies need to comply with the requirements of the
Sarbanes-Oxley Act, even though these subsidiaries are not
registered in the USA.
f) e JSE Listings Requirements create additional
responsibilities for auditors of companies listed on the JSE.
13. Which of the following responsibilities does the audit committee

have with regard to the external audit function in terms of the
recommendations in King IV™? (LO 12)
a) ey review the quality of the external audit.
b) ey consider the degree to which the external auditor is
sufficiently independent of the organisation.
c) ey consider the degree to which the external auditor can
provide non-audit related services to the company.
d) ey review the overall effectiveness of the external audit
process as a part of combined assurance for the organisation.
14. Which of the following entities do not need to be audited? (LO 2)

a) State-owned companies
b) Non-pro t companies incorporated by an international entity
c) Pro t companies that do not hold assets in a duciary
capacity on behalf of third parties but that have a public
interest score of at least 100 (but less than 350) and have their
nancial statements independently compiled and reported on
d) Close corporations with a public interest score of more than
350.
15. Why is it acceptable that a pro t company (that does not hold
assets in a duciary capacity for third parties) with a public interest
score of less than 100 is not required to be audited? (LO 2)
16. What does a company need to do if it wants to replace its auditors?
(LO 5)
17. Describe the combined assurance model as recommended by King

IV™. (LO 12)
1 (200/11) [2013] ZASCA 16 (20 March 2013).

2 (138/89) [1989] ZASCA 138; [1990] 1 All SA 498 (A) (10 October 1989).
3 (416/99) [2001] ZASCA 82 (1 June 2001).
4 [1990] 1 UKHL 2 (08 February 1990).
5 [1978] 1 NZLR 553.
THE AUDITEE’S PART
RESPONSIBILITY FOR B
CHAPTER 4 Basic concepts of governance

and internal control
CHAPTER 5 Introduction to risks and internal
controls in a computerised
environment
CHAPTER 6 Revenue and receipts cycle
CHAPTER 7 Purchases and payments cycle
CHAPTER 8 Inventory and production cycle
CHAPTER 9 Human resources cycle
CHAPTER 10 Investment and nancing cycle
Basic concepts of CHAPTER 4
governance and
internal control
Rika Butler
CHAPTER CONTENTS
Learning outcomes
Reference list
4.2 What is the relationship between governance and internal
control?
4.4 How does one design a system of internal control?
LEARNING OUTCOMES
1. Describe the need for and the purpose of governance and

internal control.
2. Explain who is responsible for governance and the
implementation of a sound system of internal control.
List and brie y explain the components of a system of internal
3. control.
4. Describe the process that should be followed to ensure that

proper risk management takes place.
5. List and brie y explain the various risk responses available to
management to address risk.
6. Describe the various control activities (internal control measures)
that can be implemented to ensure that risk is mitigated
appropriately.
7. Explain why a system of internal control can only provide
reasonable assurance about the achievement of the entity’s
control objectives.
8. List and explain the generic control objectives.
9. Describe the relationship between control objectives and
assertions.
10. Brie y explain the process that should be followed to design a
proper system of internal control.
11. Link risks to control objectives.
12. Describe the relationship between control objectives and internal
control.
13. Explain the need for both preventative and detective and
corrective controls in a system of internal control.
14. Distinguish key controls from compensating controls.
15. Name and brie y describe the various business cycles within an
entity.
REFERENCE LIST

Corporate Governance for South Africa 2016.
Understanding the Entity and its Environment. Appendix 1.

In Chapter 1, we learnt that when the rst businesses were formed, the
owners of the businesses also acted as the managers of these
businesses. However, as businesses grew larger, it became increasingly
more common that the owners (shareholders) of businesses no longer
necessarily acted as the directors or managers of the businesses. is
situation necessitated that the shareholders obtain an independent
opinion from the external auditor on the fair presentation of nancial
statements prepared by the directors. It also became necessary to
develop guidelines for how the directors and managers of a company
(or the governing body of an organisation, if not a company) should act
to protect and manage (govern) the interests of the shareholders and
other stakeholders appropriately.
is led to the introduction of the concept of corporate governance
worldwide. Various countries began developing such guidelines for
directors. Internationally, the Treadway Report was issued in the United
States of America (USA) and the Cadbury Report in the United Kingdom
(UK). Ultimately, this led to the appointment of the King Committee in
South Africa in 1992, which issued the rst King Report on Corporate
Governance (King I) in South Africa in November 1994. Since then,
three more reports have been issued by the King Committee, namely,
the second King Report on Corporate Governance (King II) in 2002, the
third King Report on Corporate Governance (King III) in September
2009, and the fourth King Report on Corporate Governance (King IV™) in
November 2016.
According to King I, corporate governance is ‘the system by which
companies are directed and controlled’ to ensure transparency,
accountability, responsibility and fairness to all the stakeholders of the
company. e board of directors (or governing body) should take
responsibility for sound corporate governance and create the necessary
structures and processes to ensure that the entity complies with the
principles of King IV™. King IV™ also supports the delegation of certain
functions to well-structured committees that assist the board of
directors (or governing body) in the execution of its responsibilities in
respect of governance.
4.2 What is the relationship between

governance and internal control?
4.2.1 Risks in a business
Risks are an integral part of any business striving to achieve its
objectives. King IV™ de nes risk as:
… uncertain events, including the likelihood of such events

occurring and their effect, that could in uence, both in a negative
and a positive manner, the achievement of the company’s
objectives. It includes uncertain events with a potential positive
effect on the organisation (i.e. an opportunity) not being captured
or not materializing.
Risk can, for example, arise from the type of business or industry in
which an entity operates, the appointment of new employees, changes
in business models, changes to processes and product ranges, complex
transactions and complicated calculations. e level of involvement
and the sophistication of a computerised system used by an entity may
also affect risk.
Anything that threatens the achievement of the objectives of the
entity is regarded as a business risk. According to ISA 315.04(b), a
business risk is ‘(a) risk resulting from signi cant conditions, events,
circumstances, actions or inactions that could adversely affect the
entity’s ability to achieve its objectives and execute its strategies, or from
the setting of inappropriate objectives and strategies’. ISA 315.A38 states
that business risk may be attributed to change or complexity, or failure
to adapt to change.
According to King IV™, risk includes a combination of the probability
(likelihood) of an event occurring and its consequences (impact on an
entity’s ability to achieve its objectives). e event that gives rise to the
risk may be the occurrence of a particular set of circumstances, which
may be certain or uncertain, and may be a single event or a series of
occurrences. e consequence(s) of a risk refers to either the positive or
negative impact of the risk, and the magnitude thereof, for the entity.
Examples of negative consequences include theft of goods,
irrecoverable debts, fraud, nancial loss, dissatis ed customers,
inaccurate or incomplete nancial recording and reporting, and nes
for not complying with relevant legislation. Positive consequences
include additional revenue and improved customer satisfaction.
4.2.2 Risk management

It is essential that the risks that an entity faces be managed (governed).
Principle 11 of King IV™ deals with the governance of risk, which is
called risk management. Risk management includes the identi cation
and evaluation of actual and potential risk areas as they pertain to the
company as a total entity, followed by a process of responding
adequately to the risks identi ed and evaluated.
Risk identi cation refers to the process of identifying the risks to
which the entity is exposed. It is essential that all types of risks to which
the entity is exposed be identi ed. King IV™ suggests that, in order to
achieve proper risk management, the risks and opportunities
emanating from the triple context in which the entity operates (the
economy, society and environment) as well as the capitals that the
entity uses and affects ( nancial, manufactured, intellectual, human,
social and relationship and natural capital) should be considered.
e process to determine the signi cance of a risk is known as risk
evaluation. It involves considering the potential impact of the risk on
the entity and the likelihood that the particular risk may materialise,
and then quantifying (if possible), ranking and prioritising the
identi ed risks.
After the processes of risk identi cation and risk evaluation, the
entity should decide on an appropriate risk response for each of the
identi ed risks. e appropriate risk response will depend on the risk
evaluation, in other words, the probability that the risk will materialise,
the consequences if the risk materialises, as well as the risk tolerance
levels determined by the board and the risk appetite of the entity. An
entity’s risk appetite refers to the entity’s propensity to accept risk in
the achievement of its objectives (e.g. how much and what types of risks
the entity is willing to accept). e levels of risk tolerance are the
speci c quanti ed limits of the risk that the entity is able to tolerate in
its endeavours to achieve its objectives. Risks exceeding the risk
tolerance levels would be unacceptable, whereas risks below the risk
tolerance levels would be acceptable. e risk that remains after
treating the risk with the most appropriate risk response is known as
residual risk.
REFLECTION
When would an entity regard a particular risk as ‘unacceptable’?
Risk responses available to management include the following:

• Tolerance or acceptance of the risk: A risk is tolerated or accepted
because the combination of the probability of the risk being realised
and its possible impact is lower than the risk tolerance levels that
were set by the board. Choosing this response means that an entity
will only react to a particular risk when and if it occurs. is will most
likely be the response to insigni cant risks, or risks where the cost to
recover from negative consequences is less than the cost associated
with investigating and planning for the risk.
• Transferring the risk to a third party: is means that the risk is not
eliminated but that the entity merely moves the responsibility for the
risk to someone else outside the entity (a third party). Acquiring
adequate insurance is one way in which to transfer the negative
consequences associated with a particular risk to a third party. e
insurance premium paid to the insurer is usually much lower than
the cost that would be incurred if the risk did materialise, which
makes transferring the risk a viable risk response.
• Mitigation (treatment or reduction) of identi ed risks: is type of
response means that the entity implements some kind of treatment
or measure that will reduce the probability and/or impact of an
unacceptable risk (i.e. a risk that exceeds the risk tolerance levels) to
a level that falls below the maximum risk tolerance levels of the
entity. Designing, implementing and maintaining a suitable system
of internal control represents one way in which risks can be
mitigated. is type of response is discussed in section 4.3 of this
chapter.
• Avoidance or termination of the activity or process that creates
the risk: is means that the possibility of the risk occurring is
eliminated altogether by, for example, adding more resources or
time, avoiding unfamiliar and high-risk conditions or activities, or
acquiring the assistance of an expert.
• Exploitation of the opportunity created by the risk: When the risk
presents an opportunity that an entity can exploit for its own bene t,
the entity can take the necessary action to ensure that the event that
gives rise to the risk does occur, thereby eliminating the uncertainty
associated with risk events.
• A combination or integration of any of the above-mentioned risk
responses.
According to Principle 11 of King IV™, the overall responsibility to

ensure that proper risk governance takes place lies with the board of
directors of a company, which may be assisted by board committees
(such as the risk governance committee). e risk appetite and risk
tolerance levels for the entity are determined by the board.
e board of directors should delegate to management the
responsibility to implement and execute effective risk management. A
documented risk management policy and plan should be compiled by
management for approval by the board. e operational level of
management is responsible for the risk assessment, as well as for
implementing the systems and processes necessary to execute the risk
management plan of the entity in its day-to-day activities.
A risk register, documenting relevant information about the
identi ed risks, should be compiled and regularly updated. Aspects to
be documented in the risk register include the key risks to which the
entity is exposed, the likelihood that these risks may materialise, the
potential impact on the business should the risks materialise, as well as
management’s responses to each of these risks.
Figure 4.1: Risk register
e extract from the risk register of Ntsimbi Piping above is merely an

extract from a much larger document that contains all the risks to which
Ntsimbi Piping is exposed. e extract above shows only four risks
taken from one speci c type of risk, namely the ‘Operational risk’
section of the risk register. Note that the probability and impact of each
risk is noted, and then a risk score is calculated for each risk as a way in
which to rank and prioritise the risks before the implementation of the
risk responses. Appropriate risk responses should be determined for
each of the risks noted in the risk register. In the extract in Figure 4.1
only the risk response for risk number 1 is provided as an example. e
responses implemented should be sufficient to reduce the residual risk
to within the board’s risk tolerance level.
REFLECTION
On which of the risks contained in the extract of the risk register
of Ntsimbi Piping in Figure 4.1 should the management focus
rst?
e board should perform ongoing oversight of the risk management

process applied within the entity. Internal audit also has a role to play in
risk management in that it provides assurance to the board, by way of a
written assessment, on the effectiveness of risk management systems
and related controls in the entity (i.e. monitoring the effectiveness of
the risk management systems and controls in the entity).
Furthermore, the board should ensure that adequate processes are
in place to enable complete, timely, relevant, accurate and accessible
risk disclosure to all stakeholders of the entity. e board should
disclose in the integrated report aspects such as the entity’s risk
tolerance levels, the key risks the entity faces as well as any unexpected
or unusual risks that the entity was confronted with during the
reporting period.
Refer to note 22 in the notes to the annual nancial statements of
Ntsimbi Piping for risk management disclosure (although these are
limited to nancial risks – disclosure of which is required by the
International Financial Reporting Standards). Most JSE-listed
companies today report on their risk management practices more
holistically in their integrated reports.

4.3.1 A system of internal control
As explained in the previous section, mitigating risk through the
implementation of the necessary measures, such as systems, policies
and procedures, is one of the risk responses that may be implemented
to ensure that the risks to which an entity is exposed are properly
addressed. ese systems, policies and procedures are referred to as the
system of internal control of the entity.
Internal control is de ned in the IAASB Glossary of Terms as:
e process designed, implemented and maintained by those

charged with governance, management and other personnel to
provide reasonable assurance about the achievement of the
entity’s objectives with regard to the reliability of nancial
reporting, effectiveness and efficiency of operations, and
compliance with applicable laws and regulations.
e following important aspects emerge from the de nition of internal
control above:
• Internal control is a process that is designed, implemented and
maintained to achieve the entity’s objectives. is necessitates a
system of internal control that involves a combination of the
necessary systems, policies and procedures. A system of internal
control consists of ve components. ese components are
discussed in section 4.3.2 of this chapter.
• e responsibility for designing, implementing and maintaining the
system of internal control resides with those charged with
governance of the company (i.e. the board of directors),
management and other personnel. Internal controls are executed by
people, or, to a certain extent, by computers in computerised
environments. e board should acknowledge its responsibility in
respect of internal control in the integrated report. Refer to page 4 of
the annual nancial statements of Ntsimbi Piping where the board
clearly sets out its responsibilities in this regard.
• As recommended in Principle 11 of King IV™ the board is required to
evaluate the need for them to receive periodic independent
assurance regarding the effectiveness of risk management and to
report to the shareholders on the effectiveness of the entity’s system
of internal control. In meeting these responsibilities, the board
would take assurance from written assurance reports prepared by
the internal audit function, which assesses the effectiveness of the
entity’s system of internal control (refer to Chapter 1 section 1.4.8.2).
In addition, internal audit should also provide a written assessment
of the internal nancial controls to the audit committee, one of the
subcommittees of the board.
• e system of internal control has to be suitably designed,
implemented and maintained to achieve the particular objectives of
the entity (ISA 315.A52). e appropriate internal control measures
that need to be implemented in a particular situation are
determined based on the risks that the particular entity faces and
which threaten the achievement of the entity’s objectives in respect
of the following areas:
• e reliability of the entity’s nancial reporting;
• e effectiveness and efficiency of its operations; and
• Compliance with applicable laws and regulations.
One could therefore say that internal controls can have three types of
objectives, namely, nancial reporting objectives, operational
objectives and compliance objectives. As the nancial reporting
objectives and the controls necessary to ensure reliable nancial
reporting are the responsibility of the accounting department and
the nancial director, and are closely related to the audit process,
this constitutes the focus of this text.
• e system of internal control can only provide reasonable
assurance that the numerous risks that threaten the entity’s
objectives are addressed. is is due to the inherent limitations of
any system of internal control. ese limitations are discussed in
section 4.3.3 of this chapter.
REFLECTION
Does this mean that the same system of internal control will be
appropriate and adequate for different entities?
e way in which the system of internal control is designed,
implemented and maintained varies with the size and complexity of the
entity concerned, as well as with the risks faced by the particular entity.
In addition, computers may form part of a system of internal control to
varying degrees, depending on the nature and extent of
computerisation of the entity’s nancial system. Computer controls are
discussed in Chapter 5.
4.3.2 Components of a system of internal

control
e previous section explained that the system of internal control
consists of a process that involves a combination of the necessary
systems, policies and procedures. A system of internal control consists
of ve components. Management will use a combination of these
components to design a suitable system of internal control for a
particular entity in order to mitigate appropriately the risks faced by
that particular entity. It is important to note that although the risks to
which an entity is exposed may differ from entity to entity, all ve of the
components discussed below have to be present in order to have a
sound system of internal control.
e ve components of internal control are (refer to ISA 315.A59):

1. Control environment;
2. Entity’s risk assessment process;
3. Information system, including the business processes relevant to
nancial reporting, and communication;
4. Control activities; and
5. Monitoring of controls.
Each of the components is discussed in the sections that follow.
4.3.2.1 Control environment (refer to ISA 315.A77–A78 and

ISA 315 Appendix 1 paragraph 2)
e control environment encompasses the attitude of management
(including the board and senior management) towards internal control.
If management does not feel positive towards internal control and does
not design, implement and maintain a sound system of internal control,
the employees who are supposed to execute the internal control
measures will not realise the importance of internal control and may
tend not to apply the internal control measures properly, as they know
that management is not control-conscious. Management’s attitude and
the example that they set provide the control environment in which the
other components of a proper system of internal control can function.
For this reason, the control environment is one of the most important
components of an internal control system.
According to ISA 315, management can create and foster a positive

attitude towards internal control by doing the following:
• Communicate and enforce integrity and ethical values throughout
the entity to all employees who are involved in the development,
application and monitoring of internal control. is may be
accomplished by preparing and enforcing a code of ethical conduct
(e.g. as recommended by King IV™).
• Be committed to competence. Management must ensure that all
employees have the necessary skills, knowledge and competence to
perform their duties properly. Proper human resources policies and
practices should be enforced to ensure that employees are
competent to perform their duties (including performing internal
control procedures). To achieve this, activities such as following a
proper hiring and appointment process, providing proper training
and evaluation, performing personnel assessments, and offering
promotion opportunities and adequate remuneration for employees
may be required.
• Ensure that those people charged with governance (e.g. the audit
committee) participate and that they act appropriately and support
management in their internal control efforts.
• Support their commitment to effective risk management and
internal control as well as adherence to the ethical values for which
the entity strives through its philosophy and operating style.
• Demonstrate good leadership and judgement.
• Develop and put in place an organisational structure that clearly
assigns authority and responsibility and sets out clear reporting lines
within the entity.
4.3.2.2 Entity’s risk assessment process (refer to ISA

315.A88 and ISA 315 Appendix 1 paragraphs 3–4)
An entity’s risk assessment process refers to the way in which the entity
deals with the governance of risk as set out in Principle 11 of King IV™.
e process of risk management was discussed in section 4.2.2 of this
chapter.
Risk assessment is referred to as the overall process of risk
identi cation, risk quanti cation and risk evaluation in order to identify
potential opportunities and minimise loss. It is important that
management identi es and responds appropriately to all relevant risks
that threaten the achievement of the business objectives, including
(and speci cally important for this section) the risks that relate to
nancial reporting that could affect the fair presentation of the nancial
statements. Although a systematic, documented, formal risk assessment
should be conducted at least once a year, risk assessments should
continually be reviewed, updated and applied.
4.3.2.3 Information system, including the business

processes relevant to nancial reporting, and
communication (refer to ISA 315.A90–A91, A93–
A95, A97 and ISA 315 Appendix 1 paragraphs 5–8)
e information system relevant to nancial reporting creates the audit
trail of each transaction and event to which the entity is party, and
includes all the processes and activities of the entity involved in
preparing the nancial information. e information system may be
computerised to varying degrees and, if so, will consist of the hardware,
software, people, procedures and data necessary to produce the
nancial information.
e information system relevant to nancial reporting includes the
accounting system and consists of the procedures and records
created as a transaction ows through the accounting system, as well as
the business processes of the entity that relate to the particular
transaction.
Information and reports generated by the information system
relevant to nancial reporting have to be communicated internally to
relevant employees and management, as well as to relevant external
parties such as the shareholders. To enable this, nancial reporting
roles and responsibilities in the entity have to be clearly determined
and communicated. e personnel involved in nancial reporting also
have to understand how internal control over nancial reporting relates
to their individual roles and responsibilities and how it affects the work
of others. Any exception found must be reported to a responsible
person to ensure it is addressed appropriately. To enable proper
nancial reporting, adequate communication relating to all aspects of
the information system is essential.
4.3.2.3.1 e information system relevant to nancial reporting

Each day numerous transactions with nancial implications occur and
are processed by an entity, for example, transactions when the entity
sells goods, buys raw materials to use in the manufacturing process, and
pays salaries and wages to employees. Various procedures and records
keep track of the transaction as it is processed by the entity and its staff.
According to ISA 315.A90 the information system relevant to nancial

reporting includes the procedures and records designed and
established to:
• Initiate, record, process and report the transactions (as well as events
and conditions) of the entity and to maintain accountability for the
related assets, liabilities and equity;
• Process both standard journal entries and non-standard journal
entries to record non-recurring, unusual transactions or adjustments
(e.g. consolidation adjustments and estimates for the impairment of
assets);
• Resolve incorrect processing of transactions on a timely basis;
• Process and account for system overrides or bypasses of controls;
• Transfer information from transaction processing systems to the
general ledger;
• Capture information relevant to nancial reporting for events and
conditions other than transactions; and
• Ensure the information required to be disclosed by the applicable
nancial reporting framework is accumulated, recorded, processed,
summarised and appropriately reported in the nancial statements.
e accounting system documents the path that each transaction

follows in the entity from where the transaction is initiated to its
ultimate inclusion in an amount or disclosure that appears in the
nancial statements. e accounting system includes the procedures
and records relevant to nancial reporting, which is the third
component of the system of internal control. It provides a system
whereby the information relating to nancial transactions is collected,
recorded, classi ed, summarised, analysed and interpreted.
Although the accounting system through which a transaction ows

differs according to the class of transaction, every transaction typically
goes through the following four stages in the accounting system:
1. Initiate or execute: is stage pertains to the physical activities
relating to where the transaction is initiated (e.g. when a customer
places an order) or the performing of activities to complete the
initiated transaction (e.g. picking the goods to ll approved orders
or delivering goods to customers).
2. Record: is stage is where the information applicable to each
activity is recorded. is stage may include recording the
transaction on a hard-copy source document, such as preparing an
order form when receiving an order from a customer, or preparing
an electronic source document in a computerised system. In
certain computerised systems, such as real-time systems, no
source documents may be prepared, as transactions are captured
(and processed) immediately by the computer system.
3. Process: During this stage, the transaction is processed and
corresponding entries are made in the accounting records of the
entity. For example, a delivery note and invoice are prepared and
the sales transaction is recorded in the sales journal and posted to
the general ledger and debtors ledger.
e IAASB Glossary of Terms de nes accounting records as the
records of initial accounting entries and supporting records. It
includes the general and subsidiary ledgers, journal entries, and
records such as work sheets and spreadsheets supporting cost
allocations, computations, reconciliations and disclosures. e
Companies Act requirements in respect of these accounting
records were discussed in Chapter 1 section 1.3.4.
4. Report: is stage is where the transaction is included in the
nancial statements. e transactions that ow through the
accounting system all eventually end up in the nancial
statements, either included in an amount that appears in the
nancial statements or otherwise disclosed in the notes to the
nancial statements. e nancial statements embody the
representations made by management, explicitly or otherwise,
regarding the entity (also known as assertions). Refer to Chapter 1
section 1.3.3 for a discussion of assertions.
REFLECTION
How will the use of a computerised system by an entity in uence
the above-mentioned stages that a transaction goes through?
Figure 4.2 presents the accounting system in a diagram.

Figure 4.2: The accounting system
Various people and procedures are involved in the ow of a transaction

through the accounting system at different levels in the entity. In
addition, computers may be involved in the accounting system of an
entity to a greater or lesser extent.
4.3.2.3.2 e business processes

From their initiation to their inclusion in the nancial statements,
transactions ow through various business processes in the entity.
According to ISA 315.A95, an entity’s business processes are the
activities in the entity designed to:
• Develop, purchase, produce, sell and distribute the entity’s products
and/or services;
• Ensure compliance with applicable laws and regulations; and
• Record information, including accounting and nancial reporting
information.
From the above, it is clear that the business processes of an entity

should be designed to support the entity’s objectives (i.e. the
operational objectives, compliance objectives, and nancial reporting
objectives identi ed in section 4.3.1). Although the business processes
should support all three of these objectives, the focus of this text is
mainly on the nancial reporting objectives and the business processes
and controls necessary to ensure reliable nancial reporting.
Transactions with nancial implications are initiated, recorded,
processed and reported by the information system within these
business processes. As discussed in the previous section, the
accounting system that different classes of transactions follow from
their initiation to their inclusion in the nancial statements will differ
for different classes of transactions. However, each class of transactions
is likely to follow the same or a similar path and can be grouped
together into various business cycles in the entity.
e following business cycles can be identi ed:

• Revenue and receipts cycle: is cycle deals with selling the entity’s
goods or rendering services to customers as well as the collection
and receipt of payment for the goods delivered or services rendered
(refer to Chapter 6).
• Purchases and payments cycle: is cycle deals with the entity
ordering and receiving goods or services from suppliers and making
payments for the goods or services received (refer to Chapter 7).
• Inventory and production cycle: is cycle deals with the
manufacturing of goods and the safekeeping of inventory, including
the recording of costs associated with the manufacturing process
(refer to Chapter 8).
• Human resources cycle: is cycle deals with the appointment and
dismissal of employees, keeping records of the hours they work, and
the remuneration of these employees for the work done by means of
either salaries or wages (refer to Chapter 9).
• Investment and nancing cycle: is cycle deals with the entity’s
acquisition of non-current assets, as well as the raising of funds
(through owner’s equity and long-term debt), and the subsequent
repayment thereof. It also includes accounting for related
investment income and nancing expenditure (refer to Chapter 10).
e typical business cycles in an entity and their interaction are
represented in Figure 4.3.
Figure 4.3: Business cycles
4.3.2.4 Control activities (refer to ISA 315.A99, A107–A109

and ISA 315 Appendix 1 paragraphs 9–10)
Control activities refer to those internal control measures, policies and
procedures that management designs and implements to ensure that
their objectives are achieved. In other words, control activities ensure
that the identi ed risks do not materialise (in other words, are
prevented) or, should they materialise, that they are timeously detected
and appropriately addressed. Various categories of control activities or
internal controls exist that management may apply in combination at
various organisational and functional levels in the entity to respond
adequately to the risk associated with a particular transaction or class of
transactions.
Various control activities that are available to management to
address risks relating to transactions that ow through the information
system relevant to nancial reporting are discussed below. ese
control activities form the building blocks that management can use
when designing speci c control activities to be applied to mitigate
speci c risks in the business cycles. Refer to Chapters 6 to 10 for the
control activities as they are applied in the various business cycles.
a) Documentation and records

ree controls that are important in respect of the stationery,
documents and records used in the entity’s accounting system are
document design, stationery control and the use of a chart of accounts.
i) Document design
Documents used in the accounting system for the recording and
processing of transactions (such as orders, goods received notes and
invoices) should be preprinted and designed in a way to assist in the
process of using them and to minimise the chances of making mistakes
in the completion and use thereof. In this manner, the design of the
documents will assist in ensuring the accurate and complete recording
of the relevant information relating to the transaction.
Examples of controls that assist in achieving this include:

• Having multi-copied source documents that are distributed to the
various departments or persons within or outside the entity who
need them for processing the particular transaction further along in
the accounting process;
• e use of different coloured documents to distinguish between the
types of document and/or the purpose of the particular copy of the
document; and
• e design of the document facilitating the complete and accurate
completion thereof by, for example, having certain information
preprinted on the document, the use of dotted lines, columns, and
spaces where information has to be inserted.
ii) Stationery controls

Proper stationery controls include the sequential prenumbering of
documents to facilitate the checking of the number sequence later on to
ensure completeness of recording; and the cancellation of documents
after use to prevent them from being reused by accident or deliberately
for fraudulent purposes. Also refer to d) below where the use of a
stationery register to keep track of the issue and use of stationery is
addressed.
iii) Chart of accounts

To ensure proper control over the accounting records in which
transactions are recorded, a chart of accounts is necessary. A chart of
accounts provides a list and description of all the general ledger
accounts used by an entity and can be useful for accounting staff to
identify the account to which a particular transaction should be posted.
b) Authorisation and approval

Depending on the class of transaction and/or the value of the
transaction involved, management should set different levels of
authorisation and should assign responsibility for the approval of
transactions to suitable employees whose duties are not incompatible
(refer to c) below).
Before authorising a particular transaction, the approver should
review the supporting documents and records to determine whether
the transaction is allowed in terms of the entity’s approval policy and
whether the transaction should be authorised. Evidence of approval of
transactions should be added to the document or records by way of the
signature of the approver. Having the responsible employee sign the
relevant documents and records serves as both evidence of the approval
of the transaction and evidence that a particular process or activity of
control (for example, comparison with supporting documentation) has
been performed. In addition, the signature also pinpoints a particular
employee which means that he or she can be held accountable.
Additional computerised controls can be used to facilitate proper
authorisation and approval in a computerised environment – refer to
Chapter 5 section 5.8.3.1.3 relating to logical access controls.
c) Segregation of duties
Transactions go through various stages in the accounting process, each
with its own activities and procedures that employees must perform.
Certain transactions are more susceptible to fraud and error when one
employee is responsible for handling the particular transaction from
beginning to end. If this were allowed to happen, it would be possible
for an employee to make mistakes and/or conceal errors or
irregularities without anybody detecting them.
Incompatible duties are regarded as those duties that would put a
person in a position to commit fraud or make mistakes without
anybody noticing. In such instances, it is necessary to have more than
one employee involved in the execution of the transaction, where each
employee is responsible only for certain duties associated with the
transaction. Having two or more employees performing these
incompatible duties is referred to as segregation of duties.
Critical duties regarding any transaction that should be segregated by

having different employees perform these functions are:
• Initiation of the transaction;
• Authorising the transaction;
• Executing the transaction;
• Recording the transaction; and
• Control over (safeguarding of ) the assets involved, where applicable.
Note: ere are additional duties that should be segregated in a

computerised environment – refer to Chapter 5 section 5.9.2.
For example, when one employee is responsible for ordering and
receiving goods, and making the payment for the purchase, these
incompatible functions might lead to this employee being in a position
to order, receive and pay for goods for his or her private use. Using this
example, adequate segregation of duties would involve having one
employee (such as the storeman) identifying the need for goods and
preparing an order, the purchasing manager authorising the order, a
receiving clerk receiving the goods, and the accounting department
making the payment once all the relevant documentation is received
and matched. In this way, none of these employees can misappropriate
the goods for fraudulent purposes.
REFLECTION
Think of other examples of incompatible duties in an entity that
should be divided by having two or more employees involved in
the execution of that particular transaction.
WHAT What should happen in entities where there is an

insuf cient number of employees to segregate
IF? adequately the duties referred to above?
Determine what the minimum segregation of duties is
that is required in the particular situation. Make sure
that at least those duties are segregated. If this is still
not possible, consider implementing suitable
compensating controls (e.g. independent checks
and/or monitoring controls). Refer to section 4.4.3.2
for more details about key controls and compensating
controls.
d) Access control
Where assets such as inventory and cash are involved in the execution
of a transaction, it is necessary to control access to the assets properly.
However, properly protecting assets involves more than merely
restricting physical access to assets. Proper access control includes
controls to protect the entity’s assets, stationery (documents and
records, including the entity’s nancial records) and information that
might be sensitive against, among other things, loss, damage, theft and
unauthorised access or use.
Keeping these assets behind locked doors (e.g. keeping inventory in
a warehouse), locking assets (such as cash) away in a safe and using
security guards to control access to and protect the assets are examples
of access controls. e issue and use of documentation and records can
be controlled through the use of a stationery register.
Additional computerised controls can be used to facilitate proper
access control in a computerised environment – refer to Chapter 5
section 5.8.3.
e) Independent checks and reconciliations

Especially in a non-computerised environment, it is necessary that the
work of a person be independently checked or reviewed by a second
person. For example, a second employee checks the clerical accuracy of
an invoice prepared by another employee, or the foreman checks the
hours computed and recorded on the clock card by the factory
administrative clerk. In addition, it is important that a second
independent employee review all reconciliations performed in the
entity.
Performance of the review should be evidenced by a signature of the
reviewer. Having the reviewer sign or at least initial documents or
records after the review or reconciliation was performed serves as both
evidence that the particular process or activity of review was performed
and pinpoints responsibility.
Regular reconciliations between physical and recorded assets, as
well as between two different sets of recorded information, have to be
performed to identify any differences for investigation and resolution.
Examples of reconciliations include comparing the physical inventory
counts with the theoretical inventory recorded in the accounting
records after an inventory count, performing a bank reconciliation
where the cash book is compared to bank statements, and performing a
debtors reconciliation by comparing the debtors ledger to the debtors
control account in the general ledger.
4.3.2.5 Monitoring of controls (refer to ISA 315.A110–A111

and ISA 315 Appendix 1 paragraphs 11–13)
Although a system of internal control might have been properly
designed, it is the actual implementation and application of the internal
control measures that will ultimately determine whether the system of
internal control is effective in preventing risks from materialising, or
detecting and correcting the effects thereof. It is therefore important
that management assesses the effectiveness of the design and operation
of internal control measures on an ongoing and timely basis, and takes
the necessary corrective actions where applicable. Monitoring may be
done by supervisors, by management or any other party charged with
governance, depending on the circumstances.
As mentioned in section 4.3.1, the internal audit function is
responsible for performing assessments of the effectiveness of the
system of internal control and internal nancial controls, and for
providing assurance reports to the board and the audit committee.
Other examples of monitoring controls designed to assess the
effectiveness of controls include management monitoring the amount
of bad debts written off over time, to assess whether the internal
controls to address the risk of bad debts being incurred are effective, or
monitoring the number of customer complaints about mistakes on their
statements to monitor the effectiveness of controls surrounding sales
invoicing and recording.
4.3.2.6 Diagrammatic representation of the system of

internal control
Figure 4.4 represents the ve components of internal control described
above. e ve components of internal control are interlinked. It is
important to note that all ve of these components must be present in
order to present a sound system of internal control that adequately
addresses the risks to which an entity’s nancial reporting is exposed.
It is also important to notice that the control environment extends
right around the whole system, which implies that, without a sound
control environment, a proper system of internal control cannot exist.
Figure 4.4: The system of internal control
4.3.3 Inherent limitations of a system of

internal control (refer to ISA 315.A54–
A56)
Despite the best intentions about the design and implementation of a
proper system of internal control, even the best system of internal
control can provide only reasonable assurance that the control
objectives set by management are achieved and that all the risks that
were identi ed are being addressed. is is due to the inherent
limitations of systems of internal control.
e inherent limitations of any system of internal control are the

following:
• Management can and will only implement internal controls that are
cost-effective for the entity as a whole (and based on their
assessment of the related risks). In other words, they will not
implement all the internal controls that might be available.
• e internal controls that are implemented are usually directed at
routine transactions and not at out-of-the-ordinary transactions
(exceptions). e exceptions are therefore more susceptible to error
and fraud.
• As internal controls are executed by the employees of an entity, there
is always the risk of mistakes being made through human error or
the fact that the employee misunderstood a certain internal control
measure or did not fully comprehend the purpose of the internal
control measure. For controls that are fully computerised (i.e. no
human involvement), this would not be the case.
• e judgement that has to be exercised by an employee in applying
an internal control measure may be incorrect for a number of
reasons, including time constraints and insufficient information
being available.
• Despite the fact that a system of internal control may have been
designed with the intention of proper segregation of duties, two or
more employees, or an employee and a person outside the entity
(such as a supplier) may collude to override the internal control
measures.
• A member of management or employee in charge of executing an
internal control measure may abuse his or her responsibility and
override internal control measures for his or her own bene t.
• Internal control measures may become inadequate over time owing
to changes within the entity or changes in the risks to which the
entity is exposed, without the required amendment of the internal
control system to address properly the changes in risks.
ese inherent limitations can never be eliminated. ese limitations

give rise to an ever-present risk that management’s control objectives
will not be achieved.
4.3.4 Impact when the system of internal

control does not operate as intended
When an inadequate system of internal control is designed, or a system
of internal control that was properly designed is operating ineffectively,
or in situations where internal controls fail due to the inherent
limitations of internal control discussed in section 4.3.3, there is a high
probability that the risk that the internal control measures was
originally designed to prevent, or detect and correct, could materialise.
erefore, it is essential that the system of internal control be monitored
continuously to ensure that weaknesses in internal control are
identi ed and addressed timeously. e consequences of weaknesses
in internal control could include unauthorised transactions, fraud,
inaccurate nancial information, incorrect decisions and sizeable
nancial losses to the entity.
WHAT What should management do when a weakness in

internal control is identi ed?
IF? Effective risk management is a continuous process and
the system of internal control should continuously be
monitored and maintained. When weaknesses in
internal control are detected, management should take
immediate action to address the matter, as such
weaknesses could result in fraud and error.
Management should investigate the weakness(es) (e.g.
determine why and where the weakness occurred, for
how long it has been happening and what
consequences have been suffered as a result of the
weaknesses) and make sure that the necessary steps
are taken to prevent it from happening again. Refer to
section 4.4 for the steps that management should
follow to ensure that a suitable system of internal
control is in place.
4.4 How does one design a system of
internal control?
Sections 4.2 and 4.3 of this chapter explained that, in order to ensure
that risks in an entity are adequately addressed, a system of internal
control has to be designed, implemented and maintained by the
management of the entity as part of an effective risk management
process.
In order to design a suitable system of internal control, management

should go through three steps, namely:
Step 1: Identify the risks associated with a particular transaction or
class of transactions (things that could go wrong), from where it
is initiated to its ultimate inclusion as an amount or disclosure
in the nancial statements.
Step 2: Formulate the control objectives for the particular transaction
or class of transactions (what the system is required to ensure
or achieve in respect of the particular transaction).
Step 3: Use the ve components of a system of internal control (refer to
section 4.3.2) to design a proper system of internal control to
address the risks (and achieve the control objectives) for that
particular transaction or class of transactions. e system of
internal control as designed should then be implemented,
maintained, and monitored.
4.4.1 Step 1: Identify the risks

As discussed in section 4.2.1, every entity is faced with various risks to
which it should respond in order to prevent the consequences
associated with the risk being realised. In addition, every business
transaction that an entity enters into has certain risks associated with it,
from where it is initiated to its ultimate inclusion as an amount or
disclosure in the nancial statements. Sections 4.2.2 and 4.3.2.2
explained that in order to ensure that management responds
adequately to these risks, a proper risk assessment and risk
management system should be in place.
e rst step in the process of designing a suitable system of internal
control would therefore be to determine the risks associated with each
class of transactions that ows through the accounting system, in other
words things that could go wrong in the execution of the particular
transaction or class of transactions along the path that it follows in the
accounting system.
REFLECTION
Think of the risks associated with a credit sales transaction. If
you struggle to identify risks, ask yourself: What could go wrong?
In order to formulate a properly described risk, both the indicator and

the consequence of the risk for the entity should be included. For
example, when entering into a credit sales transaction, there is a risk
that a credit sale is made to a customer who is not creditworthy
(indicator), resulting in irrecoverable debts and losses to the entity
(consequence).
Examples of risks relating to a credit sales transaction are listed
below (note that this is not intended to be a complete list).
ere is a risk that:

• Sales are made to customers who are not creditworthy and cannot
pay their debt, resulting in irrecoverable debts and nancial losses;
• Orders placed and authorised are not all executed and the goods not
all delivered to the customer, leading to dissatis ed customers and
potentially lost revenue;
• e goods delivered to the customer do not agree with what was
originally ordered by the customer (quantity and/or type of goods),
resulting in dissatis ed customers, problems with invoicing,
unsettled debts and nancial losses to the entity;
• Goods leave the premises although no authorised order was received
(goods are stolen/theft of goods), resulting in nancial losses to the
entity;
• e goods leaving the premises do not actually reach (are not
delivered to) the customer (theft of goods on the way to the
customer), resulting in nancial losses to the entity and dissatis ed
customers;
• e customer is not invoiced for the goods delivered to him or her,
resulting in unrecorded sales and nancial losses to the entity;
• e details of the invoice do not agree with the goods that were
delivered to the customer (quantity and/or type of goods), resulting
in nancial losses to the entity (if under-invoiced) or dissatis ed
customers (if over-invoiced);
• Goods are invoiced although they were not ordered by and delivered
to the customer.
• e prices at which goods are invoiced do not agree with the
authorised price list, resulting in nancial losses to the entity (if
under-invoiced) or dissatis ed customers (if over-invoiced);
• e calculations on the invoice (quantity x price and VAT) are
incorrect, resulting in nancial losses to the entity (if under-
invoiced) or dissatis ed customers (if over-invoiced);
• e customer denies having received the goods and does not want to
pay for the goods delivered, resulting in nancial losses to the entity;
• e goods delivered and invoiced are not all paid for by the
customers, resulting in nancial losses to the entity;
• All sales transactions are not recorded in the accounting records
(omission), resulting in an understatement of sales (and debtors) in
the nancial statements;
• A sales transaction is recorded although a sales transaction did not
actually take place, resulting in an overstatement of sales (and
debtors) in the nancial statements; and
• Sales transactions are not recorded accurately, resulting in sales (and
debtors) not being accurately re ected in the nancial statements.
REFLECTION
List the risks (things that could go wrong) when an entity orders
goods from suppliers, receives the goods and pays for the goods
received.
Formulate a proper risk by:

• Including both the indicator and the consequence of the risk;
and
• Starting your sentence with: ‘There is a risk that/of ...’
e use of a computerised accounting system by an entity may also

introduce additional risks for the entity (e.g. the risk of unauthorised
access to the computer system which may result in access to
information that may be sensitive or unauthorised changes to
information) that would need to be addressed. Risks in a computerised
environment are addressed in Chapter 5. e risks that arise for each of
the different classes of transactions that occur in the various business
cycles are discussed in more detail in Chapters 6 to 10.
4.4.2 Step 2: Formulate control objectives

4.4.2.1 Introduction
As was discussed in the previous section, each class of transactions that
ows through the accounting system of an entity carries with it certain
risks, in other words things that could go wrong in the execution of that
particular class of transactions. In order to address these risks,
management and those charged with governance should formulate
objectives that they want to achieve for each class of transactions. is
will prevent the risks associated with that particular class of
transactions from materialising, and, if they do materialise, will detect
them and initiate corrective action to mitigate the resulting negative
consequences. ese objectives are called control objectives.
4.4.2.2 e generic control objectives

In order to ensure the reliability of nancial reporting, the generic
control objectives listed in Table 4.1 must be achieved for every class of
transactions that ows through the accounting system.
Table 4.1: Generic control objectives
GENERIC DEFINITION OR
CONTROL OBJECTIVE
MEANING
Validity • All transactions and events

that are executed were
properly authorised in
accordance with
management’s policy; and
• All transactions and events
that are recorded:
• Occurred (i.e. are not
ctitious);
• During the period; and
• Are supported by suf cient
and appropriate
documentation.
GENERIC DEFINITION OR
CONTROL OBJECTIVE
MEANING
Completeness • All transactions and events

that occurred during the
period:
• Are recorded;
• In a timely manner; and
No transactions or events
are omitted.
Accuracy • Transactions and events:

• Are recorded at the correct
amounts (correct quantity,
prices and calculations);
• Are correctly classi ed in
terms of the entity’s chart
of accounts; and
• Are correctly summarised
and posted to the entity’s
accounting records.
REFLECTION
Are all the control objectives equally important for every
transaction, or are certain control objectives more important for
certain classes of transactions?
e control objectives are the objectives to be achieved in order to
address the risks associated with a particular class of transactions.
However, not all classes of transactions are susceptible to the same
risks. erefore, it follows that although all the control objectives are
relevant and should be achieved for every class of transaction, certain
control objectives are of greater (or lesser) signi cance when there is a
higher (or lower) intrinsic risk associated with that particular class of
transactions.
For example, purchasing transactions are more susceptible to
unauthorised purchases and purchases made by employees for private
use. As a result, the validity control objective would be more important
for purchases transactions than, say, for cash sales transactions.
However, when dealing with a credit sales transaction, validity would, in
fact, also be an important objective as it would be essential to ensure
that credit sales are made only to customers who are creditworthy,
therefore preventing irrecoverable debts and losses to the entity.
In order to ensure that these control objectives are met for every
class of transactions that ows through the entity’s accounting system,
management must design, implement and maintain a suitable system
of internal control.
4.4.2.3 Formulating control objectives

When designing a system of internal control, the rst step is to
formulate control objectives (what the entity wants the system to
achieve or ensure) for each class of transactions or part of the
accounting system, from where the classes of transactions are initiated,
through to where they are recorded and processed, and to where they
are included in the accounting records and nancial statements.
Using the risks associated with a credit sales transaction identi ed
in section 4.4.1, Table 4.2 sets out the control objectives that can be
formulated for a credit sales transaction. e generic control objective
being applied appears in brackets after the properly described control
objective relating to a credit sales transaction. Note that in certain
instances more than one control objective is applicable to ensure that a
speci c risk does not materialise or its effects are detected and
corrected in case it has materialised. Also note the proper formulation
of the control objectives: ‘Management’s objective is to ensure that … .’
Table 4.2: Risks and control objectives for the credit sales
transaction
CREDIT SALES TRANSACTION
Risks Control objective

(Things that could go wrong) (What management wants the
system to achieve/ensure)
Sales are made to customers To ensure that credit sales are

who are not creditworthy and made only to customers who are
cannot pay their debt, resulting creditworthy (validity).
in irrecoverable debts and
nancial losses.
Orders placed and authorised To ensure that all authorised

are not all executed and the orders are executed and the
goods not all delivered to the goods are delivered to the
customer, leading to dissatis ed customer in a timely manner
customers and potential lost (completeness).
revenue.
The goods delivered to the To ensure that the goods

customer do not agree with what delivered to a customer agree
was originally ordered by the with what was originally ordered
customer (quantity and/or type (quantity and/or type of goods)
of goods), resulting in (accuracy).
dissatis ed customers,
problems with invoicing,
unsettled debts and nancial
losses to the entity.
Goods leave the premises To ensure that goods are only

although no authorised order despatched when an authorised
was received (goods are order has been received (no
stolen/theft of goods), resulting theft of goods) (validity).
in nancial losses to the entity.
The goods leaving the premises To ensure that all goods that
do not actually reach (are not leave the premises are delivered
delivered to) the customer (theft to the customer (no theft of
of goods on the way to the goods) (completeness and
customer), resulting in nancial validity).
losses to the entity and
dissatis ed customers.
The details of the invoice do not To ensure that the invoice

agree with the goods that were details agree with the goods
delivered to the customer that are delivered (quantity
(quantity and/or type of goods), and/or type of goods)
resulting in nancial losses to (accuracy).
the entity (if under-invoiced) or
dissatis ed customers (if over-
invoiced).
Goods are invoiced although To ensure that goods are only

they were not ordered by and invoiced if they were ordered by
delivered to the customer. and delivered to the customer
(validity).
The prices at which goods are To ensure that goods are

invoiced do not agree with the invoiced at the correct prices
authorised price list, resulting in (accuracy).
nancial losses to the entity (if
under-invoiced) or dissatis ed
customers (if over-invoiced).
The calculations on the invoice To ensure that calculations on

(quantity x price and VAT) are invoices are correct (accuracy).
incorrect, resulting in nancial
losses to the entity (if under-
invoiced) or dissatis ed
customers (if over-invoiced).
The customer denies having To ensure that customers

received the goods and does not acknowledge the receipt of
want to pay for the goods goods and cannot deny having
delivered, resulting in nancial received the goods (validity).
losses to the entity.
The goods delivered and To ensure that all orders

invoiced are not all paid for by delivered and invoiced are paid
the customers, resulting in for (completeness).
nancial losses to the entity.
All sales transactions are not To ensure that all sales

recorded in the accounting transactions are recorded in the
records (omission), resulting in accounting records
an understatement of sales (and (completeness).
debtors) in the nancial
statements.
A sales transaction is recorded To ensure that only sales

although a sales transaction did transactions that actually took
not actually take place, resulting place are recorded (validity).
in an overstatement of sales
(and debtors) in the nancial
statements.
Sales transactions are not To ensure that sales

recorded accurately, resulting in transactions are recorded
sales (and debtors) not being accurately (accuracy).
accurately re ected in the
nancial statements.
It is clear from the formulation of the control objectives in the table that
a control objective (what management wants to achieve or ensure) is
simply a different formulation of the risk (things that could go wrong).
It is also important to note that a particular control objective may be
relevant to more than one risk. In the example above the validity control
objective (identi ed in column 2) related to more than one of the risks
(identi ed in column 1). In the table, the validity control objective
relates to the risks of selling to customers who are not creditworthy,
goods leaving the premises and being delivered when no order was
placed, goods being stolen and as a result not reaching the customer,
the customer being invoiced although no goods were delivered, and the
customer denying placing an order/receiving goods.
REFLECTION
List management’s control objectives for goods ordered from
suppliers, received and paid for by the company.
When formulating control objectives, ask yourself: What does
management want the system to achieve/ensure in respect of
the particular class of transactions?
4.4.2.4 Relationship between control objectives and

assertions
e transactions that ow through the accounting system are all
eventually included in the nancial statements as totals (for classes of
transactions), account balances and/or disclosures. e nancial
statements are the board’s report of the company’s nancial position at
the reporting date, and the results of its operations and cash ows for
the period then ending. e representations that the board makes,
implicitly or explicitly, in the nancial statements are referred to as
assertions.
e IAASB Glossary of Terms de nes assertions as the
representations made by the board of directors in the nancial
statements to the users of the nancial statements about the company’s
classes of transactions and events, and assets, liabilities and equity,
including presentation and disclosure. ISA 315 identi es three
categories of assertions, namely assertions about classes of transactions
and events for the period under review, assertions about account
balances at year-end, and assertions about presentation and disclosure.
Refer to Chapter 1 section 1.3.3 for a discussion of the assertions.
To enable the board to make the assertions about the classes of
transactions and events, balances and disclosures that appear in the
nancial statements, the board needs to ensure that there is a proper
system of internal control in place to ensure that they can rely on the
information regarding nancial transactions that are produced by the
accounting system and used to prepare the nancial statements.
is means that there is a relationship between the control
objectives (that management wants the accounting system to achieve)
and the assertions (representations) that the board makes in the
nancial statements, which are in relation to information generated by
the accounting and internal control system. For example, if adequate
access controls are not in place to ensure that the validity control
objective is achieved, this may result in theft of assets. As a result, the
board will have problems making representations regarding the
‘existence of assets’ assertion in the nancial statements, as there will be
a high risk that the assets included in the nancial statements are not
on hand and available to the company.
e board of directors would therefore often not be able to make
their representations (or assertions) in the nancial statements if a
sound system of internal control for all the classes of transactions that
owed through the accounting system were not in place. It also means
that if proper controls are in place and the control objectives are
achieved, the board should be in a position to make the related
assertions in the nancial statements.
REFLECTION
Which assertion will be affected if controls to ensure that
calculations on invoices are correct, are not in place?
4.4.3 Step 3: Design a system of appropriate

internal controls
Once the risks have been identi ed and the control objectives for every
class of transactions have been formulated, the next step is to design a
system of appropriate policies and procedures – a system of internal
control – to ensure that each control objective is achieved and the
related risk associated with the transaction is addressed. While the
control objective indicates what management wants to achieve in
order to address the risk, the internal control is how management
intends to achieve the control objective.
Management will use the ve components of internal control
discussed in section 4.3.2 to design a system of internal control that will
suit the unique situation of the entity – in other words address the risks
and achieve the control objectives formulated by the management of
that particular entity. Besides establishing and fostering a positive
control environment (refer to section 4.3.2.1), a proper risk assessment
process should be in place (refer to section 4.3.2.2). A combination of
the control activities (or internal control measures) discussed in section
4.3.2.4 will be used to design a suitable system of internal control that
will address the risks, while also taking into account the entity’s
information system, accounting system, business processes, procedures
and records (refer to section 4.3.2.3). In addition, continuous
monitoring of the system of internal control should take place (refer to
section 4.3.2.5).
Referring to the risks and related control objectives formulated
regarding a credit sales transaction as an example, the following
internal controls in Table 4.3 would be appropriate to address the rst
risk identi ed earlier.
Table 4.3: Internal controls to address a risk in a credit sales

transaction
Risks (Things that Control objective Internal controls (How

could go wrong) (What management management would address
wants the system to the risk or achieve the
achieve/ensure) control objective)
Sales are made to o ensure that Customer completes a

customers who credit sales are credit application form
are not made only to and submits trade
creditworthy (i.e. customers who references.
who cannot pay are creditworthy
Credit controller performs
their incurred debt and would background checks on
in the future). therefore be able
customer’s trade
to settle the debts
references and con rms
they incur.
credit status with credit
(Validity)
bureaus.
Credit controller sets a
credit limit on the amount
of debt a customer may
incur and records it on
the credit application
form.
The nancial manager
authorises, if
appropriate, the credit
limit – having reviewed
the supporting
documentation submitted
by the credit controller.
Before an order is
authorised, the
customer’s available
credit is checked.
Debtors ledger is
reviewed by nancial
director on regular basis
to identify long
outstanding debts for
follow-up (this could point
to de ciencies in the
credit review and
approval system).
REFLECTION
Identify which of the control activities in section 4.3.2.4 have
been utilised to design the internal controls to respond to the
risk identi ed.
It is important to note that in order to provide reasonable assurance that

one risk (or one control objective) is addressed sufficiently, more than
one internal control measure (or type of control activity as discussed in
section 4.3.2.4) may be necessary to work in combination with one
another. In the example above, a combination of documentation and
records procedures, authorisation, segregation of duties and
independent checks is used to address the risk of selling to customers
who are not creditworthy (or to achieve the control objective of
ensuring that credit sales are only made to customers who are
creditworthy).
Although the principles of the system of internal control, and in
particular the control activities discussed in section 4.3.2.4, are all also
applicable in a computerised environment, the use of a computerised
system by an entity may in uence the type of control measures
necessary, as well as the way in which the internal control measures are
applied in the entity. As the level of computerisation of the information
system differs from entity to entity, so would the degree to which
internal control activities are computerised. Controls in a computerised
environment are addressed in Chapter 5.
4.4.3.1 Preventative versus detective and corrective

controls
Controls fall into one of two categories: preventative controls that aim
to prevent the undesirable effects of a risk from materialising, and
detective and corrective controls, which aim to detect the effects of a
risk that has materialised and ensure that the necessary corrective
action is taken to x these undesirable effects.
A combination of both types of controls (preventative as well as
detective and corrective controls) is essential for an effective system of
internal control that will ensure that risk is adequately addressed. While
it is better to prevent risks from materialising (as the resources required
to recover from the undesirable effects of a risk that did materialise
often exceed the effort needed to prevent the risk from materialising),
any errors detected should be corrected. Detection controls on their
own are of little value if adequate controls to ensure correction of these
errors are not in place.
REFLECTION
Identify which of the control activities listed in section 4.3.2.4
are preventative and which are detective and corrective controls.
REFLECTION
Consider whether the internal controls listed in Table 4.3 to
address the risk of selling to new customers who are not
creditworthy are preventative, or detective and corrective
controls.
4.4.3.2 Key controls, operational controls and

compensating controls
Some of the internal control measures that an entity implements will be
more important from a nancial reporting perspective than others. e
reason for this is that management has to achieve control objectives far
broader than only those relating to the accounting system and nancial
reporting (even though this has been the focus of this chapter). As
discussed in section 4.3.1, the objectives of a system of internal control
include ensuring reliable nancial reporting ( nancial reporting
objectives), effective and efficient operations (operational objectives)
and compliance with applicable laws and regulations (compliance
objectives).
Key controls for the purpose of this text are those strong internal
controls that provide reasonable assurance that material misstatements
in the nancial statements (whether due to fraud or error) will be
prevented, or detected and corrected, before the nalisation of the
entity’s nancial statements. It follows from this de nition that key
controls are those that respond to risks that could result in material
misstatements in the nancial statements. In other words, these key
controls address the nancial reporting objectives of internal control.
is means that if a key control fails, there is a reasonable likelihood
that material misstatement (due to error or fraud) may be present in the
nancial statements.
REFLECTION
What is the relationship between control objectives, key controls
and assertions?
Because entities operate in different business environments and use

different systems and procedures, it is not possible to provide a
complete list of key controls. Controls such as the credit controller
setting credit limits and performing credit checks to con rm the
continued creditworthiness of customers, and having an independent
employee at senior management level authorising payments (signing
cheques, for example) after comparing the details of the payment to
supporting documentation, would be regarded as key controls. is is
because they affect the nancial statements and directly contribute to
addressing a speci c control objective (the validity control objective in
this case) and reduce the risk of material misstatement in the nancial
statements.
REFLECTION
Can you think of internal controls that would generally not be
regarded as key controls?
In addition to the key controls that entities implement to ensure that the
nancial statements are free from material misstatements (these
controls have nancial reporting objectives), they also implement
internal controls that have operational objectives. ese operational
controls control the operations of the entity, such as the efficiency of
the cleaning of its office space, the effectiveness of the production
process in the factory (to ensure good quality, saleable products), but
have no direct impact on the nancial statements. erefore,
operational controls would never be regarded as key controls – they do
not prevent, or detect and correct, material misstatements in the
nancial statements.
Certain nancial controls that are not regarded as the key controls to
address a speci c control objective, but nonetheless still mitigate risk to
some extent, are known as compensating controls. ese controls
must be considered where a key control that should otherwise have
been implemented to address the risk is not cost-effective, or where the
key control, for whatever reason, did not function for a period of time.
Although compensating controls are less desirable than key
controls, there are instances where, owing to, for example, a lack of the
necessary resources, entities are unable to implement the proper key
control to address a particular risk. In such instances, entities are forced
to implement control measures to compensate for the lack of the key
control. For example, where an entity does not have a sufficient number
of employees to ensure adequate segregation of duties, its management
may implement other control measures to compensate for the risk
involved. Controls to compensate for the lack of segregation of duties
may involve periodic independent checks of the work performed by the
employee with incompatible functions to ensure that no fraud or error
has occurred.
Compensating controls are less desirable than the key control (in
this example segregation of duties) because they generally occur after
the transaction is complete. Also, it takes more resources to investigate
and correct errors and to recover losses than it does to prevent the
errors in the rst place.
However, in some circumstances, entities do not have the staff
resources to establish adequate segregation of duties. In these
instances, it is important for management to implement internal
controls that compensate for the increased risk.
Refer to Chapters 6 to 10 for internal controls in each of the business
cycles.
Questions 1 to 5 are multiple-choice questions. Select the
appropriate answer(s). (More than one answer is possible):
1. e system that documents the procedures and records that a
transaction follows from where it is initiated to where it is included
in the nancial statements is known as the: (LO 3)
a) Internal control system
b) Corporate governance system
c) Accounting system
d) Risk management system
e) Control environment
2. e purpose of the system of internal control is to ensure that: (LO

1)
a) Operations take place effectively and efficiently
b) All transactions follow the accounting system
c) Employees know how the system works
d) Financial statements are reliable
e) Applicable laws and regulations are complied with
3. Which of the following aspects would a company’s board of

directors take into account when deciding on an appropriate risk
response? (LO 4)
a) e assertions made by the board of directors in the nancial
statements
b) e level of risk the company is willing to tolerate
c) e consequences should the risk materialise
d) e ow of the transactions through the accounting system of
the company
e) e likelihood that the risk may materialise
4. e various business cycles that can be identi ed in an entity: (LO

15)
a) Are used to describe the records and documents that are
associated with a class of transactions
b) Must be de ned in order to address risk properly
c) Include validity, completeness and accuracy
d) Are one of the ve components of a proper system of internal
control
e) Include purchase and payments, sales and receipts, inventory
and production, human resources and investment and
nancing
5. It is essential that the following be present in order to ensure a

suitable system of internal control: (LO 13 & 14)
a) Only key controls
b) All the components of a system of internal control
c) Only preventative controls
d) Only detective and corrective controls
e) Only compensating controls
6. Indicate whether each of the following statements is true or false.

a) Management is responsible for implementing an effective
system of internal control. (LO 2)
b) e objective of corporate governance guidelines is to protect
the management of an entity. (LO 1)
c) e most likely risk response for insigni cant risks is to
mitigate the risk through the implementation of a system of
internal control. (LO 5)
d) e board of directors can only make assertions in a
company’s nancial statements if the control objectives for the
various classes of transactions are achieved. (LO 9)
e) e assertions are used as a guideline to determine which
objectives the system of internal control should achieve. (LO 9
& 12)
f) It is essential that management implements both key controls
and compensating controls in order to achieve a proper
system of internal control. (LO 14)
7. Properly formulate the control objective(s) relating to each of the

following risks: (LO 8 & 11)
a) Selling goods to a customer who is not creditworthy
b) A sales transaction is omitted from (not recorded in) the sales
journal
c) A sales transaction that did not actually take place ( ctitious)
is recorded in the sales journal
d) An addition (casting) error occurred on an invoice
e) e goods delivered to the customer do not agree with the
order placed by the customer
8. List and brie y explain the risk response options that management
has available to address appropriately the risks they identi ed. (LO
5)
9. List the ve components of a system of internal control and brie y

describe each component. (LO 3)
Below is a table that contains descriptions of internal controls
10. within a system of internal control (Column A) and the control
activities that can be used to design internal controls (Column B).
Link each control activity in Column B to the internal control in
Column A where the activity was applied. (LO 6)
Column A Column B
10.1 Using preprinted and a) Adequate segregation of

prenumbered stationery duties
10.2 Keeping inventory in a b) Properly authorised

locked warehouse transactions
10.3 Having one person c) Proper documentation and

placing an order and record procedures
another person receiving
the goods
10.4 The debtors manager d) Access control

signs the order after
determining whether the
customer has suf cient
credit available
11. Explain the relationship between the control objectives and

management’s assertions. (LO 9)
12. Describe the three steps that an entity should follow in order to
design a suitable system of internal control. (LO 10)
Explain why a system of internal control can only provide
13. reasonable assurance that the entity’s control objectives are
achieved. (LO 7)
14. Distinguish between key controls and compensating controls. (LO

14)
Introduction to risks
and internal CHAPTER 5
controls in a
computerised
environment
Riaan Rudman
CHAPTER CONTENTS
Learning outcomes
5.1 Introduction
5.2 How has information technology evolved?
5.3 How and why do companies have to govern their computer
information systems?
5.4 What is the impact of upgrading a manual accounting system
to an electronic accounting system?
5.5 What are the key components of a computer information
system?
5.6 How does a computerised accounting system operate?
5.7 How are computer controls classi ed?
5.9 Which controls relate to the computerised processing of
business transactions?
5.10 How are controls identi ed in advanced technologies?
Appendix: Electronic funds transfer controls
Appendix: Accounting information systems
LEARNING OUTCOMES
1. Brie y explain the concept of information technology

governance.
2. Explain the concepts of a nancial information system, and the
differences between a computerised information system and a
manual system.
3. Identify and describe the risks in a computerised environment.
4. Explain the need for controls in a computerised information
system.
5. Describe the consequences of weaknesses in internal control in a
computerised environment.
6. Identify and describe the general and application computer
controls contained in a computerised system.
7. Identify and describe the computer controls appropriate to
address the risks in a computerised system.
5.1 Introduction
Information and communication technology (ICT) has become an
integral part of modern business. Hardly any business enterprise
operates in the modern business world without using at least some
elements of information technology (IT) and communication
technology (CT). IT is no longer seen as simply a mechanism for
processing information, but rather as a strategic resource. It impacts on
how companies do business, how they interact with clients, and how
businesses control their operations and nancial reporting processes, to
list but a few examples. It also has an impact on various aspects of the
audit process that was brie y introduced in Chapter 1. e IT
infrastructure may take many forms, from a desktop connected to a
cash register to an integrated enterprise resource planning (ERP)
system, and it changes with the needs of a business.
Irrespective of the nature of the system, the general risks, related
internal controls and principles outlined in this chapter remain
applicable and must be implemented by all companies that use IT. e
following sections provide a basic background to IT and the key aspects
underlying IT used in a nancial information system. IT is a specialist
subject area. erefore, this chapter focuses only on entry-level
technology and the principles that every manager and owner should be
aware of. e application of these controls is illustrated using the
business cycles of Ntsimbi Piping in Chapters 6 to 10.
To make the most of the topics covered in this chapter, you should
rst revise a couple of key concepts from your Information Systems
courses or from a detailed text that explains basic IT concepts. ese
concepts are highlighted in bold print and discussed in the paragraphs
that follow.
FURTHER READING
Google the terms and technologies in this chapter that are
unknown to you or visit the following website:
www.howstuffworks.com.
Two or more computers can be connected to form a network in either
one location or multiple locations. When computers are connected in
one location, they form a local area network (LAN). ey can also be
connected between different geographical locations to form a wide
area network (WAN). Networks are formed by means of, for example,
cabling, wireless connections, or over the internet. A virtual private
network, which uses telecommunication infrastructure to form a
network between various locations, can be set up.
Each computer in the network consists of hardware and software.
ere are two types of software: system software and application
software. Software is the program that gives the computer the
instruction to perform tasks. Microsoft Windows and Linux are
examples of system software (i.e. operating systems) that run the
computer, whereas Pastel Accounting and Microsoft Office (including
MS Word, Outlook and Excel) are application software. System software
runs in the background of the computer and is designed to give the
hardware instructions on how to run a speci c application. Application
software performs speci c functions required by the users. e user is
not aware of the activities and operations that the system software
performs.
Accounting packages, as an example, are application software that
maintains data, les and transaction details in databases. A database
can consist of transaction details or cumulative balances stored in
transaction les or master les respectively.
Master les are used to store permanent information or standing
data such as a customer’s full name and contact details and inventory
descriptions. Master les are also used to store the information and
cumulative totals or balances of all transactions that were entered into
and processed by the system from transaction les. Transaction les
are used to record the transaction details of each individual transaction
in both real time and batch processing systems.
In a real-time system, the master le is updated with the
cumulative totals or balances of all transactions recorded as and when
the transactions occur. In contrast, in a batch processing system, the
details of each individual transaction are stored in a transaction le
until such time as the system processes the data, at which time the
information in the transaction le is used to update the master le.
Batch processing and real-time systems are discussed in section 5.6.
Each le is made up of rows and columns of data. Data stored
electronically is represented by elds, records and les stored in a
database. When data is captured, it is stored in a eld (e.g. amount,
price, quantity or date). Multiple elds that relate to a particular
transaction are stored in a record (e.g. all the elds relating to a debtor
or transaction). e records of all related transactions (e.g. debtors) are
saved in a le. A collection of les or data that relate to a similar class of
transactions or balance makes up a database. is database can be
used and shared among multiple applications. Figure 5.1 presents the
relationship between elds, records, les and databases using Ntsimbi
Piping’s debtors as an example. A more detailed discussion is contained
in an appendix to this chapter.
Figure 5.1: Data structure of debtors database

5.2 How has information technology
evolved?
Computers were initially used by companies as mainframe computers
situated in centralised computer departments. When personal
computers were rst introduced to the business world, they were used
on a standalone basis (i.e. not connected to each other) as a processing
medium. All documents were printed and controls were implemented
by the user on and around the printed documents. IT has evolved
signi cantly since then (see Figure 5.2).
Networking technology allowed computers between departments
housed within one location (LAN) or over various locations (WAN) to
be connected via a network. is meant that many of the controls
performed by the user could be replaced by fully automated controls.
For example, networking allowed users in different departments to
capture information on a terminal. e system used this information to
update its records and to perform automatic matching with information
from other departments. is reduced the need for multiple copies of
documents and manual comparison between documents from different
departments.
e internet opened up opportunities for businesses to transact
online and also to interact directly with suppliers’ and customers’
computer systems, giving rise to virtual and extended enterprises. With
the evolution of the internet, new business models arose and new
technologies and trends such as social media, cloud computing,
mobility and the convergence of IT with cellular technology
(convergent systems) have come to the forefront. e newest area of
development is around arti cial intelligence and machine learning
algorithms, which introduce an element of autonomy and independent
decision making into IT, where machines are able to make decisions
based on prior learning and experiences. More and more devices, other
than computer applications, are also being connected to the internet,
with these devices being able to produce a wide variety of data (such as
horizontal and vertical GPS location, sensor data, and temperature
data). is trend is commonly referred to as the Internet of ings.
Each stage of the evolution gave rise to new risks and required new
controls to address these risks. Advances in computerisation
decentralised the information-processing function from a centralised
computer area into the hands of individuals such as sales staff,
accountants, and directors. With standalone personal computers, the
greatest risks were physical threats. In a connected environment,
however, electronic intrusion (where unauthorised third parties, also
known as hackers, obtain virtual access to a computer or electronic
device) poses the greatest risk. Consequently, controls have also
evolved with a shift in focus from physical controls around a company’s
premises (and computer area) and access controls to limit access to
speci c computers in the network or a department, to implementing
electronic access controls and controls programmed into the computer
system (such as the use of usernames and passwords, rewalls, and
encryption – discussed in more detail in later sections). Many manual
controls, which in many instances placed signi cant reliance on
documentation and required human user interaction, have nowadays
given way to automated controls performed almost entirely by the
computer system.
Figure 5.2: Key stages in IT development
Trends that are changing the modern IT landscape include the

following:
• Distributed networks: e improvement in technology and the
increase in the processing and storage capacity of computers have
made desktop computers more powerful and cost-effective. As a
consequence, there has been a shift away from centralised computer
centres towards decentralised end-user computing over a network,
where much of the processing and storage of information are done
on the user’s computer or electronic device. e decentralised
nature of modern networks has made it more difficult to restrict
access and implement proper segregation of duties.
• Mobility: Computers and related telecommunication devices (such
as laptops, tablets and other mobile devices) have become smaller,
lighter, more exible and easier to carry around. Many of these
devices have advanced communication technology such as Wi-Fi,
Bluetooth and LTE. is mobility, combined with the concentration
of information that could potentially be stored on a mobile device,
has resulted in the risk of theft of hardware (and any con dential
information on it) gaining prominence again. Also, the risks
associated with con dential information being transmitted
electronically to unauthorised persons (e.g. competitors) have taken
on increased importance.
• Open source: Open source software is software that can be changed
and amended by any user, because the underlying computer
programming code (also known as source code) is available to
anyone to review, change and redistribute. Software that is
distributed under an open source licence has reduced the costs of
software and has improved functionality for companies that use
open source software. However, many argue that because the source
code is freely available, there is an increased risk of hackers
identifying areas to exploit. Others argue that because the source
code is available, the risk is reduced, because as soon as a weakness
in the source code is identi ed, there are many programmers around
the world who work simultaneously on a solution to the weakness.
• Image processing: Barcodes have become a universal tool to
capture information, but they have the limitation that a company
requires barcode scanners to read them. With the advancement in
image processing technology and the fact that almost all portable
devices today are sold with some form of camera device, technology
has made it possible for almost any device to become an image code
input device, ngerprint scanner and so on, thereby having the
potential to reduce data input errors.
• Convergence: Hardware devices have become more integrated and
contain various wide-ranging functionalities (for example tablets,
such as the iPad, that integrate, among other things, a computer, a
camera, a communication device (using applications such as Skype),
a data storage device and a digital scanner). It is not only hardware
that has become more integrated. Various devices today also have
integrated online and web services such as Facebook and Twitter
pre-installed. Another example includes electronic payment systems
such as the mPesa system, which allows airtime credit to be
transferred between cellphones that can be used as a method of
payment for goods or services received. e following analogy
explains it best. Not many years ago, someone would purchase a
cellphone with the main purpose of making phone calls. e phone
was selected based on its ability to make calls. e features were an
added bene t. Today, customers select a phone based on
functionality and features, such as the number of pixels the camera
has and the ability to receive Facebook updates, rather than the
ability to make phone calls. Today, the ability to make calls is the
added bonus. is multifunctionality has resulted in the blending of
numerous risks in one device. For example, an iPhone is not only
exposed to risks similar to that of any telephone, but also to risks
similar to those to which a desktop computer is exposed, such as
hacking and viruses.
• Cloud computing: is is a trend where companies store their data
online or operate applications that are situated on the internet. e
company then runs the application using an internet browser
interface or by using a lightweight application that can be
downloaded onto the device or computer with the underlying data
being stored online rather than on the device or computer. e
device contains only the user interface, while all processing and
storage takes place on the internet. Cloud computing involves a
number of risks. e following are just two examples. Storing data on
the internet could expose a company to risks such as a disruption to
operations if data is not available due to a slow internet connection.
It also increases the chances that data can be intercepted or lost
during communication.
e world is entering, what is commonly referred to as the ‘Fourth

Industrial Revolution’, which is characterised by emerging technology
breakthroughs in a number of elds, including robotics, arti cial
intelligence, nanotechnology, quantum computing, and biotechnology,
amongst others. e Fourth Industrial Revolution builds on the digital
revolution, representing new ways in which technology becomes
embedded within societies and even the human body. is Fourth
Industrial Revolution is fundamentally different from the previous
three, which were characterised mainly by advances in technology.
Examples of future technologies that are going to impact the society and
business in the years to come include the following:
• Arti cial intelligence and machine learning: Arti cial Intelligence
(also known as AI) describes computers with the ability to mimic or
duplicate the functions of a human brain able to recognise complex
patterns. Another element to consider is machine learning, where
computer hardware and software have capabilities that allow it to
change how it functions, responds and reacts based on prior
learning, past experience and patterns it identi es from past
feedback.
• Blockchain technology: e blockchain is an incorruptible digital
ledger of economic transactions that can be programmed to record
not just nancial transactions, but virtually everything of value. A
blockchain is a continuously growing list of records, called blocks,
which are linked and secured using cryptography. Each block
typically contains a cryptographic hash of the previous block, a
timestamp and transaction data and, as a result, each new block of
data is linked to the previous block. Once recorded, the data in the
block cannot be altered retrospectively without changing all
subsequent blocks. It forms a distributed ledger that can record
transactions between two parties efficiently and in a veri able and
permanent manner. e decentralised nature makes blockchain
suitable for the recording of events and other records, such as
identity management, transaction processing and documenting
origin.
• Big data and the advancement of data analytics: Big data represents
data sets that are larger and more complex than traditional data sets
and are beyond the ability of commonly used data processing
application software. Big data represents the information assets
characterised by a high volume
(i.e. quantity of generated and stored data), velocity (i.e. speed at
which the data is generated and processed) and variety (i.e. type and
nature of the data) to require speci c technology and analytical
methods to transform it into decision useful information. As a result,
big data tends to place reliance on the use of predictive analytics,
user behaviour analytics, or other advanced data analytics methods
that extract value from unstructured, semi-structured and structured
data. Big data applications are able to extract usable unstructured
data from text, images, audio, and video, while also being able to
complete missing data through data fusion. Big data requires
technologies with new forms of integration to reveal insights from
datasets that are diverse, complex and of a massive scale. Data must
be processed with advanced tools (analytics and algorithms) to
reveal meaningful information.
• Robotics and autonomous vehicles: Robotics involves developing
mechanical or computer devices that are able to perform tasks that
require a high degree of precision, are repetitive in nature or could
be hazardous to humans, in essence mechanising tasks which are
typically performed by humans. Robots can be programmed to
perform repetitive tasks, or their programming can be adaptive, with
the ability to analyse data, make decisions and respond accordingly.
Autonomous vehicles are robotic vehicles such as cars, drones, etc.
with the ability to use the data about their environment derived from
input sensors to make decisions on how to navigate without human
input.
ese technologies are not being developed in isolation, with the

development of robotics, for example, being developed in conjunction
with arti cial intelligence capabilities relying on big data datasets for
data inputs.
As technology advanced, the manner of operating a business and
processing nancial information also evolved, but this evolution did not
alter the basic need for proper governance and systems of internal
control in a company, as introduced in Chapter 4.
5.3 How and why do companies have to

govern their computer information
systems?
Technology and information governance is one of the principles in King
IV™. King IV™ takes cognisance of the advantages of IT and the profound
impact it has on businesses, with Principle 12 being designed to
strengthen processes that help to anticipate technological changes.
According to King IV™ (discussed in Chapter 4), the governing body of
an organisation (which, in the case of a company, is the board of
directors) should set the direction for how technology and information
should be approached by approving a policy which forms the
foundation for the development of an IT governance framework that
should support the effective and efficient management of IT resources –
including the implementation of a sound risk management system and
internal controls – based on the company’s speci c requirements, to
ensure that a company achieves its strategic objectives. e policy
should include the technological (i.e. human, nancial and physical)
and informational aspects of IT, this represents a change from previous
versions of King reports which simply addressed Information
Technology. King IV™ makes a clear distinction between technology and
information. e policy must integrate into the entire organisation and
must be designed to improve business processes. It is no longer
sufficient merely to rely on controls implemented in an ad hoc manner
to mitigate risks.
In today’s advanced technology environment, IT has become the centre

of any business activity and has an impact at both operational and
strategic levels in a business. e following advantages can be expected
when good IT governance practices are implemented:
• A company’s reputation is improved, and the trust of internal parties
(such as employees) and external parties (such as customers,
suppliers and investors) is enhanced.
• Strategically aligning IT with business goals and processes makes
business operations more efficient and creates a competitive
advantage.
• Non-IT executives gain a better understanding of IT, and better
decision-making processes are possible due to timely and quality
information being available.
• A greater level of compliance with laws and regulations is possible.
• Risk management procedures are maximised by implementing
sound IT controls.
Not implementing good IT governance practices increases, among

others, the following risks:
• e company may encounter problems in running its operations,
machines and production lines, which results in the company not
operating efficiently and effectively.
• ere may be a loss of con dentiality.
• Systems become less available, less reliable and function less
effectively.
• Unauthorised use, access to and changes to IT systems may take
place.
It has therefore become critical for boards of directors to familiarise

themselves with their roles and responsibilities in respect of King IV™’s
IT governance principles. ey are responsible for overseeing the
management of IT and ensuring that IT delivers proper integration of
people, technology, information, and processes in order to deliver
value, while at the same time establishing a resilient system which can
mitigate risks arising internally and at third-party service providers as
well as risks of cyber attacks. Emphasis is also placed on being
responsible leaders by ensuring ethical and responsible use and
disposal of technology, as well as compliance with legislation.
Consideration is also given to monitoring effectiveness and efficiency,
with emphasis being placed on considering the need for the board to
obtain independent assurance on the company’s IT-related
arrangements. Disclosure relating to IT governance is forward focused
and objective driven, providing an overview of governance and
management arrangements, key focus areas, the monitoring of actions
taken, as well as remedial actions taken resulting from incidents.
King IV™ recognises that IT poses a signi cant risk to modern
businesses and that it is important for a business to have a sound
system of internal control. e ve components of internal control were
introduced in Chapter 4. We shall now see that they remain relevant
when IT is introduced.
e board of directors is responsible for creating a sound control
environment and can discharge its duties for effective corporate
governance by, among other things, implementing a process of internal
control, as was introduced in Chapter 4. It is responsible for overseeing
the implementation of proper governance around the information
system and business processes used to initiate, record, process, and
report nancial information by creating an appropriate control
environment.
e introduction of computerised systems and the potential
consequences of inadequate controls to address the related risks
require that management has a high regard for, and awareness of, the
need for controls (manual and computerised). King IV™ requires that
ethical governance principles should be cultivated and promoted
within the company. e board of directors should ensure that a
company’s general ethical governance principles align with a
company’s IT governance principles, and this matter has therefore been
included in the recommendations under Principle 12.
e board of directors can assign part of its responsibility with
regard to controls to the risk governance committee and/or a computer
steering committee, part of whose responsibility it is to assess
continuously IT risks and trends. Part of this responsibility can also be
assigned to other members of the board of directors and most
frequently this responsibility is assigned to the chief information officer
(CIO). e CIO is responsible for going through a strategic evaluation
and risk assessment process, the result of which is strategies and
policies to control the information system and business processes
(relating to nancial reporting) with a speci c focus on computer
controls. IT management and staff are tasked with formulating control
activities that enforce and support these policies and strategies. ese
control activities must be implemented in and around the information
system and business process.
Two levels of control activities are considered, namely, those that
impact the entire computer system (i.e. general controls) and those
speci c to a particular application (i.e. application controls). ese
controls in combination impact the manner in which nancial
information and transactions are initiated, recorded, processed, and
reported. ese controls consist of a combination of manual controls
and computer controls. However, in a computerised environment,
manual controls can be either dependent on or independent of IT (refer
to section 5.9.2 for examples).
e board of directors also has a responsibility to assess whether
their policies, procedures and control activities meet their strategic and
nancial objectives. In order to meet all relevant objectives, the board of
directors must implement mechanisms to monitor and evaluate all
components of a system of internal control. is can be done by, for
example, the internal audit department, risk governance committee or
external consultants.
Various frameworks are available that can be used to evaluate IT
governance, such as COBIT 5 (Control Objectives for Information and
Related Technology) (available from www.ISACA.org) that was rst
recommended in King III. Although King IV™ recommends the use of an
IT governance framework, King IV™ does not recommend which
speci c framework should be used. e board of directors should select
a framework based on their requirements, business context, computer
infrastructure, and needs.
e ve components of internal control, as adapted for use on
computerised systems, are depicted in Figure 5.3 on the next page. All
these elements are in uenced by IT.
Figure 5.3: Key elements of a computerised system of internal control
5.4 What is the impact of upgrading a

manual accounting system to an
electronic accounting system?
e introduction of electronic accounting systems has had a far-
reaching impact on the manner in which modern companies are
operated and controlled. In some instances, it has increased a
company’s risk pro le and in others it has reduced the risk pro le. It is
not practicable to discuss all risks relating to all technologies in a text of
this nature. However, some of the risks that arise in an IT environment
are highlighted in this section.
Risks arise because of the environment in which an entity operates
and how it operates (as discussed in Chapter 4). erefore, risks exist
irrespective of whether management implements controls or not. In an
attempt to address or mitigate the risks, management may implement
controls. If controls are not implemented or the implemented controls
are only partially effective, some risk will still remain, known as residual
risk. is residual risk then has to be considered by management in
their decision either to accept it, or to further reduce or eliminate it by
means of implementing additional (or mitigating) controls.
REFLECTION
What can go wrong (i.e. which risks arise) should management
not implement controls to address each of the control objectives
of validity, accuracy and completeness?
Broadly speaking, there are three principles to remember when

identifying risks in a computer environment, namely:
1. By virtue of its nature and characteristics, IT gives rise to risks
because information technologies introduce complexities into a
system that do not exist in a manual environment (refer to ISA
315.A61–A66).
2. As was noted in section 5.3, management has various objectives.
Risks may result in management objectives not being achieved. In
identifying risks, it may therefore be useful to consider each of
management’s objectives and consider factors that may
undermine the achievement of each objective.
3. Controls are implemented in response to the risks identi ed in
order to achieve management’s control objectives. Each control
might be implemented to address one or more risks. However,
although controls are implemented, they may not always mitigate
and address all the risks, because, for example, a control is not
implemented appropriately or operating properly, or the risk was
not appropriately identi ed in the rst place.
As we noted above, once these risks have been identi ed, management
must evaluate the likelihood of occurrence and the impact thereof.
Introducing a computerised system into a business environment has
various bene ts, but also introduces risks that do not exist in a manual
environment, as well as risks that are unique to each type of computer
system. Some general bene ts and risks are contained in International
Standard on Auditing (ISA) ISA 315.A62–A63. Since computers are
programmed to follow prede ned coding derived from rules and set
parameters, they perform all calculations and processes in a consistent
and uniform manner. is uniform processing of information,
irrespective of form, ensures that timely and accurate information is
available as and when needed. Advance analytics built into computers
facilitate analysis of larger volumes of data than ever before. Availability
of timely and accurate information enhances the users’ ability to
monitor the performance of the entity’s activities and its policies and
procedures, which in turn reduces the risk that controls are breached.
e introduction of computers into a cycle gave rise to new
preventative, corrective and detective controls in a system. It also
enhanced the efficacy of traditional manual controls. For example,
since computers can be con gured in various forms and network
structures, which enables effective segregation of duties by
implementing security and other controls. is reduces the risk that
controls can be circumvented by users.
Due to the complexity of computers and the low level of
understanding required by users of computers, IT has also introduced
new risks. e overreliance by users on systems or programs that
potentially could incorrectly process data due to a aw in their
programming or process data captured inaccurately.
e ease of access to data by unauthorised users may result in
destruction or manipulation (completeness, validity and accuracy) of
data, as well as the recording of unauthorised or ctitious (valid)
transactions. Unintentional amendments to data can also occur by
accident. Unauthorised changes are not only limited to changes to data;
computers have made it easier for unauthorised changes to les,
systems or programs to go unnoticed. Authorised users also now pose a
risk, with IT personnel gaining access to data and systems beyond what
is necessary to perform their work. is could also result in loss of
privacy, with private information being access. IT personnel might also
fail to make necessary changes to systems or programs.
e most common user error occurs during the input and the
processing of transactions, with either erroneous or incomplete
information being captured and processed. Users may have
inappropriate manual intervention or override automated and other
controls.
A lack of understanding of how computers process information (i.e.
loss of data while data is being processed or transmitted) and how they
produce output may result in duplicate or incomplete information
being produced by a computer and user in decision making. is
overreliance on IT could result in incorrect decision making and the
inability to continue operating a business during an IT failure.
If these risks are not properly managed, they could have severe
consequences and have, among other things, nancial and reputational
risk implications, as has been demonstrated by cyber attacks, such as
the 2017 WannaCry ransomware attack and the recent hacking of some
social media platforms.
REFLECTION
What other bene ts and disadvantages do you think can be
derived from the introduction of computer processing facilities
into a manual system?
IN THE NEWS
Hacking in the news
WannaCry was a 2017 ransomware attack that took over infected
computers and encrypted the contents of the users’ hard drives
and demanded a payment in Bitcoin from the user in order to
decrypt the content on the computer to allow the user access to
his or her data. The malware had a severe impact on facilities
run by the United Kingdom’s National Health Services. The
nancial impact included the cost of paying the ransom, loss of
productive time during the attack, as well as, in instances where
the data was backed up, the loss of time reperforming work since
the last back-up was made.
Money is also at risk, am amount of $39,4 million in Ether, a
cryptocurrency, was stolen from the Ethereum app platform in
two instances in 2017.
At the height of the social media era, the media reported
various instances of hacking of high-pro le companies. The rst
was LinkedIn, a social media networking site that connects
business professionals. A Russian user claimed in a public news
forum to have downloaded 6.5 million LinkedIn user passwords.
Another highly published hacking incident occurred when
Facebook founder Mark Zuckerberg fell victim to a hacking attack
on his personal Facebook page. The attack highlighted the
vulnerability of many websites that use only a login and password
over HTTP connections to protect accounts. Zuckerberg was not
the only high-pro le Facebook user that was hacked. Former
French president Nicolas Sarkozy’s Facebook page displayed a
message with poor grammar stating that he would not run for re-
election in 2012. The post was later removed.
Any computer system can be described by certain general

characteristics. ese characteristics are highlighted in bold in this and
the next paragraph. It is easy for a user to access data or programs
from multiple locations, even remotely. is is because the data and
functions in an IT system are concentrated around one package or
database, which also results in a breakdown in segregation of duties.
ere is often a lack of a clear documentation trail, partially attributed
to the fact that in a computer environment there are sometimes very
few hardcopy input and output documents. e computer also has
the ability to initiate and process transactions automatically without
user intervention (i.e. system-generated transactions). ese
characteristics give rise to the risk of errors, omissions and fraud
(hereafter referred to as misstatements).
However, using a computer system could also reduce the risk of
misstatements because transactions are processed in a uniform
manner, updating multiple les and programs consistently, with
minimal opportunity for user manipulation. Computers also have the
ability to analyse and present large volumes of information in various
ways and to recombine information in a useful manner for the
business. is can be used by management not only to make better
business decisions, but also to improve management monitoring and
supervision.
REFLECTION
How would the characteristics of an accounting system of a
business change with the introduction of computer processing
facilities into the manual system currently in use?
5.5 What are the key components of a

computer information system?
A computer information system (CIS) exists where any IT equipment,
irrespective of its nature or size, plays a part in or impacts on the
processing of nancial information of an entity, irrespective of whether
the IT equipment/software is operated or owned by the entity or a third
party. ISA 315 describes an information system as consisting of
infrastructure (physical and hardware components), software, people,
procedures and data.
Hardware consists of all physical electronic equipment and parts
that make up a CIS and ranges from input devices to output and storage
devices, to name but a few. ese devices include keyboards, scanners,
printers, monitors, portable hard drives and ash discs, and network
infrastructure. In modern businesses, it is difficult to group a particular
form of technology into a particular type of device. For example, a bank
automated teller machine (ATM) and a cellphone are a combination of
an input, storage, communication and output device. In recent years,
there has been a convergence of technology into this type of
multidevice.
Software includes all programs that reside on any or all components
of hardware. is includes the software used on computers in a bank,
Android software installed on a client’s cellphone, as well as the
programming on an ATM.
All people who interact with the processing of transactions are
considered part of the CIS. erefore, this includes a customer who uses
an ATM. e procedures that govern their behaviour are also included
as part of the system.
Manual and automated procedures are the instructions used to
collect, process and store data about the organisation’s activities
throughout the four stages of the accounting system (outlined in
Chapter 4 section 4.3.2.3). ey also include strategies, policies,
methods and rules for how, when and by whom the CIS is to be used.
Data includes all forms of data stored on the hardware, irrespective
of its nature. For example, the data underlying the log (or list) of recent
calls on a cellphone or recent transactions of an ATM is considered
relevant data in a system.
Organisations use CIS to computerise accounting information and
the accounting system. An accounting information system (AIS) is a
system that transforms data (by collecting, recording, storing and
processing data) to produce decision useful information that can be
used in an organisation (i.e. the user) to make business decisions.
5.6 How does a computerised accounting

system operate?
e accounting system discussed in Chapter 4 can be expanded to
include the stages in the ow of transactions in a computerised
environment as indicated in Figure 5.4. e ow of transactions can be
divided into four stages: (1) input, (2) processing, (3) output and (4)
master le changes. ese stages are further discussed in sections to
follow. It is rst necessary to discuss the process that data would
typically follow.
Figure 5.4: Accounting system in the context of a computerised environment
e ow of transactions in a computerised accounting system typically

commences with the data underlying the transactions being recorded
(or captured) onto source documents designed with a speci c business
cycle, such as sales or salaries, in mind. Manual controls should be in
place over this capturing process. ese source documents can then be
input into the computer system either manually or by means of a
computerised reading device, such as a barcode scanner (also known as
inputting). Once input, the transaction data is processed into a
computer readable format. e computer system performs
computerised checks, calculations and comparisons to ensure the
integrity of the data. e data is stored until it is used or requested by
the user or the program. e totals of the transaction data are stored in a
master le, while the underlying transaction detail is stored in a
transaction le. is is known as processing. e standing data in a
master le can be changed by means of a master le amendment
(referred to as master le changes). When the data is to be distributed,
it may be viewed on-screen, emailed, stored on a magnetic medium,
such as a DVD or memory stick (electronic output), or printed and
distributed (manual output). is is also known as output.
As mentioned earlier, in a modern business the distinction between the

various stages during which a transaction is processed is not clear cut.
Various input and processing environments exist. Some examples
include the following:
• Batch entry and batch processing: Individual hard-copy source
documents are collected for a period of time (e.g. for a day) into
bundles (batches), after which manual checks are performed on the
bundles. At a predetermined later point in time, the bundles are then
captured onto the computer system, converted to a format that the
computer system can read, check, and store in a transaction le. e
master le is then updated with the transaction data in the
transaction le at a predetermined later stage (for example, the end
of the day) when it is convenient to do so. Batching ensures that all
transactions in the batch are subject to the same activity, tasks or
controls, that they are processed accurately, that only valid
transactions are processed, that all transactions are processed and
that none are omitted.
• Online entry, batch processing: Transaction data is entered directly
onto the system from a terminal as the transaction occurs (to create
source documents). e necessary checks are performed and the
data is authorised and processed to a transaction le. At a
predetermined later stage (for example, the end of the day) when it is
convenient to do so, the master le is updated with the transaction
data in the transaction le.
• Online entry, real-time processing: Transaction data is entered
directly onto the system, which is linked to the accounting system.
e latter immediately performs the necessary programmed checks,
creates source documents, and processes the transactions to the
master le. As a consequence, the master le is always up to date, in
contrast to the above two methods where the master le is often
temporarily out of date with the latest transactions due to batching
and therefore delayed processing.
• Shadow processing: A copy of the master le is used during the day
and is updated continuously as transaction data is captured. e
system also simultaneously creates a batch le of the day’s
transactions and this le is updated to the original master le at the
end of each day. is process repeats daily. is is done to ensure
that should the system crash during the day, the original master le
is not corrupted and also acts as a backup. Furthermore, the shadow
copy of the master le allows users to have real-time information
available at any point in time (e.g. debtors balances and inventory
levels).
At each stage of the transaction, errors can occur and fraud can be
committed. As discussed in Chapter 4, management implements
controls over the accounting system to address risks (i.e. to achieve
control objectives) in both manual and IT environments. ey must
implement controls to respond to the risks (i.e. to achieve control
objectives) in both environments. It follows that when formulating the
controls, management has the same control objectives (introduced in
Chapter 4) in mind in both environments. In light of the fact that the
two environments are different, the control measures in a manual
environment will differ from those in an IT environment.
e following sections introduce controls in IT environments in
general terms.
5.7 How are computer controls

classi ed?
In a business, the accounting system consists of a manual environment
(involving activities performed without IT) and a computerised
environment (involving the use of IT). Computer controls can be
categorised in various ways according to nature and function. Two
broad categories of controls can be implemented in an IT environment,
namely:
• General controls, de ned as policies and procedures that relate to
many applications and that support the effective functioning of
application controls (see below) by helping to ensure the continued
proper operation of information systems by ensuring that the control
environment is stable and well managed. General IT controls
commonly include controls over:
• Data centre and network operations;
• System software acquisition, change and maintenance;
• Application system acquisition, development, and maintenance;
and
• Access security.
e implication of this de nition is that general controls form the

framework of overall control around the CIS. ey relate to the
overall information processing environment, as they impact on all
areas of operations and systems of the computer system, and
therefore the entire control environment. General controls support
the appropriate functioning of application controls (see below).
erefore, they are implemented before transactions can be
processed and are implemented independently of the processing of
transactions.
• Application controls, de ned as manual or automated procedures
that typically operate at a business process or application level.
Application controls can be preventative, or detective and corrective,
in nature and are designed to ensure the integrity of the accounting
records in an application, thereby ensuring the data in the system is
free from fraud or errors. Accordingly, application controls relate to
procedures that are used to initiate, record, process and report
transactions or other nancial data. is means that application
controls are the manual and/or automated controls over the process
through which transactions are initiated, recorded, processed and
reported, as well as through which changes are made to standing
data (master le data) in the computer system. Application controls
are implemented in respect of speci c types of transactions in a
business cycle, computer program or system. ey focus on the
processing of a speci c computer application, program or system, in
contrast to general controls that focus on the computer processing
environment. e application controls relating to the computer
programs used in the various business cycles (e.g. sales or
purchases) may be different for each different application.
Whereas general controls are pervasive, thus affecting the computer

environment in general, application controls are speci c to types of
transactions in an application or cycle. Due to the pervasive nature of
general controls, these controls impact on all applications. erefore, if
the general controls do not work, the application controls do not serve
much purpose, as they are overridden by the general controls. Note also
that general controls do not relate to speci c management assertions,
but will have a pervasive effect on all assertions. Application controls,
however, relate to the business transactions and, as such, will have a
direct effect on speci c assertions. Figure 5.5 highlights the interaction
between general and application controls. e general controls affect all
cycles’ application controls.
e implication of these categories of IT controls is that if, for
example, Ntsimbi Piping uses the general ledger module of PVCACC to
record all nancial transactions and the payroll module of PVCACC for
its payroll, the general controls in the company’s IT system are the same
for both modules. However, each module has its own unique
application controls. erefore, faulty general controls have an impact
on the entire computer system, whereas faulty application controls have
an impact only on a speci c type of transactions in an application and
therefore a speci c business cycle, but not on the entire system, other
applications or types of transactions. For example, the business
continuity policies and procedures (i.e. general controls) are the same
for all business areas and processes. However, the application controls
applicable to the recording of an invoice, or making of a salary payment,
are unique to the particular business cycle or program.
Certain control measures can be classi ed as either general controls
or application controls, depending on their purpose. For example,
access controls implemented to limit access to a company’s network
(e.g. Novel network username and password) impact all application
programs on the network in the same way. ese access controls are
regarded as general controls. Application programs on the network may
also have their own access controls in place to limit access to the
speci c application (e.g. each Pastel user has a unique username and
password distinct from their PeopleSoft username and password).
Access controls that limit access to the application are regarded as
application controls.
Figure 5.5: Interaction between general and application controls
Both general and application controls can be further classi ed

according to their purpose. Controls can be preventative, or detective
and corrective (also referred to as remedial) controls:
• Preventative controls are controls that prevent either the user or the
system from making errors or committing fraud (i.e. before they
happen). Examples include passwords, drop-down menus and
validation tests.
• Detective and corrective controls, however, detect errors and fraud
after a transaction has been processed, report the misstatement and
take corrective action. ese controls identify a misstatement,
correct it, investigate the cause and initiate steps to minimise the
effect of the misstatement. Examples include management review of
audit trails, transaction logs or pop-up error messages.

General controls are generally categorised in groupings of related
controls in order to provide a framework that can be used to identify
controls and highlight weaknesses in a structured manner. is ensures
that when controls are implemented, they address all the signi cant risk
areas. It is inappropriate for a company to mitigate risks applicable to
only one of the risk areas and neglect other risk areas. In order to
mitigate risks to an acceptable level, a structured framework is required
and all areas need to be addressed. Various textbooks and governance
frameworks classify general controls in different ways. In this text,
general controls have been classi ed into the groupings contained in
Figure 5.6.
Note that each category of general controls is not mutually exclusive
and does not operate in isolation. When designing a system of control
for a company, it is important that only general controls that are
relevant and applicable to the nature and size of the company be
considered. e general controls implemented by, for example, a large
multinational company will therefore differ from those of a small one-
person operation.
Figure 5.6: Six categories of general controls used in this text
Each of the categories of general controls in Figure 5.6 is brie y

described below and then discussed in more detail in the following
sections.
Controls around how the CIS department is structured (in terms of
its policies, procedures and operations, as well as the staff practices
employed in the company and CIS department) are commonly referred
to as organisational controls and personnel practices.
Key areas that have to be controlled are how changes are made to
the CIS and the acquisition or development of a new CIS. Because
acquiring or developing a new system is a costly process, system
development controls need to be implemented around the various
stages of system development and implementation of a new system.
Where a feature or part of a software package is amended or added,
change controls are needed.
Controls must be implemented to protect the system against
damage from physical threats, such as re and water, and also cyber
threats, such as viruses. Should something happen to the system, a
process needs to be in place to ensure that the company can resume
operations in the shortest possible time. ese controls are commonly
referred to as business continuity controls.
Operating controls are the controls that must be implemented
around the day-to-day running of the hardware and the software of the
CIS to ensure that they are operating effectively. Operating controls
include system maintenance controls.
In order to prevent and/or detect unauthorised individuals from
obtaining access to an organisation’s data or performing unauthorised
activities, access controls should be implemented around the
company’s premises and the CIS.1
Each of the six general control categories in Figure 5.6 can be further
divided into subareas that must be addressed in the implementation of
controls, as shown in Figure 5.7. Note that the systems development
controls and the change controls have been combined because they
cover similar subareas.
Figure 5.7: Overview of the subareas of general controls

e following sections provide a high-level overview of the key types of
general controls that a business should implement.
5.8.1 Organisational controls and personnel

practices
Organisational controls deal with how the CIS department is structured
and its activities managed. It includes IT staff practices. Organisational
controls should aim to develop an organisational culture that promotes
integrity, commitment to ethical values and competence.
A company must establish an organisational framework within
which it can manage its IT function and activities. e company must
ensure that a clear organisational structure is in place and that it
delegates responsibility to the appropriate people in a manner that
facilitates the achievement of segregation of duties. Because
responsibilities are distributed among many people and departments, it
is also important to establish clear reporting lines. is necessitates a
process in which all work is supervised and reviewed by a senior staff
member. Part of establishing an organisational structure is establishing
proper staff practices in order to ensure quali ed staff are employed
and that staff remain quali ed and up to date with new trends in IT.
Should a proper organisational structure not be in place, it could result

in, for example:
• Unauthorised transactions and activities being initiated by
unauthorised persons;
• Collusion that could result in theft and fraud;
• Multiple functions that were previously performed by separate
individuals now being performed by a single application, resulting in
unauthorised transactions being initiated and executed because of a
lack of segregation of duties;
• Misstatements going undetected because there is not sufficient
supervision and review in place; and
• Untrustworthy or incompetent persons being employed because of
poor staff practices, resulting in errors and fraud, and also negatively
affecting staff morale.
When implementing new or evaluating existing organisational controls,

management should follow a top-down approach. is starts with
creating an ethical culture and control environment (as was discussed
in section 5.3). e controls discussed in the following sections should
be implemented in this regard.
5.8.1.1 Delegation of responsibility

King IV™ requires that an ethical IT governance environment be created.
e board of directors must take responsibility for IT and IT governance
in a company by its actions, leadership, management philosophy and
style, as well as by the strategic objectives that are set. It is important to
communicate the corporate culture to the company’s employees by
means of policies and procedures. All employees, including
management, should comply with the policies and procedures, and
action should be taken against any and all employees who do not
comply.
Part of the responsibility for IT governance can be assigned to a
computer steering committee, which is responsible for managing IT
and acts as a communication channel between the users of IT and the
IT department. e steering committee should consist of
knowledgeable executive management with a business and IT
background to which matters can be delegated for resolution. A
company should also appoint a chief information officer (CIO) who
takes responsibility for the direction of IT and communicates with the
board and its committees such as the computer steering committee and
the audit committee about such matters.
e day-to-day management of IT can be delegated to an IT
manager who is responsible for managing the staff in the IT
department who are responsible for individual operational tasks, such
as the programmers, database administrators and help desk operators.
e IT staff often have the technical knowledge of the operation of IT,
but limited business experience.
In delegating responsibility, it is important to establish clear
reporting lines and levels of authority through which appropriate IT
personnel can communicate with and report to the board of directors
on a regular basis, if necessary. e delegation of responsibility will give
rise to an organisational structure in the company and the IT
department.
5.8.1.2 Segregation of duties

In establishing an organisational structure, the general principle behind
segregation of duties, namely, that no one staff member should be able
to perform incompatible functions, should be kept in mind. As in the
case in any operational department in a company, initiation,
authorisation, execution, recording and asset control should be
segregated (refer to Chapter 4, section 4.3.2.4(c)).
At minimum, by segregating the authorisation, recording and
custodial functions, an organisation could mitigate the risk of:
• Staff authorising ctitious or inaccurate transactions in order to
conceal theft of assets;
• Staff adjusting records in order to cover up inaccurate or falsi ed
entries that where improperly authorised; and
• Staff falsifying records in order to conceal theft of assets.
All incompatible duties should further be segregated in the IT

department and between the IT and the user departments. e
segregation of duties between IT and user departments involves the
following:
• e IT department should be organisationally separate from user
departments.
• e IT department should report directly to executive management.
• IT personnel should not be able to initiate or authorise transactions
or change transaction or master le data.
• IT personnel should not be able to gain access to company
resources, physical assets such as physical inventory, documentation
(such as invoices and receipts) or non-physical assets such as the
debtors or creditors master le data.
IT personnel should not be able to initiate work or correct user
• errors unless this has been requested and authorised by a user
department.
• Once IT personnel have performed work, the user department
should be responsible for reviewing the work and underlying data,
records and les.
e segregation of duties in the IT department involves the following:

• Ideally, all job functions should be segregated but, at a minimum,
segregation of duties is required in IT between the development
function, the operations function and the security function.
• ere should be segregation between initiation, authorisation,
processing, executing, custody and the reporting functions in IT.
e organisational structure of a company is dependent on the nature

and size of its operations. Figure 5.8 depicts a generalised
organisational structure of a large company with the focus on the
organisational structure of its IT department. For this reason, the
operational departments have been grouped together. e gure shows
lines of delegation, segregation of duties between job functions and
departments, and reporting lines. e descriptions of the job functions
fall outside the scope of this text and should be revised from your
Information Systems courses or from a detailed text on basic IT
concepts.
Figure 5.8: Organisational structure of an IT department in a large company
Google the job titles re ected in Figure 5.8.

Note: The organisational structure presented in Figure 5.8 would
be less complex in a smaller business
such as Ntsimbi Piping.
5.8.1.3 Reporting, supervision and review

All work that is performed by IT staff must be initiated by staff in a user
department. e user department ultimately remains responsible for
the information contained in its records. Users can perform various
checks to ensure the integrity of the data. ese include:
• High-level review: where management reviews the nancial
performance of the organisation on a periodic basis, evaluating the
performance compared to an expectation derived from budgets,
forecasts, past performance or an Industry benchmark.
• Analytical reviews and ratios: where the underlying relationships
between various sets of data are analysed and any unusual
deviations are investigated.
• Reconciliation of data on the system with data from independent
or external sources: where nancial information is con rmed with
another set of data on another system (for example, a bank
reconciliation) or where information is con rmed with a physical
evidence (such as during a stock count).
• Independent review: of logs, registers and detailed transaction
trails, where any unusual transaction is identi ed for further
investigation.
Work on the computer information system may only be initiated by the

IT staff under exceptional circumstances and with special
authorisation. While the work is being performed, it should be
supervised by a suitably quali ed senior member of staff from the IT
department who is available to give guidance and advice. Once the
work, irrespective of its nature, has been completed, it must be
reviewed by a knowledgeable, experienced manager, as well as the user
from the user department responsible for initiating the request. e IT
manager should also perform frequent reviews of the CIS.
System-generated activity logs and registers should be extracted
from the system and should be reviewed by a senior member of the IT
department. Any discrepancies should be investigated and resolved.
5.8.1.4 Personnel practices

Similar to any other department in a company, written policies and
procedures should be developed to ensure that competent IT staff are
hired, that staff receive the necessary training to remain competent and
that their performance is reviewed frequently, so that corrective
measures can be taken if required. Policies and procedures should be in
place around the following:
• e process of employing staff;
• Acceptable professional and personal behaviour and use of
company resources such as utility programs;
• Leave policies relating to compulsory leave and sick leave, taking
into account the need for continuity of operations and completion of
work;
• Staff scheduling and rotation of duties;
• Ongoing training of staff;
• Continuous evaluation of staff; and
• Dismissal and resignation of staff.
ese policies, as well as all job functions and descriptions, and levels
of authority of IT staff should be documented. In developing these
policies, the principles of segregation of duties, security, continuity of
operations, overreliance on staff and staff development should be kept
in mind. For more information about acceptable personnel practices,
refer to Chapter 9.
REFLECTION
What are the risks for a business (things that could go wrong)
should each of the controls listed in sections 5.8.1.1 to 5.8.1.4
not be present?
5.8.2 System development and change controls

System development and change controls are the controls that must be
implemented when a new computer program is developed or acquired
and where a signi cant change is made to a computer program or its
functionality. It is important to make a distinction between system
development and acquisition and a program change.
System development refers to the process that is followed when a
•
new system is developed in-house, whereas system acquisition
refers to the process followed when a new system is acquired from a
vendor. Both system development and system acquisition imply that
the system has not been used by the company before and, therefore,
these tend to be large projects with high costs. For example, a
company may implement a new management system, or automate
its production systems by implementing a new enterprise resource
management (ERM) system. Generally, such changes do not occur
on a frequent basis. e main risks arise from the fact that it is a new
system that has not been used by the company before. To respond to
these risks, stringent controls have to be implemented around the
selection of the system and the approval of the project, and its
development and testing. Special consideration must also be given
to the changeover from the old to the new system, including the
transfer of data between systems.
• Program changes, also known as program maintenance, refer to
changes or amendments to an existing program, for example, adding
a new module to a program or updating or adding features to a
program. Generally, these occur on a more frequent basis than
system development and acquisition. For example, a company that
is using an accounting package would like to change the accounting
package to include an automatic backup system, or a debtors clerk
might require a new age analysis report of debtors per location,
which is not an existing feature of the accounting package. Program
changes may then be requested by users in order to obtain these new
features. ese program changes ordinarily can be implemented at a
low cost and within a short period of time.
However, irrespective of the distinction, any request for a change, or

amendment to a computer system and the development of a new
system must go through the ve stages of the system development life
cycle (SDLC), which are:
1. Request submission, needs assessment and selection;
2. Planning and design;
3. System development and testing;
4. Implementation; and
5. Post-implementation review and training.
REFLECTION
How is this process of system development similiar to and
different from that of building a house?
e objectives of system development and change controls are to

ensure that the new system or a change made to the system is effected
to meet users’ needs and is cost-efficient (i.e. remains within budget).
To achieve this, controls must be implemented in each of these stages in
the system development life cycle. If proper controls are not in place, it
could result in system errors, incorrect or fraudulent processing, cost
overruns and non-compliance with development and quality
standards, reporting requirements and legislation. Errors made in the
development process result in errors during the development of the
system and the transfer of information during the initiation of the
system. ese errors could also have an ongoing impact for the entire
time that the new system is in operation as they expose the entire
system to the consequences mentioned previously.
System development and acquisition controls, and program change
controls, are discussed below in sections 5.8.2.1 and 5.8.2.2,
respectively. e nature of the controls around system development
and acquisition, and program changes, are the same in principle.
However, the exact details of the controls implemented over these two
processes can differ, as the risks for system development and
acquisition are higher than for program changes. For example, with
system development and acquisition, key risk areas include risks
relating to a detailed needs assessment and program selection and
approval, whereas for a program change, these risks are not as high.
Similarly, the implementation and conversion from one system to
another system carries greater risk than adding a new functionality to
an existing package or system. e controls must be customised
according to the risks.
5.8.2.1 System development and acquisition

As noted earlier, when implementing controls, management should
follow a system development life cycle approach. A company can
decide either to develop a package or system in-house or acquire a
package or system from a vendor. Each of these two approaches has its
own advantages and disadvantages. A discussion of these falls outside
the scope of this text and should be revised from your Information
Systems courses or from a detailed text on basic IT concepts. A
combination of these approaches could also be used.
e process of developing a new system is similar in principle to the
process of purchasing a new system. However, the controls relating to
the development of the system’s requirements and the programming of
the system are not applicable to purchasing a new system. In the case of
a purchased package or system, the purchaser must use the features
that come standard with the system (assuming they cannot be changed
by the purchaser and that the features of the system meet the needs of
the users) and the programming has already been done by the software
vendor.
e controls applicable to developing a computer program in-house
are discussed in the sections below. Irrespective of whether the package
or system is developed in-house or is acquired from a third-party
vendor, the controls listed below should be implemented.
5.8.2.1.1 Request submission, needs assessment and selection

Projects should originate from either a written user request or a
genuine business need identi ed by management in order to achieve a
strategic imperative. All requests should be documented and presented
to the board of directors or delegated committee such as the computer
steering committee to investigate and approve. Depending on the size
of the project and the risks involved, a feasibility study should be
conducted including:
• A comprehensive user needs assessment;
• An investigation into the resources required for the project;
• An investigation into various alternative solutions, considering the
option to purchase an established package or system, make changes
to the existing package or system, or develop a new package or
system in-house;
• Cost-bene t analysis, detailing all the costs, as well as all nancial
and other bene ts of each option; and
• A time planner showing all the deadlines.
e purpose of the feasibility study is to produce a recommended

course of action. Once the project has been approved in principle by all
affected role-players and senior management, the planning
commences.
5.8.2.1.2 Planning and design

e computer steering committee should appoint a project team to
manage the project. e project team should include not only IT
personnel, but also appropriate personnel from the user departments
affected by the project and should include nancial, operational and
controls knowledge. e IT personnel are responsible for the system
development, whereas the other personnel act in an advisory capacity.
All work performed by this project team (including system
development, programming and documentation) should be conducted
in accordance with prede ned generally accepted programming
standards and control frameworks. Various standards can be used, for
example, components of the ISO 9000 series or PRINCE2 control
frameworks on project management. It is important that the system
development is conducted in terms of international standards in order
to ensure that the program and programming is understood and can be
updated relatively easily in later years.
e project team prepares a project plan, which contains the
timeline for the project and highlights the milestones and tasks to be
completed by certain deadlines. ese tasks are allocated to the
appropriate IT staff member. e project plan is used to monitor and
evaluate the progress of the project, which is reported back to the
computer steering committee on a regular basis. e project plan can
also be used to measure a project’s performance. Poor monitoring
could result in the costs of the project increasing uncontrollably, as was
the case in National Treasury’s Integrated Financial Management
System project (refer to the ‘In the News’ box on the next page).
Once the project plan is set, a business analyst must perform a
detailed investigation into the user needs. e analyst must undertake
an investigation to understand all affected users’ requirements,
including those of internal and external auditors. is needs assessment
forms the basis of the preliminary system speci cation, which is used
by the programmers to develop the system. e needs assessment
and/or the system speci cation must be reviewed and signed off by the
heads of all user departments before programming can commence.
IN THE NEWS
10 years of expenditure yielding no results
The National Treasury initiated the Integrated Financial
Management System (IFMS) project and spent R1 billion on the
rst phase. Another R1,2 billion was spent during the second
phase of the project. IFMS was never implemented. IFMS was
supposed to modernise the government’s IT system across
departments. The failure was due to the internal controls of
National Treasury not identifying problems in the project. Project
costing was prepared informally, with consultants monitoring
themselves and ineffective internal monitoring controls.
5.8.2.1.3 System development and testing

System development and programming should be divided into three
areas, each with its own purpose:
• Development area: e development area is used to program and
develop the system. e programmers should code/write the
software independently of the live system and data. ey work on
various versions of the program, and having a program library, a
librarian (who keeps track of the use of data, programs and
documentation) and proper version control are therefore important.
• Test area: Once the programming has been completed, the program
is tested in the test area using, for example, test data. Again, testing
should take place completely independently of the live system and
data, and the results reviewed and approved by the relevant line
manager. Various tests can be performed on the operations and
performance of the hardware and software, including a:
• Program test, which tests the processing logic of a single
program to verify whether all situations are treated correctly.
• String/series test, which tests the linking to a related program,
for example the correctness of data transfer from one program to
another.
• System test, which tests all programs when used together as a
single system, thereby ensuring the individual programs integrate
properly.
• Stress/Tension test, which tests the performance and capacity of
the system when it is subjected to a high volume of processing
and is experiencing demand on its resources.
• User acceptance testing phase, where the users, including
management, test the program’s functionality. Also, the internal
(and external, if applicable) auditors should test the
appropriateness of the controls in the system. If necessary,
adjustments should be made to the system based on the feedback
received.
• Production area: Once the testing is complete, the program should
be moved to the production area or live system. However, before the
system goes live, the system should be reviewed again by all affected
personnel for nal approval. e test results should be presented to
the computer steering committee for review.
In instances where testing is not performed properly, it could result in

performance problems that could be costly, such as with the
implementation of the eNaTIS system by South African traffic
departments, which is demonstrated in the news article following Table
5.1.
5.8.2.1.4 Implementation
When implementing the new program, controls need to be
implemented in relation to the conversion to the new program, as well
as in relation to the transfer of the data from the old program to the
new program. e implementation process is a project in its own right
and it should be run as a mini-project with its own project team and/or
data control group (i.e. a dedicated group of personnel). e process
must be placed under the supervision of senior experienced staff
members. e conversion process takes place in the three stages set out
in Table 5.1. Appropriate examples relating to an inventory system have
been included in the table.
Once the system has gone live, it is necessary to ensure the entire
development process is documented and stored in a safe location for
future use. Furthermore, documentation about the system and its
operations, including training material, should be updated.
All users should receive appropriate training on the operations of
the system that relate to their job function.
Table 5.1: Stages in the conversion process
SYSTEM CLOSE-OFF
SYSTEM POST-CONVERSION
AND DATA CLEAN
CONVERSION REVIEW
UP
• A changeover One of three • The old and new

date must be set methods of data and les
(e.g. year-end, implementing the should be
interim stocktake new system can be compared (e.g.
date). used: reconcile the
• All nancial inventory codes
• Parallel
transactions in between the two
processing: The
the old system systems).
old and new
have to be closed systems run • All necessary
off (e.g. record concurrently for a control totals (e.g.
cost of sales hash total of
SYSTEM CLOSE-OFF
AND DATA CLEAN
CONVERSION REVIEW
UP
entry in a periodic limited period of inventory codes),
inventory time. nancial balances
system). • Direct shut down: (e.g. total value of
• All data in the old The entire old inventory per type)
system must be system is shut and record counts
cleaned up and down at once and on the new
corrected and the new system system should be
tests performed launched calculated.
to ensure that all immediately • The calculated
data is complete thereafter. control totals,
(e.g. perform • Modular (phased) nancial balances
inventory count). implementation: and record counts
• All necessary The old system is on the old system
control totals and phased out in should be
nancial balances sections and the reconciled to the
should be new system takes control totals,
calculated (e.g. its place nancial balances
total inventory on according to a set and record counts
hand, hash totals time frame. on the new
of inventory system.
codes). Each of these • The data on the
• Record counts methods has its own new system
should be advantages and should be
performed (e.g. disadvantages. compared to the
count number of Modular results of the
inventory codes). implementation is external
considered the least con rmations (e.g.
• Where possible,
risky and the most inventory count)
all data should be
cost-effective. (where
externally veri ed
Parallel applicable).
(e.g. perform
implementation is
inventory counts).
the most resource
SYSTEM CLOSE-OFF
AND DATA CLEAN
CONVERSION REVIEW
UP
Backup should be intensive, although it • Exception reports
made of the old could be considered should be
system. safe because of the extracted from the
Data on the old control totals that new system on all
• system must be can be reconciled les, noting
signed off by all between the two unusual data
affected parties systems running elds (e.g.
as accurate and concurrently. damaged
complete. However, in practice, inventory
staff nd it dif cult identi ed,
to maintain two incorrect control
systems at the totals, negative
same time, as it quantities,
increases the risk of alphabetic
misstatements. characters in
quantity eld).
• Any discrepancies
identi ed in
performing the
above-mentioned
steps and unusual
items must be
investigated and
resolved.
• A register or
exception report
of all
discrepancies or
unusual items
identi ed should
be maintained for
SYSTEM CLOSE-OFF
AND DATA CLEAN
CONVERSION REVIEW
UP
investigation and
approval by the
users, once
resolved.
• Any discrepancies
must be
investigated and
resolved.
IN THE NEWS
eNaTIS and Aarto fail to impress
A good example of project failure is the Electronic National
Administration Traf c Information System (eNaTIS), South Africa’s
upgraded transport information system, used, among other
things, to issue and manage drivers’ licences. The system, which
cost R408 million, was doomed to failure before it was
introduced.
The Auditor-General stated in the nal report that he was 80%
sure that the system was going to fail. The Auditor-General’s
investigation examined 24 aspects of eNaTIS and found 19 of
them to be ‘high risk’. But despite this warning, the government
still went ahead with the implementation of the system.
There were also many errors in the Aarto driving licence
system. Prior to the launch of the system, assessment reports of
two pilot projects highlighted the nightmare it proved to be for
drivers and municipalities. The report shows that the driver
demerit system led to various problems in training traf c police in
how to implement the system, but more importantly it was found
that 60% of the addresses of motorists stored on eNaTIS were
incorrect. eNaTIS is the register for all vehicles, driving licences,
contraventions and accident data. This meant that drivers could
be unaware of the fact that they might have incurred demerit
points because the noti cation of offences would be sent to an
incorrect mailing address. Companies employing drivers
complained they would have to incur costs in monitoring the
status of their drivers. Should a driver lose his or her licence, it
would have labour law implications for a company. Municipalities
received a lot of correspondence and complaints from drivers
and incurred high costs due to the incorrect addressing of letters
of offence, as all letters had to be sent by registered mail.
5.8.2.1.5 Post-implementation review

Any errors that occur after the new system has become operational
should be corrected and a register of these maintained by IT. A couple
of months after the system has become operational, a post-
implementation review of the system should be conducted by the user
department, IT personnel, internal (and external, if applicable) auditors
and members of management to determine whether:
• e system meets the respective users’ needs in terms of
performance and functionality;
• e necessary controls have been implemented;
• Misstatements that were detected have been resolved;
• e system development process was effective; and
• e system documentation and training material is sufficient.
5.8.2.2 Change controls

As mentioned earlier in this chapter, system development is viewed as a
signi cant change to the system, which requires a signi cant
investment in time and resources, hence requiring many controls
around authorisation, development, programming, implementation
and post-implementation review. As the needs of users change, it is also
necessary to make less signi cant amendments to the functionality of a
program or simply to update the program to meet users’ needs. ese
are known as program changes.
e objectives of program change controls are to ensure that all
changes are effected accurately in the most efficient manner and that
they meet user needs. Controlling the manner in which program
changes are made is just as important as controlling system
development, as a small error when making program changes could
have the same severe adverse consequences as making an error during
system development. e process that should be followed during
program changes is similar in principle to that of system development.
e ve stages of the system development life cycle (section 5.8.2)
should be followed. However, program changes are less resource
intensive in terms of work to be performed, time needed to implement
the change and levels of approval required. Also, more consideration is
given to maintaining documentation to keep track of requests for a
program change, given the high volume of requests that may be
received in any given period.
Because of the frequent nature of program change requests, users
should be required to complete written requests on prenumbered,
preprinted standard forms. Each request should be logged in a request
register for later review and investigation. If feasible and justi able, the
program change request must be approved by the relevant line
manager. Once a program change has been effected, it must be
recorded in the register. Periodically, management must follow up any
requests not completed within a reasonable time period.
Another difference with a program change request is that because it
is not an entirely new system that is implemented, there is no need to
have such stringent controls around con rming the accuracy,
completeness and validity of the data on the system before
implementing the change. However, if a request for a program change is
expected to have a signi cant impact on the system, the full suite of
system development controls should be followed in order to mitigate
the risks.
REFLECTION
What controls should be in place for a program maintenance
request?
5.8.3 Access controls

One of the areas that in recent times has probably received the greatest
media exposure is access controls and information security (or the lack
thereof ). Information has become one of a company’s greatest assets
and must therefore be protected against unauthorised access and use
by, for example, hackers. is could result in theft of or damage to
company assets, but also a loss of information, which could impact on
the integrity of the system. With the advancement of technology, the
focus has shifted from physically securing access to, for example, a
company’s premises and physical assets, to securing information and
data in the computer system. Access controls are controls, physical or
computerised, that are implemented to prevent unauthorised persons
from gaining access, and also to limit the activities of authorised
persons to authorised areas. When management implements access
controls, they should attempt to use the least privilege principle, in
terms of which personnel should be given access only to data and
systems that are necessary for them to perform their duties properly.
In today’s connected world, detecting unauthorised access has
become as important as preventing unauthorised access. In order to
protect all the company’s assets, including information, a company
should use a comprehensive strategy that follows a systematic process
that prevents and detects unauthorised access. is starts by limiting
access from the outside of the company and then works towards
controlling access on the inside of the company. A company should
therefore develop a comprehensive security management policy that
documents the process used to identify security risks, allocates
responsibility to employees to act in a security-conscious manner, and
holds them accountable for their actions.
Physical access controls should be developed to control access
from the outside into the company, using a walk-through
methodology in which you imagine yourself walking through a
company’s premises. e outside premises of the company should be
secured, with limited access points. Inside the company, movement
should be restricted between various areas within the company, and
physical access to computers should be limited. Physical security
measures should also be implemented around computers, les and any
other relevant hardware. Physical access controls include locked gates
and doors, security guards and cameras.
Should an unauthorised person nevertheless manage to gain
physical access to a computer or gain electronic access via the internet
or by other means, access should be limited by logical access controls.
ese are electronic measures such as usernames, passwords and
advanced technologies such as encryption and rewalls. Logs and audit
trails are good tools that can be used by management to identify
unauthorised access, activities and use of computer resources.
Given the signi cance of the risks posed by unauthorised access, a
company should implement a multi-level security strategy, comprising
both preventative and detective controls, to prevent and detect
unauthorised access.
5.8.3.1 Preventative controls
5.8.3.1.1 Security management policy

Management should drive a culture of security awareness. is can be
achieved by implementing a risk management process in which a
company continuously evaluates its processes in order to identify
security risks and threats and then acts accordingly.
It is necessary to develop a security management policy that is
widely distributed to all employees, who acknowledge that they have
agreed to comply with the policy (by means of, for example, including a
clause in an employee’s employment contract or having an employee
indicate in a tick box that he or she agrees to the company’s internet
policy before he or she can access the internet). e policy should be
driven by principles (rather than details) and if these principles are not
adhered to, appropriate action should be taken against guilty
employees.
DID YOU KNOW?

The Protection of Personal Information Act 4 of 2013 makes it a
legal requirement to report all incidents where personal
information is compromised, and introduces civil as well as
criminal liability for non-compliance.
5.8.3.1.2 Physical access controls

Every company’s IT department is structured differently, and, as
discussed earlier in this chapter, the speci c controls that are
implemented depend on the needs of the company. is principle also
holds true for access controls. If we use a company with a separate IT
department and a server room as an example, this type of company
should restrict physical access as follows:
• To the company’s premises;
• To the IT facilities/department;
• To any areas in the IT facilities that contain sensitive information or
high-value hardware, such as a server room or backup facilities;
• To the use of computer terminals; and
• To any sensitive information such as important les, documents or
programs.
Access to the premises and IT department

In order to limit access to its premises or within its premises, a company
can use the following physical access controls:
• Restricting physical access and movement by means of high
electri ed fences around the company’s premises;
• Installing security gates and magnetic doors, which open by means
of an electronic tag, pin pad or biometric identi cation (such as
ngerprint or retina scanning) and which close after use;
• e presence of security guards at all entrances and exits, as well as
at key security points inside the company’s premises at all times of
the day. e number of potential entry and exit points should also be
limited to a minimum;
• A process by which visitors must sign a register at reception or
security before gaining access to the premises. ey should also be
clearly identi able by displaying a visitor tag. If possible, special
arrangements should be made for visitors that they (1) should not be
able to visit the premises without a scheduled appointment, and (2)
should not be able to move around the premises unaccompanied;
• Doors should remain locked at all times and should only be opened
by a special key, magnetic card or a biometric system;
• e premises should be monitored by closed-circuit TV monitors;
• Important hardware should be locked away in a dedicated room,
cupboard or safe. is also applies to important documents, data
and programs; and
• Physical logs or registers should be maintained of all visitors to the
premises, as well as an electronic log of the movement of visitors and
personnel within the company’s premises. ese logs and registers
should be frequently reviewed and any unusual movement or
activities (such as frequent late-night access by a particular
employee) should be investigated by a senior security member or a
senior staff member of the
IT department.
REFLECTION
Go to the computer laboratory that you use at your university. As
you walk to and enter the laboratory, what physical access
controls to the premises can you identify?
Access to computer terminals
It is not always possible to limit computer terminals to a speci c
location in the company. erefore, it is important to implement
controls around terminals. In order to limit access to terminals, a
company can use the following physical access controls:
• e computer terminal should preferably be located in an office or
dedicated, lockable room with only one secure access point, or
otherwise in a highly visible area away from general access. It is also
important that all staff members should have a way of identifying
themselves as being authorised to have access to computer
resources or to move around the IT department (such as a photo
identity staff card). Levels of authorisation and access could also be
displayed.
• If practically possible, a member of management should supervise
the activities on the computers.
• Access to computers should be limited to office hours, either
physically, by locking the premises after hours, or electronically, by
means of the job scheduling function in a computer package, which
only allows an application to be opened during speci c hours of the
day. Any work performed after office hours should be authorised.
• Access to the computer can be limited using either a terminal lock or
a biometric thumbprint scanner.
• e computer or any hardware should be securely fastened to the
table or desk so that it cannot be stolen or removed. is can be done
either by a cable (such as a Kensington lock) or by encasing it in a
metal box mounted to the wall or oor.
• Logs or activity registers should be maintained of all work performed
on the computer. ese should be reviewed on a frequent basis and
any unusual activity should be investigated.
Access to other sensitive information

Access to sensitive les, programs, documentation, and hardware
devices should be limited by the implementation of the following
physical access controls:
• Safely storing the devices in a separate place, either in a separate
room or locked cupboard or safe; and
• Where sensitive les, programs, documentation and portable
hardware devices are issued for use, the company should employ a
data librarian whose job it is to keep track of the use of these items.
is can be done by maintaining a register, which must be signed
when an item is issued and returned.
5.8.3.1.3 Logical access controls

It is not always possible or practical to keep IT systems and data in
isolation and away from physical contact and threats because
computers are used in all aspects of companies’ operations and it
would hinder operations if all physical access were restricted. Moreover,
a company’s IT resources are threatened not only by physical threats,
but also from electronic sources such as hackers, viruses, malware (also
known as malicious software – software speci cally written to damage
computer systems). Another threat is authorised personnel performing
unauthorised activities (such as an IT technician attempting to access
the payroll system or a debtors clerk attempting to access bank
accounts and cash).
Logical access controls are computerised access controls that are
implemented within the system and which limit access to terminals,
networks, data and functionality (read, write, delete and change). ese
controls are not initiated by a user, but are written into the computer
system itself. Logical access controls assign proper access rights to
personnel to ensure that only authorised personnel have access to
terminals, networks, data and functionality on a least privilege basis (as
explained earlier in this chapter). Logical access controls electronically
prevent unauthorised personnel from gaining access and help to detect
unauthorised access where this has occurred. Logical access controls
assist in the identi cation, authentication and authorisation of users
and electronic devices and resources (such as computer terminals or
other systems) that might request access to the system.
Where logical access controls control access to the system as a
whole, they are classi ed as general controls. Access controls that
control access to speci c application programs are classi ed as
application controls.
Identi cation
Users requesting access to the computer system can be identi ed by
means of, among other things:
• User identi cation number or username;
• Magnetic cards; and
• Biometric techniques, such as thumbprint or retina scans.
Electronic resources and devices requesting access to the computer

system can be identi ed by means of, among other things,
identi cation numbers or tag names, such as a computer’s terminal
name, or an internet protocol (IP) address.
Authentication
For the above-mentioned identi cation mechanisms to work
effectively, they should be linked to some mechanisms to authenticate
(i.e. verify the identity of ) the user or electronic resource or device
requesting access to the system.
is is done by an access table which links each username or device
identi cation number to some method of authentication, such as:
• A unique password (for sensitive transactions such as payments in
excess of a particular amount, multiple passwords could be
required);
• A speci c question as de ned by the user to which only that user
would know the answer, such as the user’s favourite primary school
teacher’s name or his or her pet’s birthday;
• An electronic key, magnetic card or USB device (called a dongle) that
contains authentication-related information unique to the user;
• A physical attribute unique to the user such as a ngerprint or face
scan; and
• An additional password sent to the user’s cellphone or email account
to be entered once the account has activated to gain nal access.
In order to limit the risk of automated breaches of the system by bots

and to con rm that it is a human who logs into the system, an
organisation could make use of picture mapping, where the user must
either re-enter a combination of characters represented graphically or
identify blocks in an image that meet a pre-set criteria.
If the username and the authentication provided do not match, the user
is not granted access to the system. e most common form of
authentication is a password. For a password to be effective, it must
meet the following minimum criteria and controls:
1. It must be unique to each user and should not be obvious or easy
to guess.
2. It should remain con dential.
3. It should have a minimum length, for example, at least ve
characters.
4. e password should consist of a combination of letters, gures
and symbols (%$#*&) and contain both upper and lower case
letters.
5. New users should change their initial password the rst time they
log on to the system.
6. Passwords should be changed frequently, for example, once every
three months, and may not be reused.
7. e password should not be displayed on the screen, printed in a
report or maintained in a transaction log, and should rather be
re ected as: ‘*****’. Users should also be prohibited from disclosing
or sharing passwords.
8. Usernames and passwords should be disabled if someone resigns
or moves to another department.
9. Electronic les in which passwords are stored by the system should
be encrypted to prevent unauthorised access to password details.
10. e system should maintain an activity register that records the
time when staff log on and off and the nature of the activities
performed.
11. If a password is unsuccessfully entered, say three times, the user’s
access should be blocked and only reinstated by management after
a detailed investigation.
12. If the system is inactive for a predetermined period of time, the
system should either log off the user or initiate a screensaver
password.
13. If the system detects a breach in security, the system should
automatically shut down and only be reactivated once the IT
managers have investigated the breach.
REFLECTION
Have you changed your password for your Facebook or Twitter
account recently? If so, what password controls were present?
Authorisation
Once the user or device is authenticated, access to the system (or parts
thereof ) and data les, as well as the functionality (read, write, delete or
change) that the user has access to must be limited to those computer
resources that are required for the user to perform his or her work. A
package can use an access table to de ne the access rights of each staff
level at both a systems level (general control) and to a particular
application program (application control). Access rights are set up once
a new user is added onto the system. Users could be granted general
authorisation rights given to, for example, a category of staff relating to a
category of transactions or functions. A user might also require speci c
authorisation for higher risk transactions, which would require, for
example, a second staff member to authorise a transaction.
5.8.3.2 Detective and corrective controls
5.8.3.2.1 Logs, activity registers and security violation reports

Logs, activity registers and security violation reports should be
maintained in respect of, for example:
• All visitors to the premises, as well as an electronic log of the
movement of personnel within the company’s premises;
• All sign-off and sign-on details;
• Changes to usernames and passwords; and
• Work performed on the computer, as well as use of equipment.
ese logs, registers and reports should be reviewed by management on
a regular basis and any unusual movement or activities should be
investigated by a senior security member or a senior member of the IT
department.
5.8.3.3 Other important security controls
5.8.3.3.1 Library function

A library function should be created in terms of which a designated
employee, a data librarian, is made responsible for securing and
managing data, les, documentation, programs and user rights. e
data librarian maintains the library in a manner similar to the running
of a public library. is function should not only address electronic data,
les, documentation, programs and user rights, but also physical data,
les, documentation and programs. A data librarian is the custodian of
these data, les, documentation and programs and is responsible for
maintaining records of the use of these assets, and for implementing
security controls, thereby ensuring the integrity of the data, les,
documentation and programs. e data librarian also limits the rights of
and manner in which users use utility programs and gain administrator
user access.
5.8.3.3.2 Data communication

When communicating information between two sources, electronic
security measures such as the following should be in place:
• Encryption is software that converts or encodes data in code that
cannot be read unless the necessary encryption key is available.
• Firewalls are software that restricts the in ow of information to, and
out ow of information from, a computer system. A rewall is
implemented between the computer and the internet connection
and monitors the content of data transmitted between the computer
and the recipient via the internet. Data considered suspicious may
be rejected by the rewall. In most cases, the rewall is equipped
with an antivirus program, as well as an antimalware program to
detect unwanted intrusion.
• A call-back facility is an authentication mechanism. Once a valid
device (for example computer or mobile device) has been identi ed,
authenticated, authorised and connected to the computer system
(for example, network or server), the system disconnects the device
and reconnects with the device using an identi cation number (such
as a dial-up phone number) stored on the computer system.
• Antivirus and malware programs are software that blocks viruses
and malware from infecting a computer.
• Assurance logos are certi cation logos, such as ‘awte’ or
‘Webtrust’, that are displayed on a website showing that the company
uses a reliable, trustworthy and well-known encryption or security
system. is system gives a potential user assurance that he or she
can transact safely and securely with the company. Companies can
also engage independent security or IT consultants to perform tests
and procedures on the integrity of the company’s website in an
attempt to obtain credible certi cation and assurance to be
displayed on the website.
e above-mentioned electronic security measures should be evaluated

and updated on a frequent basis in order for them to remain current
and reliable (e.g. the latest patches should be loaded as they become
available). South Africa has seen an increase in cyber attacks. ese
attacks have become more frequent as increasingly data is stored online
and more devices are connected to the internet.
IN THE NEWS
Increase in cyber attacks
South Africa’s formal business sector and much of society are
already highly dependent on digital platforms, with a strong
emphasis on mobile technology, as is common in developing
economies.
According to computer forensics company Cyanre, the US
Federal Bureau of Investigation (FBI) has ranked South Africa
sixth and seventh on the cybercrime predator list in 2017, which
means that there is an increasing incidence of fraud being
perpetrated from the country. South Africa was the twenty-third
highest attacked country in terms of hacking and cybercrime. The
year 2017 was characterised by four main cyber-crime trends:
massive malware attacks, attacks against crypto-currency
exchanges, major data breaches and widespread use of hacking
tools. There have been a number of well-published cyber attacks.
One example is phishing attacks. It is estimated that one out
of 14 emails sent in South Africa is a scam, with 79% of all
online phishing victims losing money. The estimated loss per
incident in South Africa amounts to, on average, $476. While
calculating the direct cost of a breach is dif cult enough, it can
also have indirect costs.
Other examples include the WannaCry ransomware attack
that affected at least 200 000 organisations globally, and
NotPetya and Bad Rabbit. In these attacks, users access to their
own data was restricted.
Major data breaches also occurred in 2017. LinkedIn,
Dropbox and Yahoo were global victims. Locally, the personal
records of around half the South African population were found
on the Dark Web thanks to a hack of the Deeds Of ce and, in
September, the South African branch of web hosting company
Hetzner was hacked, compromising client data.
Cyber attacks, although illegal, can also facilitate social
reform. Internationally, the Panama Papers leaked emails
identi ed corrupt practices in the private and public sector,
implicating well-known public gures. In South Africa, the Gupta
email leaks disclosed public sector corruption and untoward
personal relationships between public gures.
5.8.4 Business continuity controls

Business continuity controls ensure the continuity of processing (and
operations). In other words, they either prevent system interruptions or
they limit the impact of interruptions from acts of nature or damage
caused by users. System interruptions may manifest themselves as
physical damage to the computer system, such as water or re damage,
nancial or information losses (e.g. from persons taking part in
unauthorised activities and actions), or stoppage of operations due to
faulty computer equipment. In order to limit the impact of interruptions
on the business, a process should be implemented to assist a company
to resume operations as quickly as possible, by means of the use of
backup copies and a disaster recovery plan.
5.8.4.1 Preventative controls

Controls should be implemented to protect a company against non-
physical dangers (such as unauthorised users) and physical dangers
(such as natural and environmental hazards like water, re, power
interruption and wear and tear over time).
5.8.4.1.1 Non-physical dangers

As non-physical dangers relate to access to the computer system by
(authorised or unauthorised) users, the controls to address these
dangers are physical and logical access controls (refer to section 5.8.3).
5.8.4.1.2 Physical dangers

e following controls can be implemented to protect a company
against the elements:
• Fire: Fire alarms, re extinguishers and smoke detectors should be
installed. CO2 re extinguishers rather than water extinguishers
should be used to avoid damage. If possible, air conditioning should
be used to keep temperature at a suitable level for the effective
functioning of the computer hardware (i.e. preventing overheating).
• Construction and location: Before a computer facility is planned,
consideration must be given to locating the facility away from
obvious hazards, such as rivers, high traffic areas and production
facilities. e building’s construction must be solid, also elevated if
possible, and it must have durable reproof walls and oors. Fire
doors with automatic locks can also be used.
• Electricity: A mechanism should be installed to protect the
company against power failures (such as continuous power supply,
emergency generators and stand-by batteries), as well as power
surges (such as surge protectors on all electronic equipment).
Consideration should also be given to installing renewable energy
supplies, such as solar panels.
• Water: Cables can be protected against water damage simply by
situating them away from taps and water pipes. Special cable
protection must, however, be implemented around important
cables, such as main power cables and bre optic cables.
• Environment: An environment should be created in the IT
department that allows the computer hardware to operate at its
optimal level. e computer area should not have windows that can
be opened. e computer area should be climate controlled by
means of air-conditioning and temperature control. It should also be
kept neat, tidy and dust-free.
• Time: It is also important that regular maintenance is performed in
order to reduce the chance of failure over time due to wear and tear.
• eft: Unauthorised removal of IT infrastructure poses a signi cant
risk to the continuation of an organisation’s business. Measures must
be implemented to limit access.
5.8.4.2 Detective and corrective controls

In order to limit losses if business is interrupted, a company should
have backup copies available and an emergency plan that can be
executed during a disaster, as well as emergency recovery procedures to
help it recommence operations soon after a disaster.
5.8.4.2.1 Backups
A business should maintain suitable backups of all source documents
and records. Backups can take many forms, including having backup
staff, using redundant or duplicate systems as backup processing
facilities, saving data in multiple locations and making backup copies of
data and programs. Backup copies of data and programs should be
made frequently using the following guidelines:
• A formalised backup policy that states when and how backups are to
be made must be in place.
• e policy should state which les should be backed up and it
should include all operating and nancial information necessary for
a business to recommence operations should a disaster occur.
• Regular backups must be scheduled and made. At least three
generations of backups should be maintained. is includes weekly
backups of all data, monthly backups of all operational and nancial
les and quarterly backups of the entire system (including all
devices).
• Backups should be stored in a secure location off-site, preferably in a
reproof facility. e viability of cloud services should also be
considered.
• e backup copies must be tested frequently.
In today’s business environment, it is also possible to back up data and

resources to a third party (also known as a service organisation, which
is a company that specialises in rendering a backup service to its
clients). is can, however, be costly. For smaller businesses, there are
cost-effective backup alternatives available online, such as Dropbox.
5.8.4.2.2 Emergency recovery plan

Having backups is not sufficient if not supported by a comprehensive
plan that outlines how a business should act during and after a disaster.
is plan should have the following characteristics:
• A written emergency recovery plan/strategy document should be in
place, containing set procedures relating to the duties and
responsibilities of each employee during a disaster, including break-
ins. is emergency recovery plan/strategy document must be
widely distributed.
• A list of data and program les that are key to the operations of the
business and that have to be recovered in case of disaster must be
prepared. is list highlights the data and programs that should be
recovered rst by staff during a disaster, as well as all the necessary
documents that must be removed from the premises.
• An alternative processing facility should be in place at which the
company’s core operations can continue to operate. An agreement
should be concluded with, for example, a service organisation or
trade partners that have backup facilities available.
• Provision should be made for testing the emergency recovery plan to
identify weaknesses, to set out the responsibilities of the persons
involved and to test their awareness of the plan.
5.8.4.2.3 Mitigating the impact

Not all companies can afford expensive backup facilities and have a
comprehensive plan to continue operations after a disaster. erefore,
companies must ensure that they have sufficient and appropriate
insurance cover in place that covers all pertinent risks, including losses
of pro ts arising from a loss of business due to a disaster.
A company should also avoid over-reliance on staff and should
ensure that there are sufficient quali ed staff members than can act as
backup personnel. Refer to section 5.8.1.4 for a detailed discussion
about personnel practices.
5.8.5 Operating controls and system

maintenance controls
In order to ensure the smooth running of a company’s operations and
that the computer system operates in a correct and consistent manner,
it is necessary to implement operating controls and system
maintenance controls. Operating controls and system maintenance
controls deal speci cally with the technical manner in which the CIS
operates, rather than with internal controls around information. It sets
standards on how to manage the IT resources by:
• Scheduling when production runs and processing take place to
ensure IT resources are used effectively;
• Setting standards for the operating activities, maintenance and use
of assets. is includes ensuring that the necessary computer checks
and tests are in place (these are technical in nature and therefore fall
outside the scope of this text);
• Ensuring that library controls are in place to keep track of and secure
data, les, programs and documentation. e librarian is responsible
for maintaining a sound management system for data, les,
programs and documentation;
• Maintaining logs and activity registers of the use of software and
hardware, as well as related problems (e.g. attempts at unauthorised
access and virus infections), and review of these by management
with follow-up if required; and
• Implementing policies about acceptable user behaviour and best
practices to ensure the effective operations of the hardware and the
software, such as policies regarding frequency of backups, disaster
recovery procedures, personnel habits and reviews of logs and
registers. ese policies should also include the operating
procedures of the IT department.
e IT manager should be responsible for formulating, setting up and

implementing these standards. Given the technical knowledge required
to set up and operate the operating and systems software and
implement the controls, IT technicians are mainly responsible for
implementing and maintaining these controls.
5.9 Which controls relate to the

computerised processing of business
transactions?
5.9.1 Background
An application is a program that performs a task for the user of the CIS.
Application controls are the manual controls (performed by humans)
and automated controls (performed by the computer system) in a
particular application (e.g. sales and debtors) through which a
transaction is initiated, recorded, processed and reported. ere are
also application controls in the process by which changes are made to
standing data used by the application. Speci c internal application
controls are in place over the use of a particular application to provide
reasonable assurance that transactions have occurred, have been
authorised (i.e. are valid transactions) and are recorded, processed and
reported completely and accurately. ey include controls over the
maintenance of the relevant master le data. e primary objective of
application controls is to prevent, or detect and correct, misstatements
from arising when a transaction is input to, or processed by, an
application program or output is generated by the application.
Application controls are implemented in respect of a speci c
computer program or system. ese controls therefore impact on the
various types of transactions handled by a speci c computer
application, program or system (such as sales, purchases or payroll).
Application controls are implemented with respect to the capturing of
information, recording of information, processing of data in the CIS and
distributing the output. Application controls can be implemented in the
sequence in which a transaction is handled by the entity and its
computer systems as depicted in Figure 5.9.
e individual application controls in the various stages of
processing of a transaction (namely input, processing, output and,
where applicable, master le changes) are discussed in the following
sections. It is easiest to understand when imagining yourself sitting in
front of a computer processing data through the system.
e input of a transaction relates to the capturing or initiation
thereof on a speci c application such as Pastel or Peoplesoft. is input
could be through manual input of data by a user, for example, batch
inputting of hard-copy documentation (e.g. orders); or point-of-sale
data input (i.e. scanning of barcodes); or through an interface from
another application, for example electronic data interchange. e input
part of the transaction ow can be referred to as raw data.
Figure 5.9: Overview of the key components of application controls
Once the transaction has been input into the application, the
application will process the transaction to ensure that the individual
components of the transaction are recorded correctly into various les
and databases, including the accounting records. Processing also
includes calculations being performed on the transaction (e.g. where a
transaction that includes VAT is processed, the processing could
include automatically calculating the VAT). Processing therefore
includes a number of functions performed automatically by the
application based on preset commands. e complexity of the
processing that occurs behind the scenes will depend on the company’s
speci c requirements, as well as the programming of the application
being used. Once a transaction has been processed, the raw data is
converted into information that the company can use.
e output of information is the nal form in which data is used.
e output of information can occur in numerous formats, depending
on the purpose or use of the information. If the information is to be
printed, this hard-copy document will be an output. However, the
information could simply be viewed on the screen by a speci c user –
this on-screen viewing is also a form of output.
Where data of a semi-permanent nature (e.g. a debtor’s address or
sales prices of inventory items) on the system is changed, master le
changes are made.
5.9.2 Manual versus computer controls

Application controls consist of manual and computerised (automated)
controls that integrate to form an important critical component of
transaction processing. ree types of controls exist:
• Independent manual controls consist of user controls that are
performed independently of the operations of the computer system
and are in no way dependent on information produced by the
computer system. For example, authorisation of hard-copy purchase
orders and maintaining custody over assets operate independently
of the computer system.
• IT-dependent manual controls consist of user controls that are
dependent on output produced by the computer system. An
example is the review by a manager of an access log or a register
extracted from the computer system.
• Programmed controls (also known as automated controls) are
solely dependent on and performed by the computer system and
operate without any human interaction. Examples include,
authentication tables granting access to the system, validation
controls (such as sign tests and eld length tests) in which the
computer checks all data captured against preprogrammed criteria,
and computer prompting.
Table 5.2 contains some basic examples comparing the controls in a

manual environment to those in a computerised environment. Much
more detail about how the manual control environment and the
computerised environment interact appears in Chapters 6 to 10. Note
that although the nature of the control activities in an IT environment
differs from those in a manual environment, they strive to achieve the
same control objectives set by management.
5.9.3 Overview of application controls

e following section gives a high-level overview of the elements that
make up application controls. e sections take the approach of rst
highlighting the key areas that need to be addressed, followed by a more
detailed discussion of the controls. Chapters 6 to 10 illustrate in detail
the practical implementation of application controls relevant to each
stage of the various business cycles.
Before discussing input, processing, output and master le change
controls, note again that application controls cannot be viewed in
isolation from general controls, as application controls are dependent
on general controls that provide the control environment within which
they function.
5.9.3.1 Input controls

Input controls are designed to ensure that data entered and master le
amendments captured are valid, accurate and complete. Input controls
should be implemented to ensure that all transactions are recorded and
are recorded correctly, and that transactions are neither duplicated nor
ctitious/invalid transactions. Controls are also implemented to ensure
that rejected inputs are identi ed, investigated and corrected or re-
entered. If these objectives are not addressed, or the input process is
not effectively managed, or the controls are not implemented
effectively, it could result in, among other things:
• Unauthorised transactions being entered onto the system;
• Data already in the system being added to, deleted, or amended
without authorisation;
• Errors occurring during the creation of data on the source
document, or during the capturing of data onto the computer
application;
• Further errors being made while correcting other errors;
• Errors previously made going uncorrected; and
• Data being lost during capturing or data not being captured at all.
Table 5.2: Comparison between control activities in manual and

computerised environments
MANUAL COMPUTERISED

ENVIRONMENT ENVIRONMENT
Record procedures Multiple copies of Each manual

preprinted, document is replaced
prenumbered with a speci c screen
documents are used that contains the
(to record trans‐ same data and is laid
actions, check out in the same way
details of the as the manual
transactions etc.) to document.
comply with
The program makes
acceptable the comparisons
documentation between the data
standards. captured and the
Manual comparisons information already
are performed to stored in the
con rm the computer’s memory.
correctness of the For example, data
details on each captured on the
document. goods received
screen can be
MANUAL COMPUTERISED

Manual checks, matched to the
such as number stored data relating
sequence checks on to the underlying
invoice numbers, are order form, before
performed. allowing the user to
save the data relating
to the goods
received.
Manual checks are
replaced with
automated checks
that achieve the
same objective, such
as the computer
generating a report of
missing invoice
numbers (to be
investigated by a
staff member).
Authorisation and Approval of a An application is

approval transaction is programmed not to
granted by a senior proceed with a task
staff member or function if:
signing a document • Speci c
after having reviewed algorithms and
the supporting conditions or
documentation (e.g. preset parameters
the nancial have not been met
manager signing a (implied
creditor invoice for authorisation). For
processing after example, credit
MANUAL COMPUTERISED

having reviewed the sales cannot be
underlying goods made if a
received note customer does
evidencing the not have a
receipt of inventory suf cient credit
from the creditor). balance as shown
This comparison is on the debtors
possible because a master le; or
company uses • Approval has not
multiple copies of been granted by a
documents that are senior staff
distributed to member by
various people and capturing some
departments as the form of approval,
transaction such as a
progresses. username and a
password or pin
(explicit
authorisation).
If authorisation is
dependent on other
documents or details
from another part of
the transaction, the
program can perform
matching between
the data on, for
example, the details
stored in memory
relating to the
captured goods
received note with
MANUAL COMPUTERISED

data captured from
an invoice before
allowing the invoice
to be processed.
Segregation of duties
Incompatible The access rights an
functions are employee has are
assigned to different
controlled and the
personnel at each functions limited that
stage of the he or she can
transaction ow. perform on the
application according
Employees only have
access to to the employee’s
documentation responsibilities.
necessary for them Access controls
to perform their should be applied to
jobs. the data underlying a
transaction on a
Staff could also be
segregated using least-privilege basis
physical barriers. Isolation of
Isolation of responsibility is
responsibility is achieved by giving
achieved by making each employee a
unique username or
a speci c employee
responsible for a magnetic card that
speci c task or identi es the
function and, after employee. Logs,
having completed records or audit trails
of the tasks or
the task or function,
having the employee functions performed
sign a document by employees are
maintained of all
MANUAL COMPUTERISED

indicating that the employee activities,
task has been together with the
completed. related usernames.
This is extracted and
reviewed and any
unusual activities
that are not within
normal
responsibilities of
employees are
investigated.
Access control Access is controlled In a computer

(including custody over by means of physical environment, physical
assets) barriers such as access barriers and
closed doors and asset veri cation are
safes, and keeping still important.
assets and records However, electronic
under lock and key. access rights and
Also refer to logs provide
segregation of additional security to
prevent and detect
duties above.
unauthorised access
to records.
Also refer to
segregation of duties
above.
MANUAL COMPUTERISED

Reconciliations and
Staff members The computer
independent review
perform automatically
comparisons performs
between multiple comparisons (or
sets of data, matching) between
records, documents different elds of
and physical assets. data sets contained
in different master
Individual manual
records are les and/or
compared with transaction les. Any
physical assets. exceptions are
recorded in a log,
which is reviewed
and investigated by
senior management.
(Performing
reconciliations is
made easier in a
computerised
environment because
of the availability and
increased
accessibility of
nancial and non-
nancial data in
electronic format.)
Reports of balances
per the computerised
system are compared
with physical assets.
5.9.3.1.1 Recording of data
When recording data onto a computer (inputting), controls should be
applied to the following:
• e person capturing the document or data and, if applicable, the
hard-copy document that is captured onto the system;
• e computer screen that aids the person capturing the document
(known as screen aids);
• Checking the validity, accuracy and completeness of the data that
was captured by means of controls programmed into the software
(known as logical programmed controls); and
• Management review of the data that was captured in order to identify
and correct any errors timeously.
ese input controls are explained in more detail in Table 5.3.
Table 5.3: Input controls
CONTROLS
User-related controls2 Users should receive speci c

training on the functionalities of the
programs that are necessary for
them to perform their job function to
reduce the number of errors.
Dedicated employees should perform
speci c job functions and act as
capturing specialists (i.e. using data
control groups). For example, the
debtors clerk is a specialist in
capturing debtors transactions and
the salaries clerk is a specialist
capturer of time sheets. Performing
repetitive tasks should mitigate the
risk of error.
CONTROLS
Employees responsible for capturing
data should be held accountable.
This is partly facilitated by
implementing access controls and
segregation of duties by setting up
access pro les with each user
receiving a unique username linked
to an authentication mechanism
such as a password (refer to section
5.8 for further details). In setting up
a pro le, each user’s access rights
should be set up on an access table
that contains the user’s rights to
access programs and data and the
functionalities he or she can
perform. Segregation of duties could
further be enforced by allocating
override rights to a senior employee
or through programming an approval
matrix on the application that
requires a transaction to be initiated
by certain users and approved by a
more senior user before processing
can take place.
CONTROLS
Documentation
In order to reduce the possibility of
misstatements, it is necessary to
ensure that the manual
documentation complies with
acceptable document standards and
is well designed and easy to
understand. Controls should also be
in place over the custody over the
documents (refer to Chapter 4,
section 4.3.2.4). (Note that the
validity, accuracy and completeness
of the data on the hard-copy
documents used as the basis for the
input into the computer system is a
prerequisite for the validity, accuracy
and completeness of the input.)
Screen aids Screen aids are all the features and

procedures that are built into the
program and are re ected on the
screen to assist the user to capture
data with the least amount of effort
and lowest probability of error.
When data is captured directly onto
the application, the screen layout
should assist in ensuring that the
user inputs all data that is required.
If possible, the hard-copy document
layout should appear similar to that
of the screen. The screen layout
should be standard and user friendly
and require the minimum data to be
CONTROLS
captured by using, for example, drop-
down menus or a look-up function.
The ideal situation is that the
majority of data be obtained from
underlying master les, and the input
of data should thus be restricted to
the data (such as a debtor number)
that would trigger the application to
recall the underlying data (such as
the full details of the debtor, credit
limit and available credit). These full
details would then be displayed on
the screen for the user to con rm
(also referred to as a data echo test
or closed-loop veri cation).
The computer should prompt the
user to enter data where data is
missing. Prompting or computer
dialogue could also be used to
highlight errors. A user could also be
prompted to con rm whether the
details captured on the screen are
correct after having visually veri ed
the data or having compared it to a
hard-copy document.
When capturing data, a user could
further be directed by the use of
compulsory elds, which require that
a eld must be completed before the
program allows the user to continue
capturing further data. This could
include the situation where error
messages occur should the
CONTROLS
compulsory eld not be completed,
or alternatively, the function to
complete the transaction might be
disabled until such time as these
elds are completed. Furthermore, if
a user is not authorised to perform a
function, the button or tab on the
screen triggering the function could
be shaded and made inactive.
Logical programmed controls

Logical programmed controls are
application controls that test the
input of data against predetermined
rules that are programmed into the
computer package, with the purpose
of validating the input. A short
description (including examples) of
these types of logical controls (also
known as validation tests) is as
follows:
• Validity test: Con rms the data
entered on the system against a
database or master le to ensure
the validity of data entered, e.g. a
debtor account number is entered
and is compared to the underlying
debtor master le.
• Limit test (also known as a range
check): Tests the data entered
against a threshold or
predetermined benchmark. For
example, should a transaction to
be captured cause the
CONTROLS
outstanding balance of the debtor
to exceed his or her credit limit
per the master le, a limit test
will prompt an error message that
could require further authorisation
or override to be able to process
the transaction.
• Related data test (matching): The
control operates like the validity
test. The computer matches one
set of data captured to other
related data. For example, if a
company uses goods received
notes (GRN) as well as invoices
(INV), the system could match
each INV number to a GRN
number. Matching the INV to the
open GRN would thus not require
further authorisation. Once an INV
has been matched to a GRN, no
further INV can be matched to the
same GRN.
• Field length test (also known as a
size check): Places a speci c limit
on the number of characters that
can be entered into a eld. This
ensures that the computer
identi es data that is missing a
digit or has had a digit added. For
example, a eld requiring a cell
phone number would be 10 digits
long whereas an ID number eld
would have a 13-character limit.
CONTROLS
Completeness test (also known as
a mandatory eld or missing data
test): The completeness test
•
requires that a eld must be
completed before being able to
continue.
• Alphabetic/alphanumeric/numeric
character tests: It is possible to
set controls on a eld whereby
the type of characters entered will
be restricted or the user
prompted if incorrect characters
are entered, thus either to allow
only alphabetic characters or only
numeric characters or a
combination thereof. Examples
are an ID number eld that should
contain only numeric characters,
whereas a debtor number eld
might require a combination of
letters and numbers (unique
identi er) (for example
RUDMAN003) to be captured.
• Reasonability/reasonableness
test: A program could contain a
number of logical tests against
which an input can be tested. For
example, a program can be set to
keep record of all price discounts
granted to clients that exceed 5%
of the norm.
• Sign test: A sign test requires the
eld entered to be either positive
CONTROLS
or negative. For example, a
program would report an error if a
negative inventory quantity is
entered.
• Check digit veri cations: A check
digit is automatically generated by
the system and is added to the
end of the code captured or used.
The code and the check digit
combination must match the
result of an algorithm. It is used,
for example, in identifying
transposition of number errors.
CONTROLS
Review, reporting and exception On a periodic basis, a senior

monitoring member of staff should extract logs,
audit trails and registers from the
computer to review activities and any
unusual transactions. Any unusual
items should be investigated and
corrective action taken. Various
reports can be extracted, such as:
• Logs and registers of all computer
activity and transactions;
• Exception reports of activities that
are outside the norm or exceed a
predetermined benchmark;
• An audit trail, which shows the
ow of nancial information and
controls, including listings of
transactions and summaries;
• Control reports re ecting, for
example, total amount invoiced
for a particular period; and
• Error reports.
Examples of reports speci c to the
various business cycles are
contained in Chapters 6 to 10.
If a batch system (refer to section 5.6 regarding the differences between

real-time and batch systems) is used during the capturing of data, the
input controls discussed in Table 5.3 apply, but they have to be
supplemented with additional controls over the batching process. ese
controls are discussed in Table 5.4. (Note that the controls contained in
Table 5.4 do not necessarily follow the detailed sequence of events when
recording batch transactions.) A company such as Ntsimbi Piping would
probably use batch systems in its manufacturing operations.
Table 5.4: Additional batch input controls
CONTROLS
Input
Once the class of transactions has been recorded on
controls hard-copy documents for a period of time (e.g. a day),
a staff member should place the documents into
manageable batches or bundles. Each batch must
receive a unique bundle number. The staff member
should review the sequential numbers of the
documents and calculate various control totals
(discussed below) before creating a batch.
Thereafter, the batch can be captured, during which
the input controls as discussed in Table 5.4 remain
relevant.
Control totals Once the documents have been grouped into

batches, the following control totals should be
calculated by the user:
• Financial totals, for example the total value of all
sales transactions;
• Hash totals, for example the total of all the
document numbers added together; and
• Record counts, for example the number of
documents included in the batch.
These control totals should be entered onto the
computer which will compare the totals that were
entered with the totals calculated by the system after
input. The program should only authorise the
transaction le for processing if the control totals
agree.
CONTROLS
Batch control Once the batch has been prepared and control totals
sheets calculated, a batch control sheet, attached to the
batch, is prepared. It should contain at a minimum
the following data:
• A unique batch number;
• All calculated control totals; and
• A description of the transaction and related
details.
The batch control sheet should also comply with the
acceptable document standards contained in Chapter
4, section 4.3.2.4.
A second staff member should review the batch and
recalculate the totals and sign the batch control
sheet as proof that the controls have been
performed. He or she should also review the batch to
ensure that it contains transactions for only the
period speci ed on the batch control sheet.
After capturing of the batch, the computer should
print a batch control report as proof that the totals
have been compared. This is led with the batch
control sheet.
CONTROLS
Batch A batch register should be maintained that contains

register information on the batch (as shown on the control
sheet) and tracks the movement of the batch
documents to be processed. As the batches are
handed to the data capturer by the preparer of the
batch, they must be recorded in a batch register,
which must be initialled by the person taking
responsibility for the batch (to isolate responsibility
for the batch).
A report with rejected transactions and errors should
be generated and reviewed. If necessary, errors
should be investigated and corrected.
5.9.3.1.2 Error correction process

Should an error have occurred, a process should be in place to highlight
the error and correct it. Depending on the cause of the error, a different
process should be followed to correct the error:
• Error made while capturing data: As soon as a capturing error is
detected by the logical programmed controls, the entire transaction
and related data must be rejected by the computer and an error
message displayed on the screen. Ordinarily, immediate correction
of the errors must be required. In other words, no further inputting
must be allowed until the error has been corrected. However, if a
requirement for immediate correction is not feasible, a register of
errors that have not been corrected immediately must be
maintained and investigated by management. Capturing errors that
appear to exceed limits or job authorisation levels should require an
investigation to determine whether the error is a genuine error or
possibly indicative of fraud. Before any correction can be made, a
high-level password is required.
• Error identi ed on the original source document: When an error
is identi ed on the source document while it is being captured, the
system must delete the rejected transaction (i.e. the data relating to
the document already captured) and transfer it to an error
suspense/temporary le. An electronic report of all rejected
transactions (together with the input control report) must be
generated by the computer. After the computer-generated reports
have been investigated, the person who captures the entries must:
• Investigate all rejected transactions and send the source
document back to the person who prepared it for correction of
the error. (If required, the necessary authorisation should be
obtained);
• Ensure that the returned documents are recorded in the error
register; and
• Take the rejected transactions into consideration for
reconciliation of control totals.
After the source document has been corrected by the user, the
document should be returned to the person who captures the
documents (i.e. capturer). e capturer makes the necessary
corrections on the document contained in the error suspense le.
e corrected document is then re-entered and must again be
subjected to relevant input controls.
e error suspense le must be reviewed by management on a
regular basis to ensure that errors are investigated and corrected
on a timely basis.
• Control total on batch control sheet differs from control total
calculated by the computer (evidenced on the batch control
report): You will recall from Table 5.4 that the computer system
should not process the transaction le to which the data capturing
took place if the control totals do not agree. is indicates that one or
more of the transactions were captured incorrectly by the data
capturer. e data capturer has to review each transaction captured
to the transaction le (either on-screen or by printing the transaction
le) to identify the transaction(s) incorrectly captured and correct
them. Once they have been corrected, a new batch control report is
printed. e control totals on this report should now agree with
those on the batch control sheet.
5.9.3.2 Processing controls
Processing occurs when the computer system processes (i.e. performs
actions on) information in the computer package or system. In laymen’s
terms, this happens when the computer package is ‘thinking’, storing
data, and recalculating data. Processing occurs in the computer with
little or no user interaction. Logical processing controls are designed to
ensure the integrity of data when it is being processed. Examples of
processing include saving a document, updating a master le from
other transaction les3 and generating a report using data from various
les in the computer. If processing is not managed effectively, or if the
controls are not implemented effectively, it could result in:
• Data being lost, corrupted or inadvertently changed during
processing;
• Existing data being duplicated;
• Invalid data being added during processing;
• Calculation or accounting errors occurring;
• Logical and rounding errors occurring; or
• e incorrect version of the program or data le being used.
REFLECTION
Can you think of the types of controls that should address these
risks?
Controls have to be implemented over the following:

• Access to the programs and the data stored on the computer system;
• Assigning responsibility for processing, le management and
maintenance;
• Ensuring the validity of the programs and the les being used before
processing can take place;
• Control totals being calculated and control reports generated and
checked;
• Actively testing and identifying data and processing errors while
transactions are being processed; and
• Maintenance, review and investigation of audit trails and reports.
ese are further discussed in Table 5.5.
Table 5.5: Controls over the processing of data in a computer system
CONTROLS
User-related The user-related controls were discussed in section

controls4 5.9.3.1, particularly those relating to access and
isolation of responsibility.
Correct Before processing can commence, a backup should

program and be made of the data. A data librarian (refer to section
le 5.8.3.3) should be appointed to ensure that the
correct version of the program and data les are
used. The risk of using incorrect or old data can be
mitigated by having clear internal naming of les (for
example payroll 31_Jan_12.xls; price data v1_8.doc),
as well as by means of using external labels on les.
It is also advisable to have a processing schedule or
register linking each production run with a speci c
date and time. The librarian can then record le
names next to the appropriate date in the register.
CONTROLS
Computer Various control totals (similar to batch totals

control totals discussed in Table 5.4) must be calculated while
and reports preparing the data. These should be reconciled to
control totals calculated automatically by the
computer after the data has been processed. The
three most notable types of control totals are:
• Financial elds, which sum all nancial data, such
as total amount invoiced;
Hash totals, which sum the total of any eld that
contains numeric values such as debtors account
numbers, reference numbers and cell phone
• numbers; and
• Record counts, which count the number of data
items, such as number of invoices.
The control totals of the master le, which must be
updated with the transaction data on an independent
transaction le, must be compared with the updated
total of the (actual) master le. Differences must be
investigated. This is known as le balancing or
shadow balancing. A variation on this is run-to-run
totals, which can be calculated and reviewed by the
system itself.
The console log of processing (automatically updated
by system) and other control reports must be
reviewed on a regular basis to identify any errors. Any
unusual items/errors should be investigated.
CONTROLS
Controls
Various controls should be programmed into the
during
computer program. These program controls should
processing detect any missing transactions or data by
performing:
A le sequence investigation, where the program
investigates whether the rst transaction’s
reference number in the current transaction le
•
follows on the last transaction’s reference number
in the previous transaction le; and
• A completeness test during the processing of data
to identify missing reference numbers.
Other programmed validation tests must be
performed by the system to detect data errors (for
example sequence tests, matching tests and record
comparison tests) and processing errors (for
example, validation tests, mathematical accuracy
tests or reasonableness tests) and exception reports
generated and investigated.
Review, These controls were discussed in section 5.9.3.1.1.

reporting and
exception
monitoring
Error These controls were discussed in section 5.9.3.1.2.

correction
process
5.9.3.3 Output controls

Output refers to the distribution of data from where it is stored in one
location to where it is viewed or restored in an electronic format to be
viewed. Examples include a hard-copy document, email format or a
display of information on a screen. Output is a product of the
processing activities. e objective of output controls is to ensure
output is valid and prepared accurately and completely, irrespective of
the nature of the output, is in an appropriate format and is only
distributed to speci c authorised persons. If the process around output
is not managed effectively or if the controls are not implemented
effectively, it could result in:
• Output being distributed to unauthorised persons;
• Output being incomplete or inaccurate, which can result in incorrect
management decisions; or
• Output not agreeing with the underlying data from the system.
When implementing controls over output, it is important to note that

irrespective of the nature of the output, the entire distribution process
from when the output process is started until it reaches its intended
user must be controlled. At each stage of the distribution process, it is
important to implement controls that ensure that the output contains
information that is valid, accurate and complete. Such controls have to
be implemented over the following:
• Limiting access to the output. Responsibility should be assigned for
distribution of the output from where it is generated;
• Ensuring the content of the output is appropriate and correct;
• e (1) generation of output; (2) distribution of output and (3)
receipt of output; and
• Review of the distributed output and the distribution process.
REFLECTION
Can you list the controls that should be in place to secure a
memory stick with con dential information?
5.9.3.4 Master le change controls
As mentioned earlier in this chapter, a master le contains standing
data that is frequently used by the accounting package, but need not be
changed frequently. Master le changes are where the master le or
standing data is changed, updated or added to the system. For example,
a debtors master le has to be updated when a client updates his or her
home address or telephone number, and the price master le is
changed when the new authorised price list is loaded onto the
computer system. In general terms, master le amendments are
initiated by a user or the instruction arises from an external source. is
is distinct from processing, where the computer updates the data from
transaction les to a master le, which is subject to processing controls
(discussed in section 5.9.3.2), but not to master le change controls.
Master le changes tend to happen less frequently, tend to be high risk
because the data being changed may be re-used in various calculations,
and do not occur during the normal business operating cycles.
Master le data (such as debtors’ details and price lists) is often
captured once into a program and then re-used by various programs
and applications when transactions are captured or being processed.
For example, when a program calculates the total cost of an inventory
item being purchased, it multiplies the quantity captured by the user
with the selling price from the price list master le. As a consequence, a
data error in the master le could have a signi cant impact on an
accounting system, because one error will in uence all transactions
that rely on that master le. erefore, controls over approving master
le amendments and the review performed after an amendment has
been processed are paramount. Controls over master le amendments
also rely heavily on input controls. If the master le amendment process
is not managed effectively or if the controls are not implemented
effectively, it could result in:
• Unauthorised amendments;
• Not all authorised amendments being updated on master les;
• Errors in capturing amendments, which result in all nancial
information that is dependent on the master le being processed
incorrectly; and
• Errors contained in the master le data going undetected.
Table 5.6: Controls over the distribution of information,

documentation and output generated from a computer
system
CONTROLS

controls5 5.9.3.1. Access controls should, however, not only be
over the device producing the output (such as the
printer or the screen), but also over the output itself
(for example, reports should be marked con dential
and placed in a sealed envelope; con dential emails
should be encrypted).
CONTROLS
Controls over There should be a clear, written policy in the entity on

the
how each type of output and con dential information
distribution should be treated. The policy should be distributed to
of output all departments and each department should be
made responsible for developing a procedure for all
con dential output of the speci c department,
stating which output may be distributed, to whom,
when, how and in which format or medium. The policy
should address how outputs should be treated at the
following stages:
• At generation;
• During distribution;
• On receipt; and
• After use.
Depending on the nature and content of the output, a
dedicated person should be appointed to accept
responsibility for the distribution of output.
Control should be maintained over who the intended
recipients of the output are and who is authorised to
receive the output. The names of these persons
should be documented in a register, either manual or
electronic. If the output is paper based, a manual
distribution register could be maintained, whereas if
the output is electronic, access to the output can be
restricted using authorisation matrices. Should the
recipient receive the output or review the contents,
they should give an indication that they have received
or reviewed the output. A senior person should
regularly review the distribution register to detect any
unauthorised distribution of outputs.
CONTROLS
Controls On receipt of output, irrespective of whether the

applicable output is electronic or manual, the recipient should:
when
receiving • Reconcile the input to the output, as well as major
output control totals (if possible);
• Perform an output count and review the number
sequence of the reports;
• Check the page numbers;
• Match the content of the report with the table of
contents and the cover page; and
• Check that blank pages contain words such as
‘empty page’ and that the end of the report
contains words such as ‘end of report’.
There should be xed procedures to prevent
unauthorised persons obtaining outputs after their
intended use. Con dential output should, for
example, be locked away in a cupboard or shredded
after use.
Review, These controls were discussed in section 5.9.3.1.1.

reporting and An additional control is that management reviews the
exception distribution register.
monitoring
Error These controls were discussed in section 5.9.3.1.2.

correction
process
In order to mitigate these and other risks, controls need to be

implemented over the following:
• e person who is authorised to make amendments and the
allocation of responsibility for checking/authorising the
amendments to particular staff;
Documenting and recording requests for master le amendments
•
(master le amendment form);
• Capturing of the master le amendment; and
• Review of logs and registers to con rm the validity, accuracy and
completeness of the master le amendment and its impact on the
accounting records and nancial data.
Table 5.7: Controls implemented over changes to master le

information
CONTROLS

controls6
5.9.3.1, particularly those relating to including an
additional level of authorisation either manually or
electronically. Approval for master le amendments
should be granted by a senior member of staff and
only speci c, designated staff members should be
given the access rights to update master le
information. Any changes that could have a
fundamental impact on the nancial records should
only be allowed to be made on a designated
computer.
If practically possible, backups should be made of
the master le information before changes are made.
Request All master le amendment requests should be

forms documented on a hard-copy master le change
request form. This form should meet the acceptable
document standards discussed in Chapter 4, section
4.3.2.4. A senior member of staff should approve the
master le change electronically and manually.
CONTROLS
Input The capturing of master le changes should be

controls viewed in a similar light to any other capturing of
data. Therefore, all the input controls that were
discussed in section 5.9.3.1.1 are applicable.
Review, These controls were discussed in section 5.9.3.1.1

reporting and
(Table 5.4 in particular). Given the signi cant impact
exception that an incorrect change to the master le could
monitoring of have, particular consideration should be given to the
logs and types of logs and registers that have to be
registers, maintained, as well as the checks that are performed
and nancial
after the master le amendment has been made.
data
Each request logged should be recorded in a master
le amendment request register. This register could
be either manual or electronic. It should regularly be
reconciled with the automated register of completed
requests. Only read-only rights should be granted to
the master le changes register and these rights
must be restricted to management and senior staff.
Both these registers must be reviewed by a
responsible senior staff member on a regular basis
to ensure that:
• All changes are supported by an authorised
request form;
• Changes inputted agree with the request form;
• Only authorised staff members capture the master
le changes; and
• There are no long-outstanding requests not dealt
with to date.
In order to identify any obvious errors made during
the capturing of master le amendments, or any
CONTROLS
unauthorised changes made, a senior member of
staff should on a regular basis:
• Review the relevant master le. If, practically
possible, a senior staff member should also
compare the master le information to the master
le amendment request form; and
• Reconcile the total on the relevant master le
(e.g. debtors master le) to the balance of the
relevant control account (e.g. debtors control
account) in the general ledger.
5.9.3.5 Other controls

Although there are also various specialised application controls that can
be implemented, they fall outside the scope of the undergraduate
audience for whom this text is intended. However, one specialised type
of technology control that does deserve to be mentioned is data
communication control.
Data communication relates to the transmission of data from a
sender to a receiver in electronic form. Irrespective of the method used
to transmit data, be it via xed line, wireless (Wi-Fi and Bluetooth), G3
or other methods, such as a virtual private network (refer to section 5.1),
the same principles apply. When communicating data, control is
achieved by:
• Using controls similar to processing controls that check the validity,
accuracy and completeness of the data being transferred;
• Implementing specialised software, such as encryption, rewalls and
anti-malware programs;
• Implementing specialised communication management software
that manages the communication between the sender and the
receiver, limits access and manages the communication network;
• As far as practically possible, using physical cable protection to
ensure the lines are not tampered with; and
• Using advanced communication technologies such as setting up a
virtual private network (refer to section 5.1).
5.10 How are controls identi ed in

advanced technologies?
e controls that should be implemented over the various stages of the
transaction ows were discussed in general terms in the previous
sections. ese controls remain relevant when advanced technologies
are considered. All technologies, irrespective of their nature, are made
up of different combinations of input, processing, output, master le
change and communication controls. e speci c type of technology
that achieves the principle behind the control might change, but the
substance of the control remains the same. For example, a company
transacting over the internet might use Internet Protocol Security
(IPSec) while another might use Secure Shell (SSH), but both of these
are forms of encryption. ese and other speci c controls are of a
technical nature and fall outside the scope of this textbook.
Google these advanced technologies.
e following process can be followed when implementing or

evaluating controls over any form of technology:
• Obtain an understanding of the technologies being considered or
used.
• Use understanding of the technologies and control objectives to
identify relevant risks.
• Identify and evaluate adequacy of existing controls already in place.
• Break the technology down into its components, for example
security, custody, input, processing, logs and reviews, as well as
programmed controls.
• Map actual components of technologies against the theoretical
controls that should underlie these components.
• Evaluate the impact of the existing controls and the risks identi ed
on the business.
• Select suitable controls to mitigate the remaining risks to an
acceptable level.
e majority, if not all, of the key controls can be identi ed using this
process. is is shown below by way of two examples.
5.10.1 Electronic commerce, electronic funds

transfers and other data communication
Electronic commerce is the process of buying and selling products or
services over the internet or another electronic platform. Online trading
in South Africa is governed by the Electronic Communications and
Transactions Act 25 of 2002. In conducting business over the internet, a
company can use networks or electronic data interchange services. e
biggest risks relate to authenticating users (thereby avoiding later
repudiation of transactions), the correct and accurate capturing of data
on the internet or system, and the communication between the internet
service provider and the company.
In order to address these signi cant potential risks, controls have to be

implemented over the following:
• Capturing data: Input controls;
• Restricting and authenticating the user: Access controls around
the application being used and during the transmission of data, and
authentication controls around the identity of the user (note that
high-risk transactions, such as credit card transactions, would
require special authorisation and authentication controls);
• Transfer of data over the internet: Communication controls using
controls similar to those of processing controls implemented over
the transfer of data and encryption;
• Policies and procedures: Controls over legal matters relating to
ownership and privacy;
• Continuity: If a service organisation is used, ensuring that the
service organisation implements the same controls as it would
implement for its own data in terms of storage, system development,
and so on;
• Logs and reviews: Extracting and reviewing available computer logs,
registers and reports and investigating unusual items; and
• Other specialised controls: Such as assurance logos.
Controls can be identi ed in any advanced technology by simply

identifying detailed controls underlying the areas listed above. e
appendix to this chapter shows how following the process described in
section 5.10 and the areas listed above can assist in identifying controls
in an electronic funds transfer system.
5.10.2 Service organisations, outsourcing and

data warehousing
Outsourcing is where a function that is normally performed by a
company (e.g. preparation of payroll) is outsourced to another (third
party) company. Data warehousing is where a company’s data is stored
on another company’s server for a monthly fee. e newest form of this
technology is called software as a service.
e most important issues to address are how information or data is

going to be transferred to and from the service organisation, how the
data is secured and protected by the service organisation, data
ownership issues (since the data is stored on a third party’s
infrastructure) and protecting the company against potential losses:
• Restricting and authenticating the user: Access controls at general
and application controls level at the third party and during the
transmission of data;
• Transfer of data: Communication controls using controls similar to
those of processing controls implemented over the transfer of data
and encryption;
• Protecting company against losses: Controls to ensure continuity
of operations;
• Policies and procedures: Controls over legal issues relating to
ownership and privacy;
• Continuity: A service organisation should implement the same
controls as an entity would implement around its own data in terms
of storage, system development, and so on. is can be achieved by
concluding a service level agreement between the entity and the
service organisation and ongoing monitoring of the effectiveness of
the controls. e ongoing monitoring can be achieved by
considering, and if appropriate, placing reliance on the assurance
report issued by the service organisation’s auditor. ISAE 3402 sets out
the process that an auditor should follow to obtain reasonable
assurance about the operating effectiveness of the controls at a
service organisation. However, a discussion of this standard falls
outside the scope of this text;
• Logs and reviews: Reviewing available computer logs, registers and
reports and investigating unusual items investigated; and
• Other specialised controls: Such as assurance logos.
REFLECTION
Can you identify the controls required should ‘Dropbox’ be used
by an entity to store data?
In designing a system of internal control, it is necessary to understand

the technology and the related risks and to bear in mind that although
the technology might change, the controls and principles do not.
1. e board of directors can fully delegate their responsibility for
implementing internal controls to the chief information system
officer. (LO 1)
2. A nancial information system is able to operate effectively without

appropriate control activities being present. (LO 2)
3. Application controls have an impact on general controls. (LO 4)
4. Processing controls are implemented over the process in which

data is stored, transferred and updated to the master le at the end
of the processing run. (LO 6)
5. It is important that operating controls and system maintenance

controls are correctly set up. (LO 6)
For questions 6 to 8, select the correct answer: (Only one answer is

possible.)
6. If processing of data is not managed effectively or if the controls are
not implemented effectively when data is being processed, it could
result in: (LO 5)
a) Data being lost, corrupted or changed during processing or
duplicated
b) Invalid data being added during processing
c) Calculation or accounting errors, including logical and
rounding errors being avoided
d) All of the above
7. When a le is busy downloading, it is considered: (LO 6)

a) Input
b) Processing
c) Output
d) Master le change
8. Which of the following is not considered to be one of the steps in
the process that can be followed when implementing or evaluating
controls: (LO 7)
a) Use understanding of the technology and control objectives to
identify relevant risks.
b) Identify and evaluate adequacy of controls already in place in
the system.
c) Map actual components of technologies against the
theoretical controls that should underlie these components.
d) Evaluate the impact of the existing controls and the risks
identi ed on the nancial statements.
e) Select suitable controls to mitigate the remaining risks to an
acceptable level.
9. Explain why it is important to govern information technology. (LO

1)
10. Explain how the control environment changes with the

introduction of a computer. (LO 2)
11. Explain the difference between system development and program

change. (LO 3)
12. Discuss how the concept of authorisation changes in a

computerised environment. (LO 3)
13. Which is more important: general controls or application controls?

(LO 4)
14. Describe the potential consequences to an entity of not planning

the implementation of a new computer package properly. (LO 5)
15. Explain why it is important to differentiate between general and

application controls. (LO 6)
16. Describe the access controls that you would implement around a
point-of-sale cash point in a restaurant. (LO 7)
17. Describe the key input controls you would implement around a
computerised cash register. (LO 7)
18. Describe how you would protect yourself against having your
identity stolen in situations where your personal data may be
accessible via the internet. (LO 7)
Appendix: Electronic Funds

Transfer Controls
is appendix uses electronic funds transfers to illustrate how controls

can be designed for an advanced technology using the steps outlined in
section 5.10 of this chapter.
Step 1: Obtain an understanding of technology

Electronic funds transfer (EFT) is a system that is used to transfer
money electronically from a company’s bank account to make direct
payments to parties that can include suppliers and employees (where
salaries or wages are paid in this way). e controls relating to
electronic funds transfer payments differ among banks and depend on
the controls implemented by the bank and written into the EFT
software. However, irrespective of the speci c controls, they address the
same risks (and therefore control objectives) and contain the same
principles. EFT payments can be made via a web interface or by using a
custom-written program supplied and installed by the bank. e
transfer of funds is effected by a direct transfer from the paying
company’s terminal or by means of a data le that is sent from the
paying company’s terminal to the bank, which then makes the payment.
Controls have to be implemented in relation to the loading of
bene ciaries and the making of payments. e same controls are
applicable irrespective of the nature of the payment.
Step 2: Use understanding of the technology and control objectives
to identify relevant risks
Step 3: Identify and evaluate adequacy of existing controls already in
place
Step 4: Break the technology down into its components
Step 5: Map actual components of technologies against the
theoretical controls that should underlie these components
Table 5.8: Controls in an EFT system
COMPONENTS RISKS CONTROL CONTROLS

OBJECTIVES
Capturing of Incorrect Payment- Staff have to be

data amount and related data is well trained in the
incorrect loaded system.
payees are accurately and The following
paid. completely. input controls
Not all should be
payees implemented in
receive relation to the
payment. loading of
bene ciaries and
the making of
payments:
• User-friendly
screen design;
• On-screen
instructions
and prompting,
as well as
OBJECTIVES
compulsory
elds;
• Minimum input
required by
means of drop-
down menus
and tick boxes;
• Bene ciary
details loaded
upfront and
recalled from
the bank’s
database as
needed (data
echo test);
• Validation tests
must be in
place, such as
a limit test,
which limits the
daily allowable
transfer
amount; and
• On-screen data
is visually
veri ed against
the supporting
documentation.
Transaction
report/payment
vouchers should
OBJECTIVES
be printed (from
the data captured
onto the system)
and compared
with supporting
documentation
before being
signed and
captured onto the
EFT system.
Restricting Unauthorised All payments EFT service is only

access of users persons that are made activated after the
and make have been bank has
authenticating payments. authorised authenticated the
users Authorised and are made company (as the
persons by authorised owner of the bank
make staff account) and the
unauthorised members. computer that is
payments. to be used to
Fictitious effect EFTs.
payments The following
are made. access controls
should be
implemented over
the EFT system:
• Limit the
physical
access to the
terminal that
contains the
EFT software.
OBJECTIVES
Limit number
of terminals
and authorised
• users that can
make EFT
payments.
• Rely on least-
privilege rights
of users to the
various
functionalities
in the EFT
system.
The following
controls could be
used to
authenticate
users of the EFT
system:
• Physical
authentication
could be
established by
means of a
dongle inserted
into the
computer USB
port or by using
a random
number
generator
OBJECTIVES
device. Normal
physical
access (i.e.
custody)
controls around
these devices
apply.
• Authenticate
users to the
service by
using a
username
linked to a
password.
• Password must
comply with the
normal
password
controls.
• Processing of
transactions
requires the
user to capture
the bank pin
before gaining
access to the
system.
• High-value
payments
require multiple
user
authorisations
OBJECTIVES
by means of
usernames and
passwords.
Transfer of data Fictitious Only Limit the ability to

over the internet payments authorised make payments to
could be payments are a dedicated
made. made. computer using
Payment All payment the computer’s
data is data is terminal identity
intercepted received pin.
and payment accurately and Rely on a call-back
details completely by facility to avoid
changed. the bank and active tapping and
is not changed call interception.
while being
transferred Payment
over the instructions to
internet. make payments
are encrypted
when they are
sent to the bank.
EFT payments are
made from a
clearing account
at the bank which
requires that the
total amount to be
paid is rst loaded
into the bank
account before
payments can be
made. The control
OBJECTIVES
total on the EFT
terminal is
compared to the
movement on the
clearing account
and any
reconciling items
are investigated.
Protecting Cash could Company Obtain insurance

against losses be stolen. assets (i.e. cover against
Not all cash) are fraud.
payments safeguarded. Maintain an audit
are made. All payments trail of all
are made. processed
transactions
(containing all
data relating to
the payments) as
a backup.
Bank implements
business
continuity controls
by, for example,
keeping backups,
emergency power,
redundancy
servers and up-to-
date rewalls.
OBJECTIVES
Policies and Fictitious Company Company policy

procedures payments assets (i.e. requires that all
could be cash) are pins and
made. safeguarded. passwords remain
con dential.
EFT payments are
made from a
clearing account
at the bank which
requires that the
total amount to be
paid is rst loaded
into the bank
account before
payments can be
made.
Logs and reviews Incorrect All payments Transaction

amounts or are made reports/payment
bene ciaries accurately. vouchers (which
could be No comply with
paid. unauthorised normal
Unauthorised payments are documentation
payments made. standards) are
(including Payments are printed and
ctitious not reconciled with
payments) duplicated. the underlying
are made. documentation.
All payments
Duplicate that should be Transaction
payments made are reports/payment
are made. made. vouchers must be
OBJECTIVES
Not all signed and led
authorised sequentially.
payments All necessary logs
are made.
and available
registers should
be reviewed and
investigated.
These include:
• Bank
statements;
• Daily
transaction
listings; and
• Access
violation logs.
Bank
reconciliations
(refer to section
4.3.2.4 of
Chapter 4 and to
Chapter 10) are
performed on a
monthly basis.
OBJECTIVES
Other Fictitious All payments Specialised bank

specialised payments made are from written program
controls could be genuine origin. from the bank
made. could be installed
on a dedicated
terminal.
An SMS or email
is sent to a
designated
company
employee after
each transaction
con rming
payments, as a
well as special
transaction
noti cation, for
example, when a
new bene ciary is
loaded and details
are amended.
Note: Table 5.8 contains only the controls over making EFT payments. It
does not address all controls to ensure that the payment is valid, accurate
and complete (e.g. in a salaries and wages application that the amount
of net wages computed for employees is valid, accurate and complete).
ese are addressed in Chapters 7 and 9 in relation to payments to
creditors and salary-related payments.
Step 6: Evaluate the impact of the existing controls and the risks
identi ed on the business
Step 7: Select suitable controls to mitigate the remaining risks to an
acceptable level
An evaluation must be performed of the manual controls and the
computerised controls in order to make a risk assessment. Based on the
combination of risk assessment and proposed controls, management
must decide which controls would mitigate their risk to an acceptable
level.
Appendix: Accounting
Information Systems
1. What is an accounting information system?

A computer information system (CIS) exists where any IT equipment,
irrespective of its nature or size, plays a part in or impacts on the
processing of nancial and non- nancial information of an entity,
irrespective of whether the IT equipment/software is operated or
owned by the entity or a third party. Many companies use a CIS to
computerise their accounting systems and accounting information. An
accounting information system (AIS) is a system that transforms data
(by collecting, recording, storing and processing data) to produce
decision-useful nancial information that can be used by users in a
company to make business decisions. Ntsimbi Piping uses the PVCACC
accounting package as its AIS.
Data is facts that are collected, recorded, stored, and processed by
an AIS. e data, represented by observations recorded about the
transaction (such as person, price, quantity, description and date that
appear on, for example, an order form or invoice) and observations
recorded about business activities (such as time of transaction and staff
number of sales person) when executing the transaction, is organised
and processed by the AIS to provide meaningful information to a user.
e output of the AIS is information. is information can then be used
by the users in the company for decision making and control purposes
in order to create value for the company.
AIS impacts every aspect of a business and the supply chain,
whether it be part of a company’s primary activities, such as operational
logistics or marketing, or support activities, such as human resource
management and nance. Having an AIS adds value to a company by
enhancing the speed at which decisions are made and improving the
quality of decisions. An AIS also increases the sharing of knowledge,
which promotes an environment of collaboration and shared purpose
in nding ways to achieve the company’s business objectives. In the
long term, AIS also improves the efficiency and effectiveness of a
company’s operations within the business and throughout a company’s
entire supply chain. From a governance perspective, AIS can also assist
in making systems of internal control more efficient and effective (refer
to Chapter 4 section 4.3.2.6).
2. What determines the value of information?

e value of information is the bene t derived from the use of the
information, less the cost of producing it. e challenge is, however, to
quantify the value of the information and the costs to obtain the data,
before it is collected. Having decision-useful information reduces future
uncertainty about the outcome of projects or initiatives, enhances
planning and scheduling of business activities and ensures more timely
decision making. Having too much information, on the other hand,
could have negative consequences. Information overload occurs when
the amount of information that is available exceeds the capacity of an
AIS to effectively process, and of users to absorb, when making a
decision. is negatively impacts the quality of decision making. is
problem typically exists in small- and medium-sized AIS with limited
capabilities.
Modern AIS overcome this problem through the use of arti cial
intelligence, big data analytic algorithms and machine-learning systems
with cognitive abilities that are able to process high-volume, high-
velocity information in many forms. ese systems are, however, only
effective if the underlying data and relationships between data are
properly de ned to produce decision-useful information that addresses
a business problem.
Decision-useful information has the following characteristics:

• It is relevant to the decision at hand in that it can be used to address
a business problem, thereby reducing the uncertainty about the
outcome of the decision.
• It is useful in assisting a company to achieve its business objectives
and can be used to achieve a company’s business strategies. e
information produced is at the correct level of detail, summarised
appropriately, etc.
• It is easily accessible and available to users and produced in a
timely manner, so as to be available before a decision is made and
when required by a user.
• It is complete (i.e. without any omissions); reliable, being free from
error or bias to the extent that two independent users who use the
same information would make similar decisions using the same
data. erefore, the information must be veri able.
• It is presented in an understandable, useful format that will
facilitate decision making. e information must be in the format
required by a user.
Information will only have these characteristics if it is based on data

that is valid, accurate and complete and derived from an AIS that
contains the appropriate internal control measures.
Consideration must be given to the cost (time and resources)
invested in collecting, processing and storing data. One cost that has
declined signi cantly recently is data storage and communication costs
per megabyte or even gigabyte. However, the exponential increase in
the amount of available data has increased the overall cost of providing
information, whether it be:
• Statutory information, such as employee statistics or tax
information, required by governmental and regulatory entities (i.e.
mandatory information);
• Information required by business partners (i.e. essential
information), which would allow businesses to conduct business
using a shared platform over, for example, the internet; or
• Discretionary information required by internal users to make
business decisions.
Costs are not limited to quantitative measures: Matters such as the need
for regulatory compliance, non-compliance with industry best-
practices, as well as opportunity costs of not having the relevant
information, must also be taken into account.
3. Which AIS should be implemented?

All business decisions should be driven by the objectives and strategies
of a company. is also applies when deciding which AIS should be
implemented. When deciding on the implementation of an AIS it is
important to ensure the following principles are kept in mind:
• Strategic alignment should exist between investment in an AIS and
its use thereof. It should support the strategic performance and
sustainability objectives of the company and deliver on business
needs.
• Value delivery should occur through the AIS in the form of timely
and quality information, ensuring that the AIS delivers the expected
bene ts in line with the company’s strategy in a cost-effective
manner.
• e AIS should be considered to be an integral part of the
enterprise’s risk management strategy and processes, thereby
ensuring that its IT assets are safeguarded, operate as intended and
that disaster recovery procedures are in place.
• Responsibility for the implementation of AIS and the related system
of internal control and the day-to-day management of the AIS
should be assigned, thereby ensuring accountability.
• e performance and functioning of IT investments should be
monitored, measured and assessed.
Focus should be placed on prioritising the management of all IT
• resources (including the AIS). IT investment should be optimised,
and efficiency maximised by allocating resources based on business
needs.
To determine which AIS should be implemented, one needs to evaluate

the company’s business activities (or processes), the decisions that
would need to be made when performing the activity (or when in this
process) and the information required to make key decisions. For
example, in the purchases and payments business cycle, the payment
clerk would need to decide which supplier should be paid, by when, how
much, etc. In order to make a decision the payment clerk might require
the supplier statement, accounts payable records, payment terms, etc. An
AIS must be able to keep record of all this information and integrate
data from both internal and external sources, so as to ensure the
information is readily available once payment is to be made. Each
business cycle (Chapter 4 Figure 4.3) must record, store and process
data speci c to each cycle in order to produce decision-useful
information.
In Chapters 6 to 10, the functional areas that exist, as well as the
information system used, in each cycle are outlined. e major
activities, documents used, data and information recorded are outlined
for each cycle. A number of key concepts relating to recording and
processing in a computerised environment are discussed in section 4
below in the context of the revenue and receipts cycle.
4. How are transactions recorded and processed?

e AIS is responsible for the effective and efficient processing of data.
In a manual environment, data is recorded in journals and maintained
in the company’s ledgers (de ned in Chapter 6 section 6.3.2.2). In a
computerised environment this process is automated and, as discussed
in Chapter 5 section 5.9.1, the computerised processing of business
transactions takes place in various stages. e operations performed by
the AIS, which converts data into decision-useful information, are
referred collectively to as the data processing cycle or the transaction
processing cycle. e cycle consists of four stages, namely (i) data
input (which includes the entering or capturing of data relating to a
transaction or activity into the AIS) (ii) data processing (where data is
converted into information) (iii) data storage and (iv) information
output, which is used by the user. e information output can be in the
form of nancial statements, or cycle speci c, such as a debtors age
analysis.
4.1 Data input
An activity initiates a transaction. e details relating to a transaction
are recorded on source documentation such as an order form (Chapter
6 section 6.3.2.1), which contains data speci c to the transaction. While
data relating to the transaction is obtained from the source
documentation for input purposes, the AIS also automatically records
the data relating to the participants in the transaction (Chapter 6
section 6.2.1) and the resources affected by the transaction (Chapter 6
section 6.2.2). In the case of the revenue and receipts cycle, the
following information might be recorded data relating to the:
• Transaction: customer details; price; quantity, description of item
sold, etc.;
• Participants: details of the employee that made the sale, approved
credit, etc.; and
• Resources: point-of-sale (POS) device asset number, etc.
In the event that a transaction is recorded in an online environment, the

transaction data is recorded directly into the system when the
transaction takes place.
Once data has been recorded, it can be processed in real-time or
stored to be processed at a later time (Chapter 5 section 5.6).
4.2 Data storage

In a similar manner in which a manual system stores data recorded
using general or special journals in ledgers (Chapter 6 section 6.3.2.2), in
a computerised environment, data relating to transactions is stored in
les (Chapter 6 section 6.3.3). e general ledger contains summary
level data for all accounts, while the subsidiary ledgers record the
detailed data for every transaction contained in the general ledger.
erefore, the sum of all individual balances in the subsidiary ledgers
add up to the amount in the general ledger, and should these not agree,
it would indicate an error. e computerised equivalent of the
subsidiary ledger is a transaction le, and for the general ledger it is a
master le. Files may, however, contain more information than simply
the nancial information, as discussed in Chapter 5 section 5.1. e
master le also contains standing data that is used frequently by the
AIS. Similarly, the transaction le may also contain data relating to the
participants in the transaction and the resources involved.
In order to nd data relating to a transaction in an easy and efficient
manner, AIS uses coding techniques to organise data in a logical
manner. Coding is the systematic assignment of numbers or letters to
data to classify and organise it. ere are three types of coding:
1. Sequence codes: where, for example, transactions are numbered
consecutively to ensure that there are no gaps in the sequence and
no numbers are repeated. Examples include the sequential
numbers of order forms (ORD0001; ORD0002), or invoices
(INV0001; INV0002).
2. Block codes: where blocks of numbers in a particular numerical
sequential range are reserved for a category of items or activities.
An example is in a store room, that all pipes have a product code
between ‘20001 – 29999’; and polymers have a product code
between ‘70000 – 79999’. Using this method allows the AIS to record
additional information about the item or activity. A storeman
would know that ‘204387’ refers to a particular pipe, which in this
case is ‘Pipe SABS 200mm x 6m Class 340SOE’.
3. Group codes: where each digit in the code or digit positioning has
a particular meaning. For example, a customer number such as
‘RDMRIA002’ used for ‘Riaan Rudman’ would mean that the rst
group of three digits is used as an identi er for the customer’s
surname (RDM) and the second group of three digits is used to
identify the customer’s name (RIA). is method of coding uses
two or more subgroups of digits for an item and is often used in
conjunction with block codes.
An example of coding which is used globally by nancial accountants is
the chart of accounts (being a list of all the general ledger accounts used
by a company), in which each general ledger account is assigned a
speci c accounting number and the positioning of the account number
refers to different classes of transactions or different transactions
classi ed by nature. e coding of the accounts assists with the
preparation of the nancial statements (as similar accounts are grouped
together).
Having a consistent methodology to assign codes to transactional or
other data has the bene t of facilitating the provision of information to
users at a low data storage cost. In deciding on the coding system to be
used, the following should be taken into account: it must be easy to
implement, easy to understand, codes must have a consistent meaning
throughout a company, and it must allow for exibility to modify the
codes. It should also allow a user to link data between les and
databases.
4.3 Data processing

e coding of information allows for the processing or manipulation of
data into information. ere are four basic activities which occur during
processing:
• Reading existing data.
• Creating or adding new data, such as where a new customer is
added to the debtors master le.
• Updating data which is contained in a database or a master le
because it has changed. Examples include the updating of the
debtors master le when a debtor changes his or her address, and
adding sales of items to the sales transaction le. Data can be
updated periodically using a batch processing system, or as the each
transaction occurs in an online real-time processing environment
(Chapter 5 section 5.6).
• Deleting or removing of data.
4.4 Information output
Financial or other information may be required to be used for a speci c
purpose. Operational information provides good insight into the
activities of the company. e purpose for which the information is
produced de nes its value. Financial statements can be used to
evaluate historic transactions, while budgets and forecasts can be used
to evaluate future strategies. Information contained in performance
reports can be used to monitor a company’s performance against set
targets and contribute to a company selecting the most appropriate
strategy for its future. Information can be presented to the user in three
forms, namely in:
• Document form, which presents the details of the activity or
transaction, whether it is recording the information of the
transaction or information of another party to the transaction, for
example a sales invoice or deposit slip. e document can be a hard-
copy document or it may be in electronic format. e document
generated at the end of a transaction that re ects the information of
the transaction that has been processed is commonly referred to as
an operational document, as opposed to a source document which
is used to initiate a transaction.
• Report form, which reports information contained in the system,
generally in summary format. ese reports can be used to provide a
historic review of activities in the company. e information
contained in them can also be used to manage operational activities,
make business decisions and design strategies. e frequency of the
reports is determined by the purpose and relevance of the
information to decisions which must be made.
• Queries form, in response to a speci c request by users for pieces of
information, based on predetermined criteria or business problems
for which historic information is required. e advances in big data
and exible reporting have made query form reporting the most
common form of output used in business today.
Output is not limited to hard copy information: it can also be extracted

on a computer monitor in electronic format.
5. How has the role of the AIS changed over time?
Traditionally, AIS were used to record, store and process nancial
information and transactions. Modern CIS also record various types of
non- nancial information, which provides insight into the operations
and operational effectiveness of a company. In many instances all this
data is recorded by one system. Enterprise resource planning (ERP)
systems are designed to integrate all aspects of a company’s operations,
recording of nancial and non- nancial information relating to a
transaction as the transaction occurs and updating all related systems.
Big data systems not only record structured nancial and operational
data, but they also record, store and process unstructured external data,
to provide users with data-rich information in which relationships
between multiple types of data have been considered.
1 Each computer application must also have its own application-speci c access controls that
restrict access to data, les, functions and features. However, as these access controls relate
only to a particular application, they are classi ed as application controls and not as general
controls.
2 e user-related controls include controls that were discussed in the section on general
controls. e reason they are included in this section on application controls is that they
contribute directly to the validity, accuracy and completeness of the recording of a particular
type of transaction in a speci c application.
3 Refer to section 5.1 for an explanation of the difference between the two types of les.
controls. e reason they are included in this section on application controls, is that they
contribute to the validity, accuracy and completeness of master le changes in a speci c
application.
Revenue and receipts cycle CHAPTER 6
Gerrit Penning
CHAPTER CONTENTS
Learning outcomes
Reference list
6.1 What are the nature, purpose and accounting implications of the cycle?
6.7 What are the controls in the cycle (manual and computerised)?
6.8 Cycle illustration: e revenue and receipts cycle at Ntsimbi Piping
LEARNING OUTCOMES
1. Explain the nature and purpose of the cycle.

2. Identify and describe the major general ledger accounts affected by the cycle.
3. Explain the accounting treatment required for the recording of revenue.
4. Identify and explain the cycle’s functional areas.
5. Describe the ow of transactions in the cycle through the information system, including its relation to
source documents and accounting records and its relation to classes of transactions and events, and
balances.
6. Identify and describe the documents and records, both manual and computerised, utilised in the cycle
and describe the purpose of each.
7. Identify and describe the risks of misstatement affecting account balances, classes of transactions and
events in the nancial statements.
8. Describe the computer technologies typically applied in the cycle.
9. Formulate control objectives for the cycle.
10. Describe how internal controls may assist in achieving the control objectives in the cycle and how
these control objectives relate to management’s assertions in the nancial statements.
11. Critically analyse internal control systems in order to identify and explain weaknesses in the control
system and recommend improvements by describing the required internal controls.
12. Design a system of internal controls, both manual and computerised, that will achieve the cycle’s
control objectives.
REFERENCE LIST
International Financial Reporting Standard (IFRS) 15 – Revenue from Contracts with Customers
IN THE NEWS
SEC charges energy services company and executives with accounting fraud1
Washington D.C., Oct. 17, 2016
The Securities and Exchange Commission today charged an energy services provider and four
executives for their roles in an accounting fraud in which the company recognised revenue earlier
than allowed in order to meet internal targets.
Lime Energy Co. agreed to pay $1 million to settle the charges, and its four now-former
executives also agreed to settlements.
The SEC’s complaint alleges that Lime Energy improperly recognised $20 million in revenue from
at least 2010 to 2012. Two then-executives in the company’s utilities division vice president of
operations Joaquin Alberto Dos Santos Almeida and director of operations Karan Raina developed
procedures to enable the company to recognise revenue on newly signed contracts based on
documentation received before year-end 2010. But when documentation did not arrive in time, they
allegedly went ahead and booked the revenue anyway.
According to the SEC’s complaint, Almeida and Raina became even more aggressive in 2011 and
2012 as they further recognised revenue earlier than allowed by accounting principles as they faced
increasing pressure to produce results. They eventually went so far as to direct internal accountants
to book revenue on jobs that didn’t exist. The SEC further alleges that Lime Energy’s then-corporate
controller Julianne M. Chandler accepted new accounting entries to book millions of dollars in
additional 2011 revenue well after the year-end close. And in February 2012 when Lime Energy still
needed $500,000 to meet its 2011 revenue target, the company’s then-executive vice president
James G. Smith suddenly sent Chandler new entries that provided the company with even more
additional revenue to improperly recognise.
‘Lime Energy and its then-executives engaged in a wide array of wrongdoing, including the
improper reporting of a signi cant amount of fake revenue,’ said Scott W. Friestad, Associate Director
of the SEC’s Division of Enforcement. ‘The desire to meet earnings or revenue targets cannot
override corporate of cers’ responsibilities to public shareholders to assure that the company’s
accounting re ects nancial reality.’
CRITICAL THINKING
Can you think of reasons for an entity to want to overstate or understate its reported revenue? In
addition, what personal interest do you think a director of an entity may have in manipulating
revenue?
Such incentives to misstate revenues may give rise to risks relating to the company’s nancial
information not being fairly presented.
6.1 What are the nature, purpose and accounting implications
of the cycle?
e revenue and receipts cycle relates to an entity’s activities of selling goods or rendering services and
receiving cash from customers in exchange. Without sufficient revenue from sales or services, an entity may
not be a viable going concern. Failure to collect cash from customers for sales or services will place
signi cant strain on an entity’s cash ow. is may lead to eventual bankruptcy if an entity cannot pay its
debts as they become due.
However, the cycle is not just about the business function of making sales and receiving cash. It is also
about the accounting function where transactions associated with those sales and receipts are accounted for
(recorded) in an entity’s accounting records.
e purpose of the revenue and receipts cycle is to:

• Execute the sale of goods and rendering of services to customers;
• Record the associated revenue earned from these transactions in the accounting records;
• Collect and record the payments received from customers relating to these transactions; and
• Address any related activity, such as sales adjustments and the writing off of bad debts, including the
recording thereof.
In terms of the accounting function, sales and services rendered are recorded as revenue in an entity’s
accounting records. It is imperative that all sales and services transactions are recorded, otherwise the
nancial reports will re ect a distorted view of the true nancial position and performance of the entity.
REFLECTION
What are the implications for the owners and employees of an entity and for the tax authorities
should an entity not record all its sales or services transactions?
When an entity manipulates its revenue, it is important to consider the negative consequences to
the entity’s stakeholders – not only from an economic perspective, but also from an ethical
perspective. Shareholders might make wrong investment decisions based on incorrect accounting
information, employees might be told that they have to forfeit the salary increase they could
otherwise have been awarded, and the tax authorities could be defrauded if the entity does not
declare all of its taxable income.
Sales made or services rendered to customers can be either on credit or for cash. If for cash, the entity will
immediately receive cash physically in banknotes and coins or through an electronic credit or debit card
transaction, or through an electronic funds transfer (EFT). If sales are on credit, the goods are provided (or
the service rendered) to the customer, but the customer is allowed to pay the outstanding amount at a later
date (i.e. the customer buys ‘on account’).
WHY? Why would an entity allow its customers to buy from it on credit given the possibility
that they will not settle their debts to the entity? What are the bene ts and what are
the risks?
By allowing credit facilities, including favourable credit terms, an entity can encourage
customers to purchase goods or services from it. Remember that some customers might
not be able to pay for the goods or services immediately (e.g. in the context of a
wholesaler, its customers may not have cash until they have resold the products). The
major risk, however, is that customers might not settle their accounts in time or not settle
it at all, causing nancial losses to the entity that provided the credit facilities.
6.1.2 Forms of revenue from sale of goods and rendering of services

Although entities are involved in various forms of sales and services, the purpose of the cycle applies to all
entities.
Examples of various forms of sales and services include:

• A retail entity (retailer) selling goods directly to the public (e.g. clothing);
• A wholesale entity selling goods to retailers (e.g. bulk food products);
• A manufacturing entity selling goods it has produced to wholesalers or retailers (e.g. a manufacturer of
wooden furniture);
• A resource entity selling minerals it has mined to a metallurgical re nery (e.g. an iron ore mine);
• A services entity rendering its service to other entities or to members of the public (e.g. a furniture
removal company); and
• A municipality providing utilities to town residents, such as water and electricity.
A business has to implement proper internal controls in its revenue and receipts cycle to enable the
proper handling and recording of its sales/services and the subsequent collection of the amount due
from customers.
No matter the type of a business entity or the nature of its revenue, if a product is sold or a service is rendered
to a customer, revenue will ow to the entity and cash should subsequently be received.

It would be rare to nd two entities whose revenue and receipts cycles operate in exactly the same way. In
fact, although the cycle operates in the same way for all entities in principle, each entity will apply these
principles in a different way and to varying degrees. As a result, one is likely to nd variations in the source
documents, accounting records and internal controls used in the cycle among different entities. Also, each
entity will implement its own particular controls and will have its own methods of initiating, recording,
processing and reporting transactions in the cycle.
However, the purpose of the cycle and the objectives of the internal controls in the cycle will remain the
same for all entities. erefore, a proper understanding of the purpose of the cycle and the typical risks an
entity faces when selling goods or rendering services is crucial.
REFLECTION
How would the risks for a company whose customers all pay in cash at its business premises
when buying goods differ from those for a business whose customers pay by means of EFT only?
The answer relates to the risks due to theft from the holding of physical cash versus the risks of
unauthorised access being obtained to the entity’s bank account.
When selling goods and rendering services to consumers, remember the Consumer Protection Act.
The Consumer Protection Act applies to the majority of businesses in South Africa that sell goods
and render services to the public. The Act mainly aims to protect the end-consumer against abuse
and malpractices by businesses. If the Act applies to a business or particular transaction, the seller
should comply with the requirements of the Act, or the seller might face nes and penalties.
Accordingly, a business’s information system, including internal controls, should make provision
for ensuring compliance with the Act.
6.1.4 How transactions in the cycle are triggered (initiated)

ese are the triggers for the cycle:
• For a revenue transaction to commence, an order should be received from a customer.
• For a receipt transaction to commence, payment should be received from a customer.
As soon as one of the above triggers occurs, the revenue and receipts cycle will ‘go into action’ and the
internal controls in the cycle will need to be applied.
When does the cycle end?

• When a sales or service transaction has been recorded in the sales journal and it has been posted to the
general ledger, the revenue part of the cycle is complete.
• When the receipt of cash has been recorded in the cash book (cash receipts journal), the cash has been
deposited in the entity’s bank account and the transaction has been posted to the general ledger, the
receipts part of the cycle is complete.
e cycle will repeat itself each time a new transaction is initiated.
CRITICAL THINKING
How is a sales or service transaction recorded in the accounting records?
A sales or service transaction is ordinarily documented on an invoice and recorded in the sales or
service journal, the total of which is periodically posted to the revenue account in the general ledger.
If the sales or service transaction is on credit, it is also recorded in the customer’s account in the
debtors ledger. In a manual system, these activities would generally be separate actions (writing out
an invoice and posting the sale to the accounting records). In a computerised system, the
generation of an electronic invoice and the processing of a sale to the accounting records (sales
transaction le, general ledger accounts and debtors master le) may happen at the same time
without any manual intervention.
6.1.4.1 A typical transaction in the revenue and receipts cycle
6.1.4.1.1 Wholesalers selling on credit

A typical sales transaction in the revenue and receipts cycle for a wholesale entity selling on credit originates
from a customer order. By this time, a credit background check would already have been performed to
ensure the customer’s creditworthiness before any sale is made.
e customer may phone or email the entity to place an order for goods, or if the entity sells its goods
over the internet, the customer could order goods on the entity’s website. If the goods are available in the
warehouse, the sales department will instruct the warehouse to pick the goods and pack them for despatch.
e despatch function ensures the goods are delivered to the customer, whereupon the invoice is prepared
by the accounting department. When the due date for payment arrives, the customer makes a payment to
the entity and the entity issues a receipt to the customer.
Figure 6.1: A typical transaction in the revenue and receipts cycle
WHAT What if an entity neglects to follow up on a customer order it has received? What will
the consequences for the entity be? Are there any implications on the fair presentation
IF? of the nancial statements?
The entity might lose a sale and forgo any resulting pro ts that could have been earned
from the transaction. It might also lose the customer to a competitor, should the customer
deem the entity’s level of service to be unacceptable. However, there is no impact on the
fair presentation of the nancial statements as no sales transaction would have taken
place and therefore there is no misstatement in the revenue line item in the Statement of
Comprehensive Income.
6.1.4.1.2 Retailers selling for cash

How would the ow of a sales transaction appear in a retailer, such as a grocery store, selling to customers on
a cash basis? e process would be simpli ed as fewer supporting documents are required and fewer control
procedures need to be performed.
A sales order does not apply in such an environment and no credit background check is required, as the
customer does not buy on credit. Rather, the receipt of the cash is in effect the authorisation of the
transaction. Goods are not delivered to the customer: the customer simply selects his or her desired goods
from the shelves and proceeds to a cash till point. To pay for the goods, the customer hands cash to the
cashier and the cashier in turn issues the customer with a receipt. e receipt serves as proof of payment and
re ects the goods that were bought.
CRITICAL THINKING
Keep in mind that, even though the transactions might happen at the same time, the recording of a
sale as revenue is a separate transaction from the recording of cash received as a receipt. Each is
subject to nancial reporting risks, while cash (as an asset) received is also at risk of
misappropriation. Revenue should be recorded when goods are sold or services are rendered and a
receipt should be recorded when the cash for these goods/services is received.

Transactions in the revenue and receipts cycle must all be recorded in the accounting records of the entity
and must be allocated to a particular general ledger account. Understanding which account is affected by a
speci c transaction will enable better understanding of the risks involved in the ow of the transaction
through the cycle.
e following accounts are affected by the revenue and receipts cycle:

1. Statement of Comprehensive Income
• Revenue (income from sales/services)
Refer to the Statement of Comprehensive Income of Ntsimbi Piping (page 8) and note the line item
‘Revenue’. Also refer to its Detailed Income Statement in the supplementary information (page 25) and
note the item ‘Revenue’.
• Sales adjustments (decrease in revenue)
• Bad debts written off.
2. Statement of Financial Position

• Cash and cash equivalents
• Accounts receivable (including trade debtors
Refer to the Statement of Financial Position of Ntsimbi Piping (page 7) and note the line items ‘Cash
and cash equivalents’, ‘Bank overdraft’ and ‘Trade and other receivables’.
REFLECTION
Which accounts in the accounting records of an entity will be affected should a debtor fail to pay
its debt?
The debtors balance (an asset) will be affected, either due to the debtor’s balance having to be
written off or being included in an allowance for credit losses. These entries will also affect expense
accounts such as ‘bad debts’ and ‘increase/decrease in allowance for credit losses’.
Note that, despite the fact that the entity never receives any money for the goods sold or services
rendered, the revenue that was recorded would not be reversed. It remains revenue in the accounting
records and is reported as such. The bank account is not affected as no cash is received.
Although some forms of income, such as those listed below, are generally categorised under other cycles
(such as the investment and nancing cycle (refer to Chapter 10)), they may be subject to similar risks and
controls as identi ed in the revenue and receipts cycle (e.g. when the amounts from these forms of income
are physically received in cash or deposited into an entity’s bank account):
• Dividend income;
• Rental income;
• Interest income;
• Royalty income;
• Commission income; and
• Income from the disposal of assets.
6.1.6 IFRS 15 and the treatment of revenue for nancial reporting

purposes
IFRS 15: Revenue from Contracts with Customers speci es the principles an entity should apply in
accounting for revenue in its nancial statements. Essentially, IFRS 15 deals with:
• What a ‘contract with a customer’ is. Take note that a ‘contract’ can be as varied as a cash sale transaction
lasting only a few minutes to goods provided or services rendered to the customer over an extended
period of time. A contract also does not have to be formal and written: it could be informal, verbal and
implicit to the nature of the business dealing;
• How an entity should recognise revenue to account for the transfer of goods or services to customers;
• How to determine the amount that the entity expects to receive in exchange for those goods or services;
and
• When to recognise the amount relating to the transaction.
IFRS 15 stipulates that an entity should recognise revenue as and when control over the goods/services
transfers from the entity to the customer, either over time or at a particular point in time depending on the
nature of the contract with the customer. It would therefore not be appropriate for an entity to recognise
revenue upfront in cases where the goods or service are provided to the customer over a period of time. For
extended periods, the entity will need to determine the appropriate method of allocating the transaction
amount over the period of the provision of the goods or rendering of the service to the customer.
Should an entity not comply with the requirements of IFRS 15, it runs the risk of having material
misstatements in its nancial statements, which will result in a modi ed opinion in the auditor’s report and
possibly adverse consequences for the entity.
Other accounting standards that may be applicable to the revenue and receipts cycle (but fall outside the
scope of this text) include:
• IFRS 16, Leases (i.e. speci cally relating to entities that are lessors); and
• IAS 20, Accounting for Government Grants and Disclosure of Government Assistance.
WHAT What if the management of an entity were to misinterpret the requirements of IFRS 15
or decide to deliberately misapply the principles?
IF? Consider the following example involving the inappropriate timing for recognising revenue:
A security rm was contracted by another entity to render security services to it for a 24-
month period. Instead of recognising the revenue over the course of the performance of
the service (i.e. evenly over the 24 months), the security rm inappropriately recognises
the total of all revenue it expects to receive at the end of the rst month.
What are the implications on fair presentation of the nancial statements because of
such accounting treatment?

In order to identify and manage the risks in the business cycles it is useful to divide each cycle into functional
areas. A functional area is a separate stage within the cycle where similar or related activities applicable to a
transaction occur.
From the moment a transaction in the cycle is triggered (i.e. a customer’s order is received) to the time
that the payment from the customer is recorded and banked, many actions take place to ensure that the
transaction is executed properly and that it is properly recorded in the accounting records.
For a typical wholesaler selling on credit to customers (debtors), the cycle can be divided into the following
functional areas:
1. Credit management;
2. Receiving orders from customers;
3. Authorisation of sales orders;
4. Picking of goods from warehouse;
5. Despatch and delivery of goods to customers;
6. Invoicing;
7. Recording of sales in the accounting records;
8. Receipt of cash from customers;
9. Recording of receipts in the accounting records; and
10. Processing and recording of returns and other sales adjustments.
A brief summary of each functional area in a wholesaler that sells goods to customers on credit follows.
1. Credit management
Purpose: To grant credit to creditworthy customers who do not immediately pay cash when receiving goods.
Main activities: Receiving credit application from customer; setting credit limits in terms of customer’s
creditworthiness; ongoing review of customer’s creditworthiness; handling account queries from customers;
collecting outstanding debts; handing over uncollectable debts to attorneys; recommending to management
debtor balances that should be written off as uncollectable.
Persons involved in this area: Credit controller, nancial accountant/ nancial manager.
WHY? Why is the responsibility for approving new customers and setting credit limits assigned
to a credit controller and not to the sales order clerk who receives orders from the
customers?
Consider the importance of segregation of duties when answering this question and the
risks that arise should these duties be carried out by the same person. For example, what
do you think the consequence might be if a sales order clerk were to receive a sales order
from a friend who is not able to pay for the goods ordered, but the clerk was able to set
the credit limit on the friend’s account? The clerk could supply the goods to the friend
without any problems, but the entity would probably never receive any payment for the
goods.
2. Receiving orders from customers

Purpose: To ensure that orders received from customers are acted on.
Main activities: Receiving orders from customers; checking inventory levels (i.e. whether goods are in
stock); creating backorders (i.e. pending sales orders for goods out of stock and awaiting delivery of these
goods from the entity’s suppliers).
Persons involved in this area: Sales order clerk.
WHAT What if the customer is not granted the opportunity to place goods on backorder?
What might the nancial implications for the entity be?
IF? Customers might choose to rather make use of the entity’s competitors in the event of the
unavailability of goods. Its clientele might even be lost permanently, translating into lost
sales for the entity and therefore lower pro ts.
If the entity is a wholesaler, its customers might be business entities themselves, with
a responsibility to promptly satisfy the demands of their own customers’ needs for goods
or services!
3. Authorisation of sales orders

Purpose: To ensure that sales are made only to approved customers and only to those who will be able to
settle their debts when due.
Main activities: Manual and/or computerised authorisation of sales.
Persons involved in this area: Sales order clerk, credit controller.
4. Picking of goods from warehouse
Purpose: To select or pick goods from the warehouse (or from the nished goods store) in a timely manner
in accordance with those ordered by the customer.
Main activities: Picking goods from the warehouse.
Persons involved in this area: Storeman, warehouse supervisor/manager.
WHY? Why are the warehouse and despatch staff responsible for the picking of goods from the
stores and despatch thereof (respectively), and not the sales order clerk?
If there is a lack of segregation of duties, the sales order clerk could create a fake order
and take the goods for himself or herself, or have a friend’s sales order ‘disappear’ after
the goods were delivered. The risk is even greater if the sales order clerk can also create
customer accounts.
5. Despatch and delivery of goods to customers

Purpose: To ensure that all goods ordered and picked are despatched and delivered intact to the customer.
Main activities: Packaging goods for despatch; safely storing goods until despatched; loading packaged
goods onto delivery vehicle; security checks on goods leaving entity’s premises; transporting goods; delivery
of goods to customer.
Persons involved in this area: Despatch clerk, gate security guard, driver.
REFLECTION
What purpose (from a revenue recognition perspective) is served by having a customer sign a
copy of the delivery note as proof of receiving the goods?
In order to record a sale in the accounting records, there must be proof that a transaction occurred
between the entity and another party, (i.e. that goods were sold or a service was rendered). The
customer’s signature serves as evidence that another party acknowledged its willing participation in
the transaction and that it took control of the goods/services.
6. Invoicing
Purpose: To create and issue an invoice to customers notifying them of their obligation to pay for goods
received.
Main activities: Creating a customer invoice and sending it to the customer.
Persons involved in this area: Invoicing clerk.
REFLECTION
What are the consequences for an entity should a sale take place and goods are delivered to a
customer, but an invoice is never created nor sent to the customer? Consider both the accounting
implications of such a mistake as well as the implications for the entity’s cash ows.
From an accounting perspective, as sales are typically recorded in the entity’s accounting records
from the delivery note and the invoice that is created, revenue might be understated. From a cash
ow perspective, the invoice serves as documentary proof of the amount that the customer has to
pay for the goods or services. Failure to create an invoice may result in the entity/customer
‘forgetting’ that the amount due still has to be paid, resulting in the cash never being received at all
or not received in a timely manner.
7. Recording of sales in the accounting records

Purpose: To record sales transactions in the accounting records; to send out monthly statements to debtors.
Main activities: Posting a sale to the sales journal and to the debtor’s account in the debtors ledger; updating
the general ledger; performing debtors reconciliations; sending monthly statements to debtors.
Persons involved in this area: Accounts receivable bookkeeper, senior bookkeeper/ nancial accountant.
8. Receipt of cash from customers

Purpose: To receive and promptly bank cash from customers.
Main activities: Receiving cash from customers; recording (issuing) a receipt; depositing cash in the entity’s
bank account.
Persons involved in this area: Mail-opening staff, cashier, chief cashier (reviewer), security guard
(depositing).
WHY? Why should the accounts receivable bookkeeper, responsible for creating invoices and
posting the invoices to the debtors ledger, not also receive cash from debtors or record
receipts in the cashbook?
Under conditions of weak segregation of duties, the accounts receivable bookkeeper could
decide not to post the invoice to the debtor’s account, but still send the invoice to the
debtor. When the debtor pays the accounts receivable bookkeeper, he or she can take the
money for himself or herself without posting a receipt to the debtors account.
Alternatively, and under certain conditions, the bookkeeper might even be able to post
a credit note to the account in order to ‘cancel’ the debt, making it appear as if the debtor
did not have to pay, thereby concealing his or her misappropriation of the cash received.
9. Recording of receipts in the accounting records

Purpose: To ensure all receipts from customers are accurately accounted for in the accounting records.
Main activities: Posting receipts to the cashbook (and general ledger) and to customers’ accounts in the
debtors ledger; performing bank reconciliation.
Persons involved in this area: Cash book clerk (bookkeeping), senior bookkeeper/ nancial
accountant/ nancial manager (reviewing).
Be sure to distinguish between operational activities and nancial recording activities (bookkeeping).
Many actions in the cycle are not performed by accounting/bookkeeping staff. A business is primarily
about selling goods or rendering services, and not about the accounting behind it. However, the
accounting function is crucial as it evidences the history of the transaction from its origin all the way
through to when it is recorded in the accounting records (to eventually form part of the entity’s
nancial statements).
10. Processing and recording of returns and other sales adjustments

Purpose: To ensure that only authorised credits to debtors accounts are granted and recorded.
Main activities: Receiving returned goods from customers; authorising sales returns; granting discount and
other adjustments (e.g. for previously incorrect charges) to customers; recording sales returns and
adjustments.
Persons involved in this area: Storeman (taking custody of returned goods), sales manager and/or credit
controller (approval), sales returns clerk (recording), senior bookkeeper/ nancial accountant/ nancial
manager (reviewing).

Table 6.1 provides a summary of the functional areas by department.
Table 6.1: Functional areas by department
SALES AND CREDIT

WAREHOUSE ACCOUNTING DEPARTMENT
DEPARTMENT
1. Credit management 4. Picking of goods from 6. Invoicing

2. Receiving orders from warehouse 7. Recording of sales in the
customers 5. Despatch and delivery of accounting records
3. Authorisation of sales orders goods to customers 8. Receipt of cash from
10. Processing returns and other 10. Processing returns and customers
sales adjustments (including other sales adjustments 9. Recording of receipts in the
authorising of returns and (including handling goods accounting records
adjustments) returned) 10. Recording of returns and other
sales adjustments

6.3.1 Accounting for revenue and receipt transactions
Sales or service transactions form part of the revenue gure in the nancial statements. Sales made to
customers and services rendered on credit, for which no payment has yet been received, increase the trade
receivables balance (a current asset in the Statement of Financial Position). Cash received from customers
increases the bank and cash balance in the nancial statements and, if it relates to cash received from
debtors, reduces the trade receivables balance.
Figure 6.2 illustrates for a credit sales system the recording of supporting documentation in the books of
primary entry and subledger up to its inclusion in the nancial statements.
Figure 6.2: The recording of supporting documentation in the nancial records

Proper record keeping of transactions on source documents (such as an invoice), in journals (such as the
sales journal) and in ledgers (debtors and general ledgers) is therefore critically important for reliable
nancial reporting. Should the information system (including the accounting system) fail to ensure proper
record keeping of revenue and receipt transactions, together with the resultant accountability for the related
assets, an entity’s revenue total and its accounts receivable and cash balances might be materially misstated.
is may possibly render the nancial statements unreliable, misleading or even meaningless.
6.3.1.1 e use of general journals

e revenue and receipts cycle also includes the use of recurring standard general journal entries on a
periodic basis, such as entries to account for the write-off of bad debts every month, or the annual
adjustment of the allowance for credit losses. Non-standard general journal entries may be used to account
for special credits granted to debtors (e.g. a large discount on bulk purchases in addition to the standard
discount contractually arranged). Additional internal controls are required for general journals as there is an
increased risk of accounting staff and/or management using them to commit fraud.
WHY? Why should the same staff member not be allowed to create a general journal and
approve it? Consider the role of segregation of duties in answering this question.
The person who initiates or executes the transaction (i.e. the general journal entry) must
not also be able to approve it. This is to prevent a person creating a ctitious or erroneous
transaction without the knowledge of anyone else. The segregation of duties achieved by a
second person reviewing the journal entry will facilitate the detection of the fraud or error.

As a sales or receipt transaction is processed by ( ows through) the information system of an entity, source
documents will be created in each functional area (refer to section 6.2 for an explanation of the functional
areas). ese source documents are used when the transaction has to be recorded in the accounting records,
such as journals and ledgers.
e following sections describe the supporting documents, records, reports and reconciliations that may
be used in the revenue and receipts cycle.
6.3.2.1 Supporting documents
1. Credit application form

is form is to be completed by a new customer wishing to buy from the entity on credit. Full particulars of
the customer have to be provided, including trade references for follow-up.
Example: Refer to document 1I in the appendix at the end of the book.
2. Master le amendment form (computerised systems only)
A master le amendment form is completed in a computerised system each time a debtor’s details are to be
changed on the debtors master le (the debtors master le is a debtors ledger in a computerised system), or
if a debtor is to be added to or deleted from the master le. For example, if a new customer is accepted, the
credit application form will be attached to the master le amendment form as a supporting document for the
amendment to the master le (in other words, the creation of the new debtor).
Example: Refer to document 1D in the appendix at the end of the book.
3. Customer order form
An order is received from a customer by various means, such as email, telephone, fax, post, or in person. If
received verbally, there will not be any physical evidence of the customer order and thus the entity will have
to document the order by own means.
Example: Refer to document 1A in the appendix at the end of the book.
4. Internal sales order
Because customer orders are received from various customers, they will not be sequentially numbered and
may not contain all the information necessary to process the order. Also, in the case of a verbal (such as
telephonic) order, there will not be any evidence of the order if not subsequently recorded on paper or
computer. For this reason, a sequentially numbered internal sales order (ISO) is created (or generated on the
computer) to record the details of the customer and what he or she has ordered.
Example: Refer to document 1B in the appendix at the end of the book.
5. Backorder note
Backorder notes are created for items ordered by a customer, but which are not available in stock. ese out-
of-stock items are recorded on a backorder note for follow-up by the purchasing department that will order
the goods from the entity’s suppliers.
6. Picking slip
e picking slip is created from the internal sales order. It serves as an instruction for the goods to be picked
from the store or warehouse for eventual delivery to the customer. Sales prices are usually not displayed on
the picking slip, but rather only item codes, descriptions, quantities and store location of goods to be picked.
e picking slip is sometimes referred to as the stores requisition.
Example: Refer to document 1C (internal sales order which also serves as the picking slip) in the appendix at
the end of the book.
7. Delivery note
e delivery note is created from the actual goods being packed for despatch to the customer and should
agree with the items being despatched. Prices are usually not displayed on the delivery note: only item
codes, descriptions and quantities.
Example: Refer to document 1E in the appendix at the end of the book.
WHY? Why are item prices not usually displayed on a delivery note?
The entity would not want its despatch or delivery staff to see the value of the goods that
were purchased by the customer. This is in order to reduce the chance of those staff
stealing goods that are seen to be of particularly high value. It also assists in preventing
the delivery note from being confused with other documents that do contain prices.
8. Sales invoice
e sales invoice is prepared for those goods or services that have been accepted by the customer and for
which the customer is liable to pay. It contains, among other things, proper descriptions and quantities of
the goods sold or services rendered, the prices of all items, and the total amount due.
Example: Refer to document 1F in the appendix at the end of the book.
In many computerised systems it is not necessary for a computer user to input product quantities
and prices for the purpose of generating an electronic sales invoice: item codes, descriptions and
quantities can be programmatically retrieved (i.e. by the computer) from the delivery note previously
generated in the warehouse and prices can be obtained from the sales order already stored on the
computer system (if the sales order contained prices, or alternatively it can be automatically
retrieved from price list master le). The sales invoice is therefore ‘generated’ using data that
already exists on the system, thereby avoiding data capturing errors.
9. Debtors statement
e debtors statement represents a summary of all the transactions (invoices, receipts and adjustments)
relating to a debtor, usually over a period of a month. At the end of a month, a debtors clerk (manual system)
or a computer (computerised system) prepares a statement from each debtor’s account in the debtors ledger
to indicate clearly to the customer what the customer still owes (i.e. what the customer’s outstanding debt
is). e outstanding balance per the debtors statement should agree with the outstanding balance per the
debtor’s account in the debtors ledger.
10. Customer receipt

When payment is received from a customer, a receipt is made out to the customer, showing the payee and
amount received.
Example: Refer to document 1G in the appendix at the end of the book.
11. Remittance advice and proof of payment
A remittance advice is sent to the entity by a debtor together with payment to indicate which invoices the
debtor is settling with a particular payment.
When a debtor settles the amount outstanding via EFT, the debtor has to submit a proof of payment
document to the entity after payment, typically by fax or email. (It may, however, not indicate the breakdown
of the balance being settled as with a remittance advice.)
12. Mail register

A mail register is used by an entity to record incoming payments from debtors, such as cheques or cash
placed in an envelope and posted by the customer to the entity. However, due to the risk of payments getting
lost in the mail, sending money through the post is the exception rather than the norm. Whenever payments
are received by post, each payment is recorded in the mail register (in numerical sequence) to serve as a
record of money received.
13. Deposit slip

Should money from debtors have been received in cash or by cheque, a deposit slip will be prepared by the
entity’s staff to indicate the total cash and cheques received for the period (e.g. daily, weekly) and taken to
the bank, together with the cash and/or cheques to be deposited.
Example: Refer to document 1H in the appendix at the end of the book.
14. Goods returned voucher
A goods returned voucher is an internal document which is prepared when goods are returned by a
customer. e goods returned voucher serves as proof of goods being returned, enabling a credit note to be
issued.
Example: Refer to document 1J in the appendix at the end of the book.
15. Credit note
A credit note is prepared when the debtor’s account has to be credited for any reason. If, for example, the
debtor returned faulty goods to the entity after having been invoiced, the entity will have to write back the
amount associated with the faulty goods by making out a credit note on the basis of a goods returned
voucher.
Example: Refer to document 1K in the appendix at the end of the book.
EXAMPLE
Source documents in the cycle serve as a transaction trail. They are also used to create other
source documents as a transaction ows through the cycle. For example, a customer order will be
used to create an internal sales order (and backorder note if applicable).
Further examples:
6.3.2.2 Journals and ledgers
1. Sales (or services) journal

e sales journal is used to record all sales or service transactions (invoices) with customers. Credit sales or
services are posted to the debtors’ accounts in the debtors ledger and the debtors control account in the
general ledger.
Example: Refer to document 1M in the appendix at the end of the book.
REFLECTION
What is the sales journal called in a computerised system?
In a computerised system, the sales journal may also be referred to as the ‘sales transaction le’.
2. Sales adjustments journal

e sales adjustments journal contains all transactions relating to sales returns (i.e. where a credit note has
been issued to a customer for the return of goods purchased from the entity) and other adjustments (e.g.
where a credit note has been issued to correct pricing or other errors on invoices issued). In all such cases, an
entry is made in the sales adjustments journal to record the amount for which the credit was granted or for
which the adjustment was made.
3. Cash book (cash receipts journal)

e cash book contains all transactions relating to amounts received from customers. If the amount is
received from a debtor, the receipt is also posted to the debtors ledger.
4. General journal
e general journal contains a record of all non-routine transactions and events not posted to the sales, sales
adjustments or cash receipts journals, such as the write-off of bad debts or when management creates an
allowance for credit losses.
5. Debtors ledger
e debtors ledger contains a detailed record of all transactions (invoices, receipts, returns and adjustments)
applicable to all debtors. Each debtor has its own account in the debtors ledger. e closing balance of each
debtor in the debtors ledger constitutes the outstanding debt payable by the debtor to the entity.
6. General ledger
e general ledger contains accounts drawn from all journals to serve as a collection point for all
transactions that occurred in the various business cycles of an entity. e general ledger facilitates the
compilation of a trial balance and the nancial statements. It further enables a double-entry bookkeeping
function that ‘controls’ the recording of transactions in an accounting system. For example, a credit to the
sales account will always be matched to a debit to the debtors control account.
REFLECTION
What type of transactions might a person who attempts to fraudulently reduce a debtor’s
outstanding balance post to a debtor’s account in the subsidiary ledger?
Such transactions could include ctitious credit notes (for returns) or receipts for amounts that were
never in fact received. It could also involve any ctitious sales adjustments that would decrease the
debtors’ outstanding balance.
6.3.3 Databases and master les (computerised systems only)

1. Debtors master le
Manual system equivalent: Debtors ledger and/or Debtors list
e debtors master le is a database in an entity’s computer system that contains all permanent (standing)
data relating to the entity’s debtors, including their outstanding balances and credit limits. e standing data
further includes data elds such as a debtor’s name, address, contact details and outstanding balance. If, for
example, a person opens a credit account at a clothing store, his or her personal details on the application
form will be entered into the computer system and stored in the entity’s debtors master le.
Example: Extract of records from a debtors master le
Debtor Contact Outstanding

Debtor name Debtor’s address Credit limit
account code number balance
DEB007 AJS Trading (Pty) 22 Green Avenue, 023 123 R15,610 R20,000
Ltd Westville 4567
DEB024 Kopanong Electric 50 Blue Lane, 033 7654 R7,500 R10,000

Eastburgh 321
DEB033 Sunrise Stationary 14 Yellow Drive, 034 456 R27,866 R35,000

Northton 7123
2. Price list master le

Manual system equivalent: Price list
e price list master le contains the entity’s authorised prices applicable to the sale of items or rendering of
services to customers. You may have noticed that when you buy groceries at the supermarket for instance,
the cashier scans the items with a barcode scanner and a price appears on the till screen. e price that
appears on the screen would have been automatically retrieved from the authorised price list master le that
is stored in the computer system.
3. Inventory master le
Manual system equivalent: Inventory list
e inventory master le is a database containing, among other things, the inventory codes, the description
of each item, together with the cost per unit, the unit selling price, and the quantities of goods available for
sale for each item of inventory.
6.3.4 Reports
1. Debtors listing (summary list of all debtors) (computerised systems only)
In a computerised system, the debtors listing is printed from the debtors master le. A computer application
typically allows a user to choose which information (data elds) to include in the list, for example debtor’s
code, debtor’s name, credit limit and balance due. e total outstanding balances when adding all individual
debtors’ balances on the list should agree with the total balance according to the debtors master le.
2. Debtors age analysis (manual and computerised systems)

e debtors age analysis is more comprehensive than the debtors listing as it also contains a breakdown of
the debtor’s outstanding balance in terms of its ageing, for example current balance, 30 days, 60 days and, 90
days. is report can, among other functions, assist an accountant in his or her decision about what a
reasonable allowance for credit losses should be.
Many accounting software applications allow the printing of a debtors list, but with the option of also
showing the ageing of the debtors’ balances.
Example: Refer to document 1L in the appendix at the end of the book.
1. Debtors reconciliation
A debtors reconciliation takes place between the total of all the individual debtor accounts in the debtors
ledger and the total balance per the debtors control account in the general ledger at a speci c point in time
(for example, at month end). In this way, an accountant can identify posting errors, such as where a receipt
from a debtor was recorded in the debtor’s account (debtors ledger), but was not recorded in the debtors
control account in the general ledger.
2. Bank reconciliation
A bank reconciliation is performed between the bank balance as per the bank statement (external balance
per the entity’s bankers) and the balance as per the cashbook (internal balance as per the entity’s accounting
records) at a speci c point in time (for example, at month end). If these two balances are not the same,
reconciling items will exist.
Such reconciling items may include, for example, deposits (or payments) that have been recorded in the
entity’s cash book, but which have not yet been processed by the entity’s banker and would therefore not yet
appear on the bank statement (or vice versa where the transaction has been processed by the banker, but not
yet recorded in the entity’s cash book).
6.3.6 Illustration: Transaction ow in the revenue and receipts cycle

e following diagrams in Figure 6.3 show the typical ow of a sales and a receipt transaction through the
cycle. e entity illustrated sells goods to customers on credit and delivers these to customers using its own
staff (i.e. it does not use a third-party courier to transport the goods).
You should expect to encounter scenarios where the ow of the transactions, names, types and numbers
of copies of documents and application of the internal controls differ from the one illustrated. Any revenue
and receipt system should, however, address the risks facing the cycle in order to achieve the control
objectives of validity, accuracy and completeness of nancial information relating to this cycle.
Figure 6.3: Transaction ow
Owing to its signi cance as a line item in the nancial statements, revenue is particularly prone to error and
fraudulent nancial reporting. In addition, revenue is an important indicator of an entity’s size and market
share. Changes in the revenue gure are a key focus for investors and other stakeholders in assessing an
entity’s growth and even future viability. e revenue gure may also have a signi cant effect on the entity’s
pro t and can be regarded as a key indicator of an entity’s nancial performance.
6.4.1.1 Major reporting risks affecting revenue

e following are typical risks affecting reported revenue in nancial statements:
• Fictitious sales are recorded. In other words, sales transactions that never in fact occurred are recognised
as revenue in the nancial statements. Revenue will thus be overstated. Fictitious sales may also give rise
to non-existent assets, such as ctitious debtor accounts or bank balances.
• Sales transactions are recorded in the incorrect nancial period. Management could thus manipulate
the timing of revenue by:
• not deferring revenue over the period when it is earned (e.g. revenue is inappropriately recognised
upfront in nancial period one when the sales contract is concluded and/or cash is received for the
delivery of goods or rendering of a service over the span of future nancial periods two, three etc.).
is will lead to an overstatement of revenue in nancial period one; and
• not accruing revenue at the point when it is earned (e.g. goods were sold or services were rendered on
credit in nancial period one, but recognised only when the cash is received in nancial period two).
is will lead to an understatement of revenue in nancial period one.
• Revenue is understated by not recording all sales transactions that occurred. Pro ts (as well as taxable
income) will, in turn, be understated. Net assets may also be understated, such as where unrecorded
credit sales have resulted in the exclusion of a trade debtor balance. Management may want to understate
an entity’s revenue in order to avoid paying taxes in a particular nancial year. ey may even understate
sales to deliberately downplay the true performance of the entity in order to avoid scrutiny from
stakeholders such as employees. If staff did not receive increases in salaries and wages, but the entity
made a signi cant pro t, the employees may accuse management of unfair distribution of the entity’s
wealth.
• Revenue is not recognised in terms of the applicable nancial reporting standards.
6.4.1.2 Major reporting risks affecting cash and cash equivalents

e following risks may affect cash balances reported in nancial statements:
• Bank and cash balances are overstated owing to ctitious receipts having been recorded in the nancial
records (which may also be related to ctitious sales).
• e non-recording of cash receipts or deposits where sales which were made for cash are not recorded
in the cash book as receipts (e.g. due to theft of the cash by the entity’s staff before it was banked),
resulting in a decrease in the bank and cash and possibly also the revenue gures.
REFLECTION
How does the presence of a high volume of cash sales in an entity affect the risk of fraud in terms
of revenue recognition?
Keep in mind that in a cash sales system, cash is received at the same time as when the goods are
delivered (think of a grocery store) or the service is rendered. Because the timing of revenue
recognition and recording of the cash receipt is the same, the risk of fraud resulting from the
manipulation of timing differences is reduced. However, there is a risk that cash is received from
customers, but that neither the receipt nor the revenue is recorded (in order to, for instance, evade
the entity’s income tax obligations).
6.4.1.3 Speci c fraudulent nancial reporting techniques
6.4.1.3.1 Revenue recognition

A risk exists that an entity may abuse the principles underlying revenue recognition and thereby falsely
overstate or understate its revenue (as explained under section 6.4.1.1). e following example, involving the
company Leisurenet Ltd, illustrates the possible consequences of an entity misapplying the revenue
recognition requirements:
CASE STUDY
A South African corporate collapse2
What if an entity were to immediately recognise the full revenue from the rendering of a service that
is worth say R9 600 per customer, but the service to the customer is provided over a period of two
years (24 x R400 per month)?
Ignoring the time value of money for this example, IFRS 15 requires that the R9 600 should not
be recognised as revenue in the accounting records immediately, even if the customer signed a two-
year contract on day one promising to pay R400 per month for a period of two years. As the entity
will incur expenses each month for as long as the contract is in operation, the recognition of the
revenue should be ‘spread’ over the period over which expenses will be incurred.
The practice of recognising revenue in advance, instead of deferring it, will signi cantly distort
the true nature of the entity’s ability to cover its future expenses. Should the full revenue from such
a long-term contract be recorded all at once (‘upfront’), the entity may be inclined to pay out the
revenue as dividends soon thereafter, leaving little to cover future expenses that the entity is
obliged to incur as it continues to render the service over the period of the contract.
The inappropriate recognition of revenue in advance contributed to one of the largest corporate
collapses in South African history. The case involved Leisurenet Ltd, a company that was listed on
the JSE. Leisurenet operated a chain of gyms and offered, among other things, long-term gym
memberships to customers. The company did not in all instances recognise revenue from
membership fees over the duration of the membership contracts, but instead did so upfront when a
contract was signed.
In 1999, Leisurenet’s revenue recognition policies included a statement reading as follows:
Revenue from long-term membership fees is spread over the period of the contract based on the
estimated usage of the facilities by members. A statistical analysis is performed so as to establish the
average percentages of users and non-users and the trends established are used in the calculation of
the income deferred.3
Deferring gym membership fees only for those members who regularly utilised Leisurenet’s gym
facilities and not also for the large percentage of members who did not regularly attend gym,
resulted in a distorted view of the actual nancial performance of Leisurenet. The distortion was
evidenced by the restatements to the nancial statements that were required when the company
implemented its new (‘correct’) accounting policy for revenue recognition. It came to light that much
of the revenue that was recorded for many years up to that point was in fact ctitious. As a result,
an annual pro t of R109,5 million turned into a loss of R46,8 million and shareholders’ funds of
R610 million were reduced to about R157 million.
The collapse and ultimate demise of the company nally happened in October 2000 when the
company was liquidated. This was followed by many years of litigation against the directors of
Leisurenet and even against the company’s auditor.
HOW? How does an understanding of the appropriate accounting treatment for revenue assist
an auditor?
The auditor will be able to identify and assess more comprehensively the risks relating to
material misstatements in the annual nancial statements, both in terms of errors and
fraud.
6.4.1.3.2 Boosting sales through round-trip deals

A round-trip deal is an arti cial sales transaction, usually initiated between related parties, where one party
sells goods or services to the other, only to purchase them back from the other immediately or soon
thereafter. Such round-trip dealing can occur for several transactions, perhaps even hundreds or thousands
of transactions, amounting to millions of rands. In this way, both parties’ sales increase considerably and,
although their expenses (purchases) increase proportionately, a false re ection of market share and sales
growth is portrayed when revenue is reported in the nancial statements.
6.4.1.3.3 Channel-stuffing business partners with excessive inventory to increase sales
Channel-stuffing is a technique used by some companies to increase their revenue by unethical means. In
channel-stuffing, a company forces its commercial customers (such as wholesalers) to purchase much more
of the company’s inventory than the customer would usually require. Bear in mind that some corporations
wield considerable bargaining power over their commercial customers (e.g. the corporation is the
customer’s major or sole supplier) and may be in a position to force the latter’s behaviour accordingly. By
channel-stuffing excess inventory off its records, sales are recorded as revenue (inventory has been sold),
even though the customers did not require the goods at that time. In effect, an illusion of increased sales
activity is created.
6.4.1.3.4 Kiting with bank transfers

Kiting with bank transfers is a fraudulent technique whereby an entity which has bank accounts with two or
more banks exploits the time it takes to clear (settle) bank transfers between different banks. Clearing of
transfers between banks does not take place instantly. erefore, should an entity use its online banking
system with Bank Y to request funds to be transferred into the bank account it holds with Bank Y from the
bank account it holds with Bank Z, the deposit will immediately be re ected in the entity’s bank account it
holds with Bank Y, but the withdrawal will only appear in the bank account held at Bank Z a few days later.
is delay provides the entity with an opportunity to inappropriately ‘double-count’ the transferred amount
in an entity’s nancial records as follows: e deposit in the entity’s bank account of Bank Y is recorded on
the day of the transfer, whilst the withdrawal from the bank account with Bank Z is not recorded until a few
days later (normally in the next nancial reporting period). An entity might therefore apply ‘kiting’ to
(fraudulently) overstate the bank and cash balance in its nancial statements and, by doing so, will convey a
more favourable net asset position. is practice of ‘kiting’ can also occur between entities in the same group
of companies (which hold bank accounts across different banks) in order to (fraudulently) ‘improve’ the
group’s apparent cash/net asset position. Note that kiting can also occur with cheque payments. Kiting poses
the greatest risk for fraudulent nancial reporting around the end of a nancial year.
EXAMPLE
Consider two entities A (Pty) Ltd and B (Pty) Ltd in the same group of companies utilising different
banks, but they each have the ability to request transfers from the other company’s bank accounts
using their online banking platforms. Before kiting was applied, the cash positions of the two
entities re ected the following:
A (Pty) Ltd bank balance at 31 December 20X1: R8 million
B (Pty) Ltd bank balance at 31 December 20X1: R3 million
Group’s total cash position: R11 million
Assuming a transfer request of R2 million was made by B (Pty) Ltd from the bank account of A (Pty)
Ltd and assuming the group engages in the practice of kiting, the cash position of the entities in
their respective general ledgers and the group’s net position will appear as follows:
A (Pty) Ltd bank balance at 31 December 20X1: R8 million (out ow of funds not yet recorded)
B (Pty) Ltd bank balance at 31 December 20X1: R5 million (in ow of funds has been recorded)
Group’s total cash position: R13 million (overstated by R2 million)
The recipient of the transfer, B (Pty) Ltd, records the R2 million received in its nancial records as a
deposit (as soon as the funds are requested) and this deposit will actually show on the bank
statement before year-end as such. The entity which has to settle the transfer, A (Pty) Ltd, however,
refrains from making any accounting entry relating to the disbursement until after year-end. In other
words, A (Pty) Ltd does not record an out ow, due to the funds still ‘appearing’ in its bank account.
Accordingly, A (Pty) Ltd abuses the time it takes for A (Pty) Ltd’s bank to process the transfer,
leading to a situation where both A (Pty) Ltd and B (Pty) Ltd account for the very same funds (i.e.
overall, the group double-counts for the funds).
To address the risk of kiting, auditors prepare transfer schedules whereby they list all the transfers that
occurred (usually close to year-end and shortly thereafter) in bank account 1 as well as those in bank
account 2. ey then reconcile the amounts to ensure that for every deposit recorded in the nancial records
prior to year-end, a corresponding disbursement has also been recorded in the same nancial period.

e following risks apply to the misappropriation of the entity’s assets relating to the revenue and receipts
cycle.
6.4.2.1 eft of cash

A common risk pertaining to the cycle is that of cash theft, considering that the cycle addresses the receipt of
cash from other parties. Typical risks include the following:
• Cash is misappropriated (stolen) by employees working for the entity on receipt of the cash from
customers.
• Cash is stolen from the premises of the entity while kept in custody (e.g. from the till or from a safe).
• Cash is stolen from the entity while the cash is on its way to the bank to be deposited.
• Cash is stolen from the entity’s bank account through electronic means (e.g. if a person should obtain the
access details of the entity’s online banking pro le and transfer funds out of the account).
6.4.2.2 Speci c misappropriation techniques
6.4.2.2.1 Lapping (rolling of cash)

Lapping occurs where a cashier takes cash paid by one of the entity’s debtors, and covers up the shortfall
using a subsequent debtor’s cash or cheque receipt. Also called cash rolling, lapping is a higher risk in
companies where:
• Cash and cheques are received from debtors;
• ere is weak segregation of duties and especially where cashiers also record transactions to the debtors
ledger and handle queries from debtors;
• ere is a lack of supervisory or review controls.
EXAMPLE
Debtor A pays the cashier R1 000 to settle his account. The cashier misappropriates the money by
taking it without the debtor knowing. Even though a receipt might have been issued to the debtor,
the money is not banked. The cash-up results for the day would appear as follows:
Total cash received (per receipt issued): R1 000
Total cash banked: R0
Shortfall: R1 000 (cash misappropriated by cashier)
If the cashier does not engage in cash lapping by rolling the misappropriated funds, Debtor A will
become suspicious at the end of the month (on receiving a debtors statement) when his or her
balance still shows an outstanding amount of R1 000. (Note: The receipt would not have been
recorded to the debtors account/cash book, as no money was deposited in the bank in order to justify
the recording thereof.) In order to avoid scrutiny from Debtor A, the cashier will have to apply a
subsequent debtor’s cash/cheque receipt (e.g. Debtor B’s) or part thereof (i.e. at least R1 000) to
Debtor A’s outstanding account balance in order to make it appear as if the money had been
received from Debtor A:
Total cash received (receipt): R2 000 (received from Debtor B)
Total cash banked: R2 000 (of which R 1 000 is allocated to Debtor A’s account and R1 000 is
allocated to Debtor’s B account)
Shortfall: R0 (the original shortfall of R1 000 is being lapped)
On the last day of the month, by which time Debtor C’s money might be lapped to make up for the
shortfall in Debtor B’s account, it is practical for the cashier simply to tell Debtor C (on enquiry and
if the cashier handles debtor queries) that the reason for Debtor C’s statement showing a balance
of R1 000 (instead of R0) is due to ‘an error on the part of the entity, which will be corrected by the
next statement date’ (or some similar excuse). The theft of the original R1 000 cash, however, has
been concealed using lapping. Note that Debtor C’s account will show R1 000 as outstanding at the
end of the month despite Debtor C having paid, because an amount of R1 000 from Debtor A was
misappropriated by the cashier and subsequently lapped.
A system of lapping can continue into perpetuity if not detected by management. Besides being
caught out, the perpetrator involved can also end the lapping by returning the shortfall from his or
her ‘personal’ funds before debtors or management become suspicious. This will restore all
balances to the correct amounts. A lapping ‘system’ can become highly complex and dif cult to
detect. For this reason, it is imperative that cashiers should:
• Not deal with the bookkeeping function (they should especially not be allowed to post credit
adjustments to debtors’ accounts, otherwise they might easily conceal theft);
• Not handle debtor queries/complaints; and
• Be compelled to go on leave for extended periods of time during which lapping systems may
become exposed if the cashier is not present to cover-up and manage his or her system of cash
lapping.
6.4.2.2.2 Dishonoured cheques (applies only to cheque payments)

A dishonoured or bounced cheque occurs where a customer pays for a cash sale by cheque, but does not
have sufficient funds in his or her bank account to honour the cheque. When the entity that received the
cheque banks it, the entity may soon nd that the bank cannot transfer the funds from the drawer’s bank
account, resulting in the cheque being dishonoured. It might not be easy (or even possible) to get hold of the
customer to demand repayment, resulting in a nancial loss for the entity.
6.4.2.2.3 Fictitious deposits (EFTs and direct deposits only)

When a customer makes an EFT or a direct deposit into an entity’s bank account, the bank’s system
generates an electronic proof of payment document for the customer, which the customer can submit to the
entity as proof of having made the deposit. However, these documents are easily manipulated and forged. A
common act of fraud present in systems where EFTs and direct deposits occur consists of such a ‘customer’
buying goods from an entity and supplying the entity with a forged proof of payment document in return.
e fake proof of payment appears to show that money has been deposited in the entity’s bank account in
exchange for the goods, but no deposit was in actual fact made. Should the entity simply accept the proof of
payment, incorrectly believing that the money has been deposited into its bank account and without
con rming whether a deposit has indeed been cleared by its bank, nancial losses may result if the goods
cannot be recovered. Losses may be incurred in the same way where services are rendered based on a fake
proof of payment.
A variation on the above act of fraud involves the fraudster informing the entity that he or she (the
fraudster) has accidentally deposited an amount into the entity’s bank account that was intended for a
different recipient. e fraudster may make up an elaborate excuse as to why it is urgent that the entity repay
the funds as soon as possible, for example needing the money to pay employees their weekly wages. Should
the entity accept the claim in good faith without ensuring that a deposit has indeed been credited to its bank
account and cleared by the bank (it may take several days for a deposit to clear), the entity may suffer
nancial loss as a result.
Such naïve acceptance of a proof of payment or claim of deposit may lead to sizeable nancial losses for
an entity, as banks do not necessarily compensate their banking customers if it is found that the customer
was negligent. It is therefore in the best interests of an entity to ensure deposits have been cleared by its own
bank before acting on any requests to repay a deposit.
6.4.2.2.4 Phishing scams (EFT systems only)

In order to gain access to its online banking account (pro le), an entity’s staff member responsible for online
banking is required (by the bank’s online system) to furnish a username and password rst (some banks’
websites may require an additional pin). e staff member may, if he or she is not careful, however, fall
victim to a ‘phishing scam’.
In a phishing scam, a fraudster sends an email or SMS to the staff member which purports to have been
sent from the entity’s banker. e email may even contain the bank’s logo (falsely included). In the email the
fraudster would use trickery to convince the staff member to send his or her online banking username and
password via email (back to the fraudster). Reasons given by the fraudster could, for example, be ‘security
purposes’ or ‘account veri cation’. e fraudster may go to great lengths to convince the staff member to
provide this information – including threatening the staff member that he or she will ‘forever lose all access
to the entity’s online bank account’ or will ‘lose funds from the account’ if the information is not provided
urgently. Should the staff member submit these details, the fraudster is likely to log onto the entity’s bank
account and steal funds. It should be noted that banks would never ask for a customer’s online banking
username or password – even in so-called ‘special circumstances’ or ‘emergencies’.

Various computer technologies may be applied in the revenue and receipts cycle. Some examples of such
technologies follow.
6.5.1 Point-of-sale systems and barcode scanning

A point-of-sale (POS) system (also referred to as a checkout system) typically consists of an electronic cash
register (either a till or a computer, or a till connected to a computer), a barcode scanner connected to the
cash register and a software application loaded on the till/computer.
Many shops (such as supermarkets) use POS systems with barcode scanning functionality. A cashier
scans the barcode of a customer’s selected items at the till with either a handheld or a xed barcode
scanning device. e till is linked to the price list master le in the store’s computer system in order to
display the price of the product on the till screen. e scanner is also linked to the inventory master le in
order to display the product’s description. In this way, a receipt with the product’s price and description can
be printed for the customer, and the transaction recorded in the correct amount.
Fraud involving revenue suppression software

The tax authorities frequently rely on the tax-compliant nature of software used by businesses to
record revenue transactions. Revenue suppression software is a specialised computer application
used by unscrupulous businesses to evade taxes. A company will collude with the developer of a
software application to code the software in such a way that the application does not record all
transactions (or only part thereof) that pass through the computer system, leading to a reduced
taxable income for the company.
6.5.2 Electronic funds transfer

An EFT transaction involves the transfer of money from one bank account to another by means of a
computer and a network linking those computers (such as a wide area network or the internet) (refer to
Chapter 5 for details). Some customers will pay an entity by means of an EFT and not physically in cash. e
entity might request that the customer email or fax the entity a proof of payment slip or printout after the EFT
has been made.
6.5.3 Online sales (internet-based)
Some entities sell their goods via the internet. A customer can visit the entity’s website and select the
products he or she wishes to purchase. e customer is asked to enter his or her credit card particulars on a
secure web page, after which the customer’s bank will pay the consideration over to the entity’s bank. is
web-based sales system of the entity is linked to its inventory and price list master les. An internal sales
order and picking slip is automatically generated by the sales system for the entity to process the sale and to
pick the goods from its warehouse and to despatch them to the customer.

An entity faces various risks in virtually all of its nancial operations, some more signi cant than others. is
also applies to the entity’s revenue and receipts cycle. Should an entity not be able to avoid these risks, the
revenue and receipts transactions recorded in its accounting records might be invalid, inaccurate or
incomplete, leading to eventual misstatements in its nancial statements.
Accordingly, management implements application controls (refer to Chapter 5, section 5.9) to ensure
that revenue and receipt transactions (including any adjustments) are valid, and are completely and
accurately recorded and processed.
6.6.1.1 e aim of the control objectives in the cycle

Validity, accuracy and completeness of revenue and receipt information comprise the control objectives
that management aims to achieve to address the major risks present in the cycle.
To ensure that revenue transactions are valid, they should be genuine (i.e. the sale of goods/rendering of a
service did happen and relates to a transaction between the entity and a willing, creditworthy customer).
Furthermore, any required authorisation for the transaction should have been granted by the entity’s
management. e transactions in the cycle should also have been recorded in the nancial period to which
they pertain. Lastly, the transactions should be supported by sufficient documentation.
Similarly, with the validity control objective, management aims to ensure that revenue adjustments (such
as those relating to credit notes for the return of goods) and receipt transactions are genuine and that the
requisite authorisation for the transactions has been obtained. ey would further aim to ensure that
revenue adjustments and receipts are recorded in the correct accounting period (i.e. the period to which
they pertain) and that sufficient supporting documentation exists for the transactions.
To ensure that revenue transactions are accurate, a transaction should be recorded at the appropriate
amount. e amount on the sales invoice should therefore have been calculated correctly (e.g. in terms of
the correct quantity and unit price for a particular item) and the price should be in terms of the authorised
price list of the entity. ey should also be correctly classi ed as sales transactions in terms of the entity’s
chart of accounts and correctly summarised and posted to the accounting records.
In the same way, any revenue adjustments should be accurately calculated and recorded correctly in the
nancial records. Receipt transactions should also be recorded correctly in terms of the amount of cash that
was actually received from a customer.
To ensure that revenue transactions are complete, all revenue transactions (including applicable
adjustments to revenue) that took place in a given period should have been recorded in the accounting
records and this recording should be done in a timely manner. In other words, no authorised revenue
transaction that occurred should be omitted from the entity’s accounting records.
6.6.1.2 Consequences if the control objectives in the cycle are not achieved
Table 6.2 summarises the consequences if the control objectives for revenue (sales/services transactions) are
not achieved.
Table 6.2: Consequences if control objectives are not achieved for revenue (sales/services) transactions
CONSEQUENCE IF CONTROL OBJECTIVE IS NOT

CONTROL OBJECTIVE
ACHIEVED
Validity Overstatement of revenue and/or debtor accounts
Accuracy Over or understatement of revenue and/or debtor

accounts
Completeness Understatement of revenue and/or debtor

accounts
Example: If ctitious sales transactions are recorded in the nancial records, the control objective of validity,
which should have prevented such transactions from being recorded, would not have been achieved.
Revenue would thus be overstated in the Statement of Comprehensive Income.
Table 6.3 summarises the consequences if the control objectives for revenue adjustment (e.g. sales
returns) transactions are not achieved.
Table 6.3: Consequences if control objectives are not achieved for revenue adjustment (e.g. sales
returns) transactions

CONTROL OBJECTIVE
ACHIEVED
Validity Understatement of revenue and/or debtor

accounts
Accuracy Over or understatement of revenue and/or debtor

accounts
Completeness Overstatement of revenue and/or debtor accounts
Example: If all transactions relating to sales returns are not included in the nancial records, the control
objective of completeness of nancial information would not have been achieved. is would lead to an
overstatement of revenue, since sales returns would decrease sales in the Statement of Comprehensive
Income.
Table 6.4 summarises the consequences if the control objectives for cash receipt transactions from
debtors (as opposed to those relating to cash sales) are not achieved.
Table 6.4: Consequences if control objectives are not achieved for cash receipt transactions from
debtors (as opposed to those relating to cash sales)

CONTROL OBJECTIVE
ACHIEVED
Validity Overstatement of the bank account and

understatement of debtor accounts
Accuracy Over or understatement of the bank account and

under or overstatement of debtor accounts
Completeness Understatement of the bank account and

overstatement of debtor accounts
Example: If a receipt transaction is recorded in the nancial records which did not in fact take place (i.e. the
validity control objective was not achieved), the receipts recorded in the cash book would be overstated, and
therefore also the bank account in the general ledger. Should the transaction have been (evidently) received
from a debtor, the debtors balance would be understated, as the debtor’s account would have been
wrongfully credited with a receipt.

e control objectives in the cycle are achieved through the proper implementation and operation of an
information system, including an accounting system and related internal controls, in an entity. Note that the
control objectives can either be achieved manually (a person performs the internal control) or by automated
means (a computer performs the control).
e following examples serve to illustrate in broad terms several ways in which the control objectives can
be achieved in the cycle. Note that these examples are not a re ection of the detailed control activities
required to achieve the control objectives.
Validity of revenue and receipts:

• Selling only to those credit customers who have been approved, are creditworthy and can pay their debt
in the near future;
• Sales orders being approved, by either manual or automated means;
• Picking of goods from the warehouse based on an authorised sales order only;
• Obtaining a customer’s signature (customer acknowledgement) of the sales transaction on delivery of
goods or rendering of services. e customer acknowledgement serves as an indication that a sales
transaction has taken place and that a sale can therefore be recorded in the accounting records;
• Recording revenue transactions in the accounting records that relate to actual sales (i.e. transactions that
are not ctitious) that are supported by genuine supporting documentation; and
• Recording receipts that relate to genuine cash transactions where cash was actually received and was
received from a customer who transacted with the entity.
Accuracy of revenue and receipts:

• Recording correct quantities on supporting documentation (such as on the internal sales order, delivery
note and invoice);
• Recording correct amounts on supporting documentation (such as on the invoice and receipt);
• Ensuring the mathematical correctness of calculations for quantities as well as sales, receipt and tax
amounts on supporting documentation and in the accounting records;
• Performing regular reconciliations between the debtors ledger and the general ledger control account;
and
• Performing regular reconciliations between the balance in the cash book and the balance according to
the bank statement.
Completeness of revenue and receipts:

• Ensuring that for every delivery note, there is a corresponding sales invoice recorded in the accounting
records;
• Ensuring that there are no gaps in the sequential numbering (recording) of sales invoices or receipts in
the accounting records;
• Depositing all cash receipts from customers in the entity’s bank account and recording them in the cash
book; and
• Performing reconciliations as noted under accuracy above.
Details of control objectives and controls in the cycle appear in section 6.7 of this chapter.
6.6.3 Link between the control objectives in the cycle and
management’s assertions
Transactions that are not valid, accurate and complete (caused by the control objectives not having been
achieved) will result in revenue and receipts (and related account balances) being misstated in the
accounting records, which will in turn result in the nancial statements being misstated.
e process of recording a transaction in the nancial records and thus for it to be included in the
nancial statements, is as follows:
During a transaction’s ow through an entity’s information system, it will be subject to numerous internal
controls that help ensure that the control objectives are achieved. e transaction will only reach its end
point appropriately if it ends up in the nancial statements in a manner that achieves the control objectives.
us, if management wishes to ensure proper nancial recording (and fairly presented nancial statements),
they need to implement and maintain a proper information system, including an accounting system and
related internal controls. In this way, the control objectives contribute to the appropriateness of the
assertions made by management in the nancial statements and will indirectly result in the latter being free
from material misstatement.
CYCLE CASE STUDY
Application of the assertions to Ntsimbi Piping

The following assertions are made by the management of Ntsimbi Piping, either implicitly or explicitly,
as communicated to users of the nancial statements.
Account balances and related disclosures

Refer to the Statement of Financial Position in the nancial statements of Ntsimbi Piping (page 7).
Note the line item ‘Trade and other receivables’ with a balance of R17,241,701. Also refer to the
Notes to the Annual Financial Statements of Ntsimbi Piping – speci cally note 5 (Trade and other
receivables) (page 17).
• In relation to existence, trade debtors and other receivables making up the balance exist (i.e.
the underlying assets are not ctitious).
• In relation to rights, Ntsimbi Piping is the entity that holds or controls the underlying assets
making up the balance (rights). The assets do not belong to another entity.
• In relation to accuracy, valuation and allocation, the balance of R17,241,701 is considered an
appropriate amount as the balance re ects the appropriate value of the underlying amounts
receivable in the future. Further, any adjustments as to the value or allocation of the underlying
assets have been recorded appropriately, and the related disclosures have been appropriately
measured and described.
• In relation to completeness, all assets deemed trade and other receivables and which are
assets of Ntsimbi Piping, have been recognised as such in the nancial statements
(notwithstanding the measurement thereof, which is dealt with separately under the accuracy,
valuation and allocation assertion). In addition, all disclosures relating to ‘Trade and other
receivables’ that should have been made in the notes to the nancial statements, have been
made.
• In relation to classi cation, the amounts making up the balance of R17,241,701 have been
recorded in the proper accounts constituting ‘Trade and other receivables’.
In relation to presentation, trade debtors and other receivables have been appropriately
• aggregated/disaggregated and are clearly described in the nancial statements, while the
disclosures pertaining to the account balance have been made in a relevant and understandable
manner. For instance, no debtors with credit balances have been included in trade receivables,
and vague descriptions (such as ‘provisions’ without indicating what they are for) have been
avoided.
Transactions and events and related disclosures

Refer to the Statement of Comprehensive Income in the nancial statements of Ntsimbi Piping (page
8). Note the item ‘Revenue’ in the amount of R128,320,126. Also note from note 13 to the Annual
Financial Statements of Ntsimbi Piping (Revenue) (page 19) that this item consists entirely of the sale
of goods.
• In relation to the occurrence assertion, sales transactions amounting to R128,320,126 did in
fact take place (they occurred and are not ctitious) and also pertain to Ntsimbi Piping.
• In relation to accuracy, the sales transactions making up the total have been recorded in the
correct amounts (e.g. in terms of the correct item quantities delivered to customers and prices
agreed with (or proposed to) customers). Moreover, the related disclosures in the nancial
statements have been appropriately measured and described.
• In relation to completeness, all sales transactions that took place during the nancial year and
which pertain to Ntsimbi Piping have been recorded and included under ’Revenue’. Moreover, all
related disclosures regarding ‘Revenue’ that should have been included in the nancial
statements have been included.
• In relation to cut-off, all the sales included in ‘Revenue’ relate to transactions that took place
within the nancial year (i.e. the transactions concerned relate only to deliveries of goods to
customers between the rst and last day of the nancial year (inclusive of both days)).
• In relation to classi cation, all transactions constituting the total of R128,320,126 are
appropriately classi ed as sales and do not relate to, for instance, interest income.
• In relation to the presentation assertion, revenue has been appropriately
aggregated/disaggregated and clearly described, while the related disclosures pertaining to
revenue have been made in a relevant and understandable manner.
e assertions for revenue (including sales adjustments) and accounts receivable are linked to the control
objectives in the cycle as shown in Table 6.5.
Table 6.5: Assertions for revenue and accounts receivable
MANAGEMENT ASSERTIONS
Classes of transactions and events and Account balances and related

CONTROL OBJECTIVE related disclosures disclosures
Revenue (including sales returns) Accounts receivable
(Assertions are indicated in bold) (Assertions are indicated in
bold)

bold)
Validity Occurrence and Cut-off Existence and Rights
A control achieving the validity Sales transactions that were
objective for a sales transaction authorised, actually took
will ensure that the recorded place and pertaining to the
transaction was authorised, entity will result in the raising
actually took place and pertains to of a debtor balance that is
the entity (occurrence) and will approved, genuine and is
further ensure that it has been rightfully the asset of the
recorded in the nancial period to entity (existence and rights).
which the transaction relates (cut-
off).
Accuracy Accuracy and Classi cation Accuracy, valuation and

allocation and Classi cation
A control achieving the accuracy
objective for a sales transaction If a sales transaction making
will ensure that the transaction is up a debtor’s balance can be
recorded at the correct amount, con rmed for the accuracy
including quantities, prices and assertion, the gross amount
correct calculations (accuracy). It of the asset will be
will further ensure the transaction appropriate. Furthermore,
has been correctly classi ed and any transaction resulting in a
posted to the correct account in valuation or allocation
the nancial records in adjustment to the gross
accordance with its nature amount will be appropriate if
(classi cation). the adjustment can be
con rmed for accuracy (e.g.
adjustments pertaining to
impairments/allowances for
credit losses or debt write-
offs). Controls achieving
accuracy will also ensure the
asset is appropriately
classi ed.

bold)
Completeness Completeness Completeness
A control achieving the Should all sales transactions
completeness objective for a that took place with debtors
sales transaction will ensure that be recorded, all accounts
all transactions that took place receivable that should be
during the nancial period being created would be recorded
considered are recorded as a result (completeness)
(completeness). and the asset balance would
be complete in terms of the
underlying sales transactions
(completeness).
Note: Controls that achieve the control objectives of validity, accuracy and completeness collectively contribute
to management being able to properly present both classes of transactions and events and the related
disclosures, and account balances and the related disclosures in the nancial statements. Consequently, the
Presentation assertion is not included explicitly in Table 6.5 above.
e assertions for cash receipts are linked to the control objectives in the cycle as shown in Table 6.6.
Table 6.6: Assertions for cash receipts
CONTROL OBJECTIVE Classes of transactions and events and related disclosures

Receipts (recorded in the cash book)
(Assertions are indicated in bold)
Validity Occurrence and Cut-off
A control achieving the validity objective for a receipt transaction will
ensure that the receipt pertains to the entity and actually took place
(occurrence) and will further ensure that it has been recorded in the
nancial period to which the payment relates (cut-off).
Accuracy Accuracy and Classi cation

A control achieving the accuracy objective for a receipt transaction will
ensure that the receipt is recorded at the correct amount (accuracy). It
will further ensure the receipt has been correctly classi ed,
summarised and posted to the correct account in the nancial records
in accordance with its nature (classi cation).
CONTROL OBJECTIVE Classes of transactions and events and related disclosures

Receipts (recorded in the cash book)
(Assertions are indicated in bold)
Completeness Completeness and Cut-off

A control achieving the completeness objective for a receipt transaction
will ensure that all receipts during the nancial period are recorded as
such (completeness) in a timely manner (cut-off).

computerised)?
In order to address the risks of an entity not achieving the control objectives of validity, accuracy and
completeness in the revenue and receipts cycle, proper control activities have to be implemented over the
ow of information through the entity’s information system. Examples of the major control activities speci c
to the revenue and receipts cycle, established either manually (by people) or programmatically (by a
computer system) depending on the circumstances involved, are summarised below.
6.7.1.1 Documentation and records

All the documentation relating to the cycle should be:
• Properly designed;
• Placed under proper stationery control; and
• Used in conjunction with a proper chart of accounts for transactions related to the purchases and
payments cycle.
Refer to Chapter 4, section 4.3.2.4 for details of the above-mentioned types of controls.
6.7.1.2 Authorisation or approval

Authorisation or approval is required each time before:
• A customer is awarded the right to purchase on credit from the entity, including the awarding or increase
of a credit limit for the customer;
• A sales order is processed (for sales to credit customers);
• A credit adjustment is made to a customer’s account, such as for a sales return; and
• Authorisation and approval can be made either manually (written) or electronically (computer-based).

e following activities should be performed by different staff or departments in the cycle:
• Initiation of a transaction;
• Execution of the transaction;
• Approval of the transaction;
• Custody of the asset underlying the transaction; and
• Recording of the transaction.
Typical duties that should be segregated and performed by different persons in the revenue and receipts
cycle include those shown in Figure 6.4 below. Each block represents an activity performed by a person and
should be segregated from the functions performed in any other block. In this table, blocks are grouped
together in terms of the functional areas.
Figure 6.4: Overview of segregation of duties in the revenue and receipts cycle
6.7.1.4 Access controls

Assets in the cycle include inventory and cash. Access controls to protect against misappropriation of assets
(or damage to goods) should apply whenever:
• e entity picks goods for despatch from the warehouse and despatches the goods to a customer;
• Goods are returned from customers; and
• Cash is received from a customer and kept secure until banked.
6.7.1.5 Independent checks and reconciliations

Examples of veri cation checks (the checking of work initially performed by someone else) in the revenue
and receipts cycle include:
• Checking the quantities and descriptions of goods on sales orders and on picking slips for accuracy and
completeness;
• Checking physical goods being despatched to customers to supporting documentation;
• Checking the sequential number order of supporting documentation (e.g. delivery notes) to determine
whether all transactions (e.g. sales) have been recorded; and
• Matching of source documents with each other, such as an invoice and a delivery note.
• e cycle includes the performance of the following reconciliations:
• Between the total of the debtors balance per the debtors ledger and the balance on the debtors control
account in the general ledger (debtors reconciliation) (refer to section 6.3.5); and
• Between the balance per the cash book and the balance per the bank statement (bank reconciliation).
Reconciliations are usually performed by a clerk and must be reviewed by a senior staff member. In the event
that the person who is responsible for recording transactions in the accounting records also performs a
reconciliation on recorded information (typically of smaller entities), strong and thorough review controls
should be in place over the reconciliation.

e following tables include the most common activities and related internal controls for the revenue and
receipts cycle to address the risks associated with each activity.
e control tables clearly demonstrate the link between what could go wrong/risks, control objectives,
assertions and internal controls (both manual and computerised) that were discussed in section 4.4 of
Chapter 4. is link is demonstrated by means of a numbering system.
Have a look at the control table on the next page. You will notice that each ‘what could go wrong/risk’ is
related to a control objective in the column to its right. e control objective is numbered (e.g. ‘A’). e
assertion(s) affected by the ‘what could go wrong/risk’ (and impacted by the related control objective) is
indicated in the next column. In the next two columns you will nd the control(s) that address the control
objective (linked to the control objective by means of a letter (e.g. ‘A’)). (It follows that these controls then
address the related ‘what could go wrong/risk’.) e additional numbering that you will see in the controls
columns (e.g. ‘1.1’) relates each control to the activity where it belongs.
Note that the controls in a manual system are described in full, whereas only controls additional to those
controls in a manual system and alternative controls to those in a manual system that are required in a
computerised environment are included in the right-hand column. erefore, to form a complete picture of
all controls in a computerised environment, the columns headed ‘Manual controls’ and ‘Alternative and
additional controls in a computerised environment’ should be read together.
e difference between internal controls with nancial reporting objectives and those with operational
objectives were discussed in section 4.4.3.2 of Chapter 4. Note that where a control is indicated in the control
tables as being ‘operational’, the risk underlying the control would not have any accounting implications (i.e.
no effect on the assertions in the nancial statements). However, where a nancial control is indicated (i.e.
the related control objective is validity, accuracy or completeness), an assertion would be affected by the
underlying risk.
e tables that follow are for a manufacturing entity producing goods and selling to customers on credit.
Any reference to ‘warehouse’ involves the nished goods warehouse. e entity delivers the goods using its
own staff (i.e. it does not use an external courier). e speci c activities performed, and hence the internal
controls, will vary from entity to entity, but the overall control objectives remain the same for all entities.
Furthermore, controls similar to those that apply to sales apply to services rendered to clients.
Table 6.7: Credit management
1 CREDIT MANAGEMENT
| CREDIT DEPARTMENT |
Activity Responsible Documents What could go Control objective Account/ Manual c

party and records; wrong/risks assertion
master les affected
Allowance for credit losses and bad debt write-offs
1.1 New Credit Credit New A New Accuracy, 1.1A Cus

customers controller application customers customers are valuation and complete
wishing to order Data form who are not creditworthy allocation of applicati
entity’s goods capture Master le creditworthy and would trade debtors submits
apply for credit. clerk amendment (i.e. who therefore be referenc
Financial form cannot pay able to settle Credit co
accountant/ Log of their incurred the debts they
performs
master le debt in the incur. (Validity) backgrou
Financial
amendments future) are
manager on custo
accepted referenc
Debtors
and provided
ledger con rms
with credit. status w
(referred to
as a debtors bureaus
master le in
1 CREDIT MANAGEMENT
a Credit co
computerised a credit
system). amount
custome
and reco
credit ap
form.
Debtors
reviewed
accounta
manager
basis fo
debtors
to applic
1 CREDIT MANAGEMENT
1.2 The Existing B Existing Accuracy, 1.2B Cre

creditworthiness customers customers are valuation and controlle
of existing fail to pay retained only if allocation of follow-up
customers their debt, they remain trade debtors checks a
changes over leading to creditworthy. existing
time. uncollectable (Validity) con rm t
debt and continuin
nancial creditwo
losses for reviews
the company. analysis
long-outs
balances
indicate
risk of n
1.3 Customers Unauthorised C Changes to Accuracy, 1.3C All

request changes to credit limits valuation and changes
changes to their credit limits are authorised. allocation of limits or
credit limits. are made to (Validity) trade debtors particula
debtors’ approved
records/the controlle
debtors performi
master le. similar t
above.
1.4 Credit Debtors Company D All cash that N/A: 1.4D Cre
Management controller master le fails to can be Assuming the controlle
evaluates the Financial (debtors collect received from debts were recomme
collectability of accountant/ ledger) outstanding defaulting written off, nancial
1 CREDIT MANAGEMENT
outstanding Financial Debtors age debt from debtors is then no accounta
debt (some may manager analysis defaulting collected. further for appro
require inclusion (compiled or debtors as (Operational accounting overdue
in an allowance generated collection control) implications collected
for credit from debtors procedures (assertions submits
losses). ledger) not followed therefore not debtors
Credit controller General promptly. affected). or credit
attempts to journal agency i
collect overdue manner.
amounts from
debtors who
have not settled
their
outstanding
accounts
timeously.
Allowance for E Allowance for Accuracy, 1.4E Reg

credit losses credit losses valuation and monitori
is misstated. (impairment allocation of ageing o
adjustment) is trade outstand
reasonable in debtors. balances
terms of the and follo
requirements debtors
of the nancial non-paym
reporting which an
standards and should b
correctly Financia
calculated.
approves
(Accuracy) created
account
policies
policies.
1 CREDIT MANAGEMENT
| CREDIT
1.5 DebtorDEPARTMENT
| Unauthorised F All bad debts Completeness 1.5F Bad
balances bad debts written off are of trade offs are
become that are in authorised by debtors. recomme
uncollectable fact senior Occurrence of credit co
(bad debts to be collectable, management bad debts submitte
written off). are written in terms of written off. managem
off from company supporti
customer policy. (Validity) documen
accounts. decision
to write
debts.
Debts that G All debts Accuracy, 1.5G Reg

have become that should be valuation and monitori
uncollectable written off, are allocation of ageing o
are not written off. trade outstand
written off. (Completeness) debtors. balances
Completeness and follo
of bad debts debtors
written off. be writte
Table 6.8: Receiving orders from customers
2 RECEIVING ORDERS FROM CUSTOMERS

| SALES DEPARTMENT |
Activity Responsible Documents and What could go Control Account/ Manual contro
party records; master wrong/risks objective assertion
les affected
2.1 An Sales order Customer order Order is A All orders N/A: 2.1A A prepr
order for clerk Internal sales received from accepted are Operational sequentially
goods is customer, but processed measure internal sale
Manual order (ISO)
received system not acted on timeously. without (ISO) on whic
from a Picking slip (or not acted (Operational accounting details of cu
only:
customer. Supervisory on control) implications: order are rec
timeously), Should an order made out by
staff
member in leading to not lead to a order clerk.
lost sales or sale, it would
sales order When goods
department unfavourable be picked in wa
inappropriate to
warehouse s
customer record a a copy of the
relations. transaction in slip to the sa
the nancial department
records. 4.1) for matc
the ISO. This
indicate that
customer ord
been proces
despatch.
ISO le is ch
supervisor in
order depart
Long-outstan
orders (i.e. I
without a ma
picking slip),
followed up w
warehouse a
reason for de
picking;
Sequential n
to ensure all
accounted fo
are obtained
cancelled IS
sequence if
unclear or un
2 RECEIVING
ORDERS FROM
Backorder note Order is
CUSTOMERS B Items and N/A: 2.1B Sales o
| SALES DEPARTMENT | Inventory accepted quantities Operational requests wa
without there ordered are measure perform inve
listing/Inventory
being in stock, or without availability a
master le
suf cient are promptly accounting check, or co
inventory in put on implications. inventory list
stock to backorder if Accuracy of which clerk h
despatch to not available, revenue: The access.
customer, which will undercharging If items are
leading to thus not of customers stock, clerk
delays in unnecessarily would lead to with custome
delivery and delay the an goods can b
possible processing of understatement backorder an
negative the in revenue if a backorder
customer customer’s error not customer ag
relations. order. detected before
nal invoicing. (Note: Copy o
backorder no
(Operational to buying dep

control) for purchase
from supplier
Regular follo
outstanding
notes by sale
department
department/
until the goo
been receive
Sales order c
informs custo
goods are rec
ready for des
Customer quote Product C Sales To the extent 2.1C Before

Authorised price prices amounts of that the processed fu
included on products on customer is checked b
list/Pricelist
master le ISO are not ISO are those realises it, supervisory
those agreed quoted to overcharging member in s
with customers would lead to department
customer and are overstatement that authoris
(e.g. quoted) authorised in of revenue until have been se
and approved terms of such time as from the ma
by management the customer approved pri
management, approved complains and
If ISO is bas
leading to prices. the error is quote made
customers (Accuracy) corrected. This
customer, th
being may fall over a are as per q
undercharged nancial year-
terms of ma
and a end (Note: If approved pri
resulting overcharging is
nancial loss corrected prior For telephon
(assuming to year-end on preceding co
error is not the basis of the above in
detected customer clerk reading
before complaints, the details on th
invoicing), or overcharging of the custome
overcharged, customers concluding th
resulting in would ensure all de
incorrect constitute an as per custo
accounting operational request.
records until issue affecting
such time as customer
the customer relations and
complains not the
and the error accounting
is corrected amounts).
(assuming
error is not
detected
before
invoicing).
Table 6.9: Authorisation of sales orders
3 AUTHORISATION OF SALES ORDERS

| CREDIT AND SALES ORDER DEPARTMENT |
Activity Responsible Documents What could go Control Account/ Manual

party and wrong/risks objective assertion controls
records; affected
master
les
3.1 Approval of Sales order Customer Order is A All orders Accuracy, 3.1A Order
customer: clerk order accepted received are valuation clerk accepts
from a non- from and order only
A Credit Debtors
person/business controller master approved approved allocation of from a
customer, customers trade customer who
places a sales (authorisation le
order with the and approval) (Debtors leading to only. debtors. is able to
possible (Validity) provide an
entity. ledger) Existence of
uncollectable trade account
debt in number and
debtors.
future and who is on the
nancial authorised
losses for customer list
entity.
If the
customer is
not on the
customer list
the customer
is referred to
the credit
controller to
commence
credit
application
process (see
activity 1.1).
Sales order
clerk
requests
customer to
provide
pertinent
details (such
as ID number
address,
contact
details etc.)
to con rm
customer is
genuine (i.e.
the person
requesting
the order is
the actual
customer
associated
with the
customer
number).
Management
to review
debtors
ledger for
evidence of
possible
ctitious
debtor
accounts as
sales order
clerk is not
allowed to
create
accounts.
3.2 Approval of Sales order Internal An order is B Credit Accuracy, 3.2B All ISOs
sales clerk sales accepted sales are valuation are submitted
transaction: Credit order from an only made and to the credit
(ISO) approved to debtors allocation of controller for
A sales order is controller
received from an (authorisation Debtors customer who are trade approval (with
who will creditworthy, debtors attached
approved and approval) master
customer. le exceed his i.e. who will picking slip –
(Computerised credit limit still be refer to 3.3C
system: (debtors
ledger) should the within their below). Order
programmatic sale be credit limits only approved
authorisation accepted, after the (by the credit
of sale in which may sale is controller
terms of pre- give rise to accepted. signing the
authorised irrecoverable (Validity) ISO) if the
credit limit set debts. customer is
by credit still within his
controller.) or her credit
limit, with
reference to
the
preapproved
credit limit on
the
authorised
customer list
(list compiled
from debtors
ledger).
Only credit
controller is
allowed to
increase
credit limit of
customer (i.e
override the
limit) should
order exceed
credit limit,
and after
investigating
the client’s
current
nancial
position.
3.3 Instruction Sales order Picking Unauthorised C Only valid Accuracy, 3.3C Picking
to pick (select) clerk slip pickings picking slips valuation slips are pre-
goods from slips are are created and printed and
Credit
warehouse is controller or created, based on allocation of cross-
created. leading to approved trade referenced to
second
administrative goods being ISOs. debtors. the
removed (Validity) corresponding
clerk
from the ISO and
warehouse attached to
for despatch the ISO for
to a submission
customer for approval
who signs for of order as
the goods per 3.2B
(takes above.
custody
thereof) but
who will not
be able to
settle his or
her debt.
Picking slip D Picking N/A: 3.3D Second

details (e.g. too few Operational staff member
item code, items for measure in sales order
quantity) are delivery may without department
incorrect (i.e. negatively accounting (or approver
the risk affect implications. as per 3.2B
exists that customer Revenue is above)
details on relations, not affected checks
picking slip whereas as a sale will accuracy of
do not agree picking too be recorded item codes
with the many items based on and
authorised may result actual quantities on
details on in the return number of picking slip
the ISO). of the items items back to the
(where delivered ISO before
customer and as picking slip is
signs for signed for by sent to
and accepts customer. warehouse.
only those
items
ordered).
(Operational
control)
Table 6.10: Picking of goods from warehouse
4 PICKING OF GOODS FROM WAREHOUSE

| WAREHOUSE |
Activity Responsible Documents What could Control Account/ Manual Alternative

party and go objective assertion controls and
records; wrong/risks affected additional
master controls in a
les computerised
environment
| WAREHOUSE |
4.1 Goods Storeman Picking Goods are A Goods N/A: 4.1A 4.1A
are picked Warehouse slip erroneously are picked Operational Supervisory Computer
from the picked from from measure staff system
supervisor
warehouse warehouse warehouse without member in does not
with that have in terms of accounting warehouse allow
reference not been the implications checks the warehouse
to an ordered by authorised (customers goods staff to
authorised the ISO and are only picked back create
picking customer, picking slip. charged for to the picking
slip. i.e. are not (Operational what they picking slip slips or
in terms of control) sign for on to con rm make
an delivery of all goods additions o
approved goods). correctly changes to
ISO, picked by on-screen
leading to picker picking
short or before slips (i.e.
over- goods are they have
deliveries sent to read-only
and the despatch access to
resultant and signs picking
negative the picking slips based
customer slip as on the
relations. evidence of access
the check. tables that
grant
access to
the system
on a least
privilege
basis).
| WAREHOUSE |
Delays in B Items are N/A: 4.1B 4.1B When

picking or promptly Operational Supervisor goods have
no picking picked from measure in been
of items at the without warehouse picked,
all results warehouse accounting regularly warehouse
in negative on receipt implications. checks le staff
customer of a picking of changes
relations. slip from sequentially the status
the sales numbered of the on-
order picking screen
department. slips for picking slip
(Operational any that to ‘Picked’
control) have not on the
been acted computer
on. (Picking system.
slips would Warehouse
have been supervisor
received prints a
from sales report of
order picking
department slips
in duplicate without
by means of status
a carbon ‘Picked’
copy (i.e. those
document.) still
When pending) on
goods have the
been computer
picked, one system for
copy of the follow-up.
picking slip
is returned
to the sales
order
department
to indicate
that picking
of goods
has taken
place (refer
to 2.1A).
Refer to 5.2B for controls applicable to the completeness control objective.
Table 6.11: Despatch and delivery of goods to customers
5 DESPATCH AND DELIVERY OF GOODS TO CUSTOMERS

| WAREHOUSE |
| WAREHOUSE |
Activity Responsible Documents What could go Control objective Account/ Manual

party and wrong/risks assertion affected controls
records;
master
les
5.1 Picked Despatch Picking Quantities on A Only those N/A: 5.1A A

goods are clerk slip authorised quantities of Operational despatch
transferred picking slip are goods in measure. exists,
from the not those accordance However, consisting
warehouse transferred to with a existence of a well-
to the the despatch supporting inventory de ned,
despatch bay (i.e. more or picking slip are affected where separate
bay. fewer items are transferred to goods go area of th
transferred). the despatch missing on warehous
This risk may bay. transfer to fenced off
lead to possible (Operational despatch bay with physi
misappropriation control relating and are never access
of inventory to the custody found, yet controls,
before despatch and included in such as a
to customer safeguarding inventory locking
takes place. of assets) balance. mechanis
for the ga
and keys
allocated
only to the
despatch
clerk.
When goo
are
transferre
from
warehous
to despat
bay, the
despatch
clerk
physically
inspects t
quantities
and
descriptio
of all item
back to th
attached
picking sl
Despatch
clerk does
not accep
any of the
| WAREHOUSE |
physical
items that
are not
indicated
the pickin
slip and
follows up
any missi
items.
Despatch
clerk sign
the pickin
slip as pro
of having
taken
custody o
the items
that were
accepted.
5.2 Goods Despatch Delivery Goods leaving B All goods Completeness 5.2B
are loaded clerk and note premises are loaded into the of revenue. (If Despatch
onto other not recorded on delivery truck ordered goods clerk crea
delivery despatch staff a supporting for despatch are not numerical
vehicle, document, have been recorded on sequence
Gate security
which then guard leading to recorded on a delivery note, it delivery
exits delivery without delivery note. might not be notes for
business Driver charge to the (Completeness) invoiced to goods bei
premises. customer (where customer despatche
goods are not despite Driver
returned) or to customer taking
checks
theft of the custody thereof
goods
goods before or if the goods
loaded on
reaching the are trucks bac
customer. misappropriated
to delivery
en route.)
note and
Existence of signs as
inventory. evidence
taking
custody o
goods.
To ensure
goods
leaving
premises
have been
recorded o
a delivery
note,
security
| WAREHOUSE |
guard at e
gate
inspects
delivery n
and
performs:
• Check
numbe
boxes
truck; a
• Spot
checks
conten
where
possib
by
agreein
boxes
and/or
conten
back to
deliver
note,
depend
on the
nature
the goo
sold.
5.3 Goods Driver/delivery Delivery Customer C Proof of Occurrence of 5.3C

are personnel note denies having delivery is revenue. Customer
delivered received goods obtained for required t
to (leading to a every delivery. sign (and/
customer. sale inappro‐ (Validity) stamp) a
priately recorded copy of th
for a transaction delivery n
that may not to
have occurred). acknowled
acceptanc
of goods.
Table 6.12: Invoicing
6 INVOICING
| ACCOUNTING DEPARTMENT |
Activity Responsible party Documents What could go Control objective Account/ Manual co
and records; wrong/risks assertion
master les affected
6 INVOICING
6.1 Invoicing clerk Customer Goods are A All deliveries Completeness 6.1A A co
Customer- (invoicing) invoice delivered to give rise to a of revenue. the custo
signed copy Senior/supervisory Sales customer, corresponding signed de
of delivery but invoice. note (refe
debtors clerk journal
note is customer is (Completeness) 5.3C) is r
(recording) (Sales
received by never from driv
transaction
accounting le) invoiced for returning
department, those delivery a
initiating Debtors goods. in a pend
the creation ledger in seque
of a (Debtors order by t
customer master invoicing
invoice. le)
For each
Price list note rece
(Price list the invoic
master clerk pre
le) sequenti
numbere
invoice a
copy is
the
correspo
delivery n
(Note: int
sales ord
received
sales ord
departme
would als
led with
delivery n
invoice.)
6 INVOICING
Supervis
member
bookkeep
of ce rev
pending
delivery n
identify:
• Any m
delive
(gaps
seque
follow
the de
bay on
delive
not ye
place;
• Delive
for wh
invoice
yet be
record
the sa
journa
6 INVOICING
Deliveries B Sales are Cut-off of 6.1B Dur

are not recorded in the revenue. review of
invoiced period to which delivery n
Occurrence of
timeously, the transaction as per 6.
revenue
resulting in relates. above,
sales (Validity) superviso
possibly member
C Sales
being that the d
invoices are
recorded in only for actual the invoic
an incorrect correspo
sales
accounting the nan
transactions
period. period in
with bona de
Invoices are customers. the delive
made (as
created (Validity)
date on d
when no
note).
goods were
in fact 6.1C Invo
delivered to cross-refe
the and attac
customer original
(i.e. leading authorise
to ctitious internal s
sales order and
revenue if delivery n
recorded in invoice is
the sales created o
journal). authorise
and cust
signed de
note exis
Second/
staff mem
checks th
invoice is
supporte
custome
delivery n
an appro
internal s
order.
6 INVOICING
Incorrect D All invoices Accuracy of 6.1D Pric

quantities are created revenue. quantitie
and prices with accurate included
on invoice quantities, invoice w
leads to prices and reference
under- or calculations (quoted p
overcharging thereon. and deliv
of customer. (Accuracy) (delivered
quantity)
Second s
member
prices on
to of cia
company
list and
quantitie
delivery n
(Prices s
however,
to quoted
a quote i
applicabl
The abov
second s
member
checks c
and calcu
on the in
con rm a
before in
sent to
custome
to the sa
journal.
Table 6.13: Recording of sales
7 RECORDING OF SALES IN THE ACCOUNTING RECORDS

Activity Responsible party Documents What could Control objective Account/ Manual contro
and records; go assertion
master les wrong/risks affected
7.1 Sales Accounts Sales Posting to A Only valid Occurrence, 7.1A Second
invoice is receivable journal the sales invoices are accuracy and bookkeeping
posted to clerk/Bookkeeper journal, posted to the completeness checks the
(Sales
the sales Financial transaction debtors sales journal, of revenue. recorded invo
journal and ledger and debtors ledger in the sales
manager/ le) Existence,
debtors control and general journal by
accuracy,
account in Financial Debtors account ledger. agreeing the
valuation and
the accountant ledger and (Validity) entries to th
allocation
debtors (Debtors revenue supporting
master le) account in B Details of and
ledger. invoices to
sales completeness
General the general con rm that
Sales are transactions of trade
posted ledger: ledger may are correctly receivables. valid invoice
be exists for ea
from the Revenue posted from
incomplete, recorded sal
sales and trade the invoice to
inaccurate transaction.
journal to receivables or invalid. the sales
the trade journal, (Occurrence)
control Invoices wer
receivables accounts debtors ledger
accurately po
control and general
Debtors by agreeing
account in ledger.
the general statement (Accuracy) amounts
(Accuracy); a
ledger. C All sales
All invoices w
invoices are
posted by
posted to the
checking the
sales journal,
debtors ledger numerical
sequence of
and general
entries.
ledger.
(Completene
(Completeness)
7.1BC Secon
bookkeeping
also checks
posting of
invoices from
invoice to the
sales journa
the debtors
ledger to con
7.1ABC Debt
reconciliation
performed by
supervisor in
bookkeeping
7 RECORDING OF SALES IN THE ACCOUNTING RECORDS
section to
reconcile the
of all accoun
the debtors
ledger to the
balance as p
the trade
receivables
control acco
the general
ledger.
Financial
manager/ n
accountant
reviews the
debtors
reconciliation
follows up on
reconciling it
before mont
statements a
prepared for
mailing to
debtors.
A person
independent
the recording
receipt of ca
functions fol
up on all deb
queries, e.g.
where debto
complain abo
errors on the
invoices.
Table 6.14: Receipt of cash
8 RECEIPT OF CASH FROM CUSTOMERS

Activity Responsible Documents What could go Control objective Account/ Manual controls
party and wrong/risks assertion
records; affected
master
les
8.1 Receipt Mail Mail For money A All cash Completeness 8.1A For mon
of cash from opening register received by post received is of bank and received in th
staff and in person: deposited in post:
Cashier
8 RECEIPT OF CASH FROM Receipt
CUSTOMERS Money is
| ACCOUNTING Chief
DEPARTMENT | received from
Cashing-
customer,
customers cashier up sheet entity’s bank cash At least tw
• but is not
by: Security Bank deposited account. balances. persons, o
• Postal company deposit into entity’s (Completeness) which at le
mail guards slip bank • one
(cheques); account. independe
• In person of the bank
Instances where
at depositing
cash can be
cashiers and record
misappropriated
(cash or functions,
between receipt
cheques). open mail.
from customer
and banking of • Mail regist
cash include: is maintain
in which da
• Theft of
of receipt,
monies in
debtor nam
mail-opening
and amoun
stage where
received is
cheques are
recorded.
received in
the post and • Both staff
stolen by members s
mail register
openers. (isolation o
responsibi
• Theft of
When mon
monies paid
and mail
in person by
register is
recipient
transferred
preparing
cashiers,
ctitious
cashiers
receipt or no
count mon
receipt at all
received in
(theft cannot
the presen
be picked up
of mail
timeously as
openers an
no record of
sign regist
receipt
as proof of
exists). (Risk
accepting
also applies
custody of
to
cash.
unauthorised
or fake hand- For monies
written received by
receipts used cashiers
in a (cheques from
computerised mail openers
environment cash/cheques
to unaware from walk-in
customer.) customers):
• Adequate
security
arrangeme
to be made
(e.g.
appointme
of security
company;
installation
and
monitoring
cash regist
by CCTV).
• Notice stat
that custom
should ins
on a receip
from cashi
• Cashier
creates a
numerically
sequenced
multicopied
receipt for
money
received.
• Theft of cash • Cashier

from till by counts
cashier and cheques a
loss not cash at en
identi ed due shift and
to insuf cient reconciles
cashing-up with total o
and review receipts
procedures. issued.
• Theft of cash • Chief cash
from facilities reviews all
where cash cash-up
is stored results of
before being cashiers to
taken to the con rm an
bank. shortages
• Theft of cash surpluses
while in identi ed a
transit to reported, a
bank. signs as
evidence o
this review
and for tak
custody of
cash.
• Chief cash
completes
bank depo
slip indicat
total cash
received.
• Cash is ke
in a secure
reproof dr
safe (a saf
with a sma
dedicated
opening fo
cash bag)
until collec
for banking
• Drop safe
able to unl
with two se
of keys, on
set carried
manageme
and one se
by security
company.
• Security
company
collects ca
(e.g. during
the next
business d
for banking
• Bank-stam
deposit sli
returned to
company fo
reconciliati
with
company’s
copy of
deposit sli
and the tot
of cashing-
sheets for
cashiers of
the previou
day. (Contr
performed
person
independe
of cashing
and bankin
process.)
• Bank depo
slip is led
date
sequence
regularly
reviewed b
staff memb
independe
of the cash
and bank
function fo
missing
deposit da
indicating
possible
unbanked
cash for a
particular d
Table 6.15: Recording receipts
9 RECORDING RECEIPTS IN THE ACCOUNTING RECORDS

Activity Responsible Documents What could go Control objective Account/ Manual controls
party and records; wrong/risks assertion
master les affected
9.1 Cash book Cash book Fictitious A Cash receipts Occurrence of 9.1ABC Debtors
Receipt clerk (cash cash recorded relate to cash reconciliation is
from Financial receipts receipts are actual cash receipts. performed on a
debtor journal) recorded in received, i.e. each monthly basis to
manager/ Completeness
is cash book entry in cash book ensure correct
Debtors and accuracy,
posted Financial and in is supported by posting of
ledger valuation and
to the accountant customer’s cash receipts to the
(debtors allocation of
cash account in deposited/received debtors ledger
master le) trade
book debtors in bank account. and general
receivables.
(cash General ledger. (Validity) ledger control
receipts ledger: account (refer to
journal) Bank and functional area 7
and the cash above for detaile
debtor’s control controls).
account accounts
in the and
debtors debtors
ledger. control
account
Bank
statement
List/report
of
unidenti ed
deposits.
Receipts are B Cash deposited Accuracy of 9.1ABC Bank

not posted is posted in the cash reconciliation is
accurately correct amounts to receipts. performed by a
to the cash the cash book and staff member
Accuracy,
book or to posted to correct independent of
valuation and
the debtor’s debtor account in the cash and
allocation of
account in debtors ledger. trade bank function on
the debtors (Accuracy) a regular (e.g.
receivables.
ledger monthly) basis by
Cash book (cash
(incorrect reconciling
receipts journal)
amounts or totals are posted balance per cash
incorrect book to balance
to general ledger
debtor per bank-supplied
bank and cash
account). bank statement.
control account
and debtors Fictitious entries
control account in in cash book will
the correct be identi ed as
amounts. these receipts
(Accuracy) would not have
been processed
by the bank. Any
deposits not
recorded in cash
book or recorded
erroneously will
be identi ed in
the same way.
Deposits made
into bank accoun
but which have
not been recorde
in cash book, will
also be identi ed
Not all cash C All cash receipts Completeness 9.1C Reconciling

receipts are that occurred are of cash items are
posted to recorded in the receipts. re ected on bank
the cash cash book and reconciliation and
Existence and
book or to posted to the bank the reasons
accuracy,
debtors and cash control valuation and noted (e.g.
accounts in account/debtors outstanding
allocation of
the debtors control account in deposits and
trade
ledger. the general ledger. cheques,
receivables.
(Completeness) referenced to
supporting
documentation).
Bank
reconciliations
are reviewed,
including for
unusual or long-
outstanding
reconciling items
by nancial
manager/ nancia
accountant and
signed as
evidence of
review.
Second
bookkeeping cler
checks posting o
receipts from
receipts to cash
book and to
debtors ledger fo
accuracy and
correct allocation
to debtors’
accounts.
For direct D All unidenti ed Completeness 9.1D An

deposits deposits made into of cash unidenti ed
and EFTs: bank account are receipts. deposit suspens
Deposits in appropriately account in the
bank recorded in general ledger is
account that accounting created to which
cannot be records. all unidenti ed
identi ed by (Completeness) deposits are
the cash credited (i.e.
book clerk debit entry to
as having cash and bank
been account and
deposited credit to
by a known suspense
party/debtor account).
are not
A list of
adequately unidenti ed
recorded,
deposits is
leading to
prepared by cash
mis-
book clerk with
appropriated full details of
cash or un-
each deposit
recorded
received. The list
credits to
is reconciled to
customer suspense
accounts.
account on
regular basis by
nancial
accountant and
any unusual or
recurring entries
followed up.
Table 6.16: Processing and recording of returns and other sales adjustments
10 PROCESSING AND RECORDING OF RETURNS AND OTHER SALES ADJUSTMENTS

| WAREHOUSE, SALES AND ACCOUNTING DEPARTMENT |
Activity Responsible Documents What could go Control objective Account/ assertion

party and records; wrong/risks affected
master les
10.1 Goods Goods Unauthorised A Credit Occurrence of sales

Customer receiving returned (invalid) adjustments to adjustments.
returns clerk/storeman voucher credit is customer
Completeness of
goods to (warehouse) granted to accounts are
Credit note revenue.
entity for Sales returns (internally customer authorised in
credit accounts, terms of Completeness of trade
clerk generated) receivables.
and/or e.g. credit
10 PROCESSINGBookkeeper
AND RECORDING OF RETURNS AND OTHER SALES ADJUSTMENTS
| WAREHOUSE, (accounts
SALES AND ACCOUNTING DEPARTMENT |
receivable)
requests and debit granted for company
credit to Financial note goods that policy. (Validity)
account for manager/ (received were not
matters accountant from debtor) returned.
such as Sales manager Sales
inferior or and/or credit adjustments
damaged controller journal
goods (approval of
delivered, discounts) General
other journal
overcharges Debtors
or errors in ledger
the
customer’s General
account ledger
requiring
correction.
Sales B Sales Accuracy of sales

returns are returns are returns/revenue.
not recorded recorded at the
Accuracy, valuation and
at the correct allocation of trade
correct amounts.
receivables.
quantities or (Accuracy)
amounts.
j
Not all credit C All credit Completeness of sales

granted to notes issued adjustments/Occurrence
customers is are timeously of revenue.
recorded in issued and
Existence of trade
the posted to receivables.
accounting debtors’
records. accounts.
(Completeness)
j
10.2 Accuracy, Unauthorised D Discounts Accuracy of sales

Settlement valuation (invalid) provided to discounts/Accuracy of
or other and discount is customers are revenue.
discount is allocation of provided on authorised in Accuracy, valuation and
provided to trade sales to terms of the
allocation of trade
a customer. receivables. customer. discount policy
receivables.
of the
company.
(Accuracy)
Note: The
underlying
transaction
remains valid,
despite the
unauthorised
discount
amounts.
Discounts to E Discount is Accuracy of sales

customers calculated in discounts.
are not terms of the
Accuracy, valuation and
accurately authorised allocation of trade
recorded. discount
receivables.
percentage
and correctly
recorded on
the invoice.
(Accuracy)
6.8 Cycle illustration: The revenue and receipts cycle at Ntsimbi

Piping
Cycle background: All sales to customers are made on credit and Ntsimbi Piping is also responsible for
making its own deliveries to its customers. e company operates a large nished goods store (subsequently
referred to as warehouse) located adjacent to its factory, from where nished goods are despatched to
customers.
6.8.1 Credit management

• is function is the ultimate responsibility Ntsimbi Piping’s accounting and nance division, although
some aspects of the function are carried out by staff in other divisions. Note that certain functions have
been outsourced to an external service provider.
• Persons involved in function:
• Mike Milton (credit controller in the credit section of the marketing and sales division)
• Janice Fourie (data capturer in operations)
• James Khumalo ( nancial manager in the accounting and nance division).
6.8.1.1 Application for credit

A potential new customer who wishes to buy products from Ntsimbi Piping is referred to the credit
controller, Mike Milton. Mike asks the customer to complete a credit application form (in triplicate), on
which the customer must disclose its business particulars, including the contact details of several trade
references. A copy of the customer’s latest nancial statements is also requested.
Mike submits the credit application with supporting documentation to an external service provider,
DebtACheck (Pty) Ltd, who assesses the customer’s credit quality by performing a credit background check
on the customer as follows:
• Following up with the customer’s trade references (to con rm whether the customer is in good standing
with its suppliers and other business associates);
• Querying credit bureaus to con rm the customer has a favourable credit history (i.e. the customer’s credit
rating is not impaired); and
• Analysing the nancial information provided by the customer (such as audited nancial statements) to
con rm customer has a healthy cash and liquidity position.
e check usually takes one day to complete. Only customers who are rated as ‘AA’ or ‘BB’ quality by
DebtACheck (Pty) Ltd are advanced credit by Ntsimbi Piping. Should the credit assessment be successful
(i.e. for AA and BB-rated customers) DebtACheck (Pty) Ltd recommends a credit limit for the customer’s
account by indicating the limit on the customer’s application form. Credit limits may only be recommended
within the overall parameters previously approved by Ntsimbi Piping’s board of directors. Unsuccessful
applicants are indicated on the application form as such.
When the nalised application form with supporting documentation is received back from DebtACheck
(Pty) Ltd, Mike Milton rst reviews and approves the credit limits recommended by DebtACheck (Pty) Ltd.
His review involves ensuring that proper supporting documentation (such as evidence of the credit
background check) is attached and that the credit limit is reasonable given the information obtained by
DebtACheck (Pty) Ltd in making its decision on the customer’s credit limit. e three copies of the
application form are distributed as follows:
• e original is retained by Mike and led in numerical sequence;
• e rst copy is given to the customer for the customer’s records; and
• e nal copy is sent to Janice Fourie, the data capture clerk, for capturing onto the computer system, in a
batch together with a master le amendment form.
6.8.1.2 Amendments to the debtors master le

Company policy only allows for changes to master les on the computer system to be captured if the changes
are made on the basis of an authorised master le amendment form (MAF). Whenever Mike sends debtors
master le amendment requests to the data capturer, they are accompanied by an MAF, which also serves as
a batch cover sheet. e MAF contains the reference numbers of all the attached supporting documentation
(e.g. customer application form number) and the type of change required such as:
• New customer;
• Change to an existing customer account;
• Account correction; and
• Account removal.
To initiate capturing, Janice Fourie accesses the customer master le module on the company’s
computerised accounting application (PVCACC) with her unique username and password and selects the
‘Amend debtor details’ function. Working her way down the master le amendment form, she enters all the
particulars of the new customers as they appear on the attached application forms. e system automatically
allocates a unique sequential account number (customer code) to each new customer account as Janice
captures the information. PVCACC does not allow Janice to choose or furnish an account number herself for
new customers.
6.8.1.3 Changes to credit limits

Should an existing customer wish to increase its credit limit, Mike Milton must evaluate the request based on
the customer’s credit history with Ntsimbi Piping or other information supporting the customer’s request to
increase their credit facilities. All other existing customers’ credit limits are reviewed periodically by Mike in
accordance with the requirements of the National Credit Act. He ensures that all debtors with long-
outstanding balances are considered for a reduction in credit limit or a possible hold on their account,
freezing the customers’ ability to order goods in the future. Changes to the credit limit on Ntsimbi Piping’s
accounting system take place through the official master le amendment procedures as described above.
6.8.1.4 Review of modi cations to customer master le

On a weekly basis, James Khumalo accesses the debtors master le module on PVCACC (by means of read-
only access with his unique username and password) and prints a log of all master le amendments. He
matches all amendments on the log with the following:
• Corresponding master le amendment form; or
• Attached credit application form/other attached supporting documentation.
He also reviews the log for any unusual modi cations such as possible duplications or exorbitant credit
limits captured. Any exceptions are followed up with Janice or Mike and resolved. James signs the log as
evidence of having performed the review.
6.8.1.5 Write-off of bad debts

At the end of each month, Mike Milton prints a debtors age analysis from the debtors master le (i.e. debtors
ledger), to which he has read-only access. e age analysis displays the number of days for which each
debtor’s balance has been outstanding since the dates of invoicing. In consultation with James Khumalo, a
decision is made about which debtors must be handed over to Ntsimbi Piping’s attorneys for collection
(typically debt that is outstanding for longer than 120 days), but only after Mike can provide proof that the
debtor has been contacted several times to request payment.
A list of bad debts to be written off is created, signed by both Mike and James and then transferred to the
accounting and nance division for processing to the debtors’ accounts and general ledger. Neither Mike nor
James has write-access to journals on the system: they can only approve hard-copy journals for capturing by
a clerk in the accounting and nance division.
6.8.1.6 Allowance for credit losses

As part of the accounting activities at the end of each nancial year, Mike and James re-evaluate the ability of
Ntsimbi Piping to collect debtors with long-outstanding balances at year-end. As per the company’s
accounting policy, a trade receivable is deemed to be ‘credit impaired’ once it has aged to more than 90 days
overdue. To estimate the expected credit losses, Mike and James consider historic debtor information,
including the ageing of debtors’ accounts, and adjust it for forward-looking information (such as the state of
the local economy). ey then compute an ‘Allowance for credit losses’ supported by their reasoning. A hard-
copy general journal is created by James and captured on the system by an accounting clerk after the journal
has been approved by Lee-Ann Losper.
6.8.2 Receiving orders from customers

• Function performed by the sales order office, a section in Ntsimbi Piping’s marketing and sales division.
• Person involved in function:
• Curtis Lesley (sales order clerk in sales order office).
6.8.2.1 Receiving sales orders and creating an internal sales order

All sales to customers are on credit. When a customer wishes to order products from Ntsimbi Piping, they
can do so by submitting a sales order either verbally by telephone or in writing by fax or email. Curtis Lesley,
the sales order clerk, is responsible for receiving all orders. He accesses the sales order module on PVCACC
by entering his unique username and password (which gives him write-access to creating sales orders
according to his user access pro le).
For telephone orders, Curtis requests that the customer provide his or her account number and selects the
number from a drop-down list on the ‘Enter new sales order’ screen. Without a customer account number,
the accounting system will not allow Curtis to continue creating an order. Should the person wishing to place
an order not have an account number, he or she is referred to Mike Milton, who initiates the credit
application process.
Once the computer system nds the account number in the customer master le (veri cation check), all
details of the customer appear on screen, including any warnings for Curtis’ attention. Such warnings may,
for instance, include a warning that the debtor has already exceeded its credit limit or that the customer’s
account has been frozen by the credit controller (usually due to problems experienced with collectability of
the customer’s debt). Should such a message appear, Curtis will not be able to proceed with the sales order
and the credit controller (Mike Milton) will have to be called (refer to 6.8.3.1 below).
Curtis asks pertinent questions from the customer, such as business address and contact details, to
con rm the authenticity of the person phoning. He compares the customer-supplied information to the
standing data displayed on-screen to ensure the customer is valid.
If a customer is allowed to proceed to place an order, Curtis creates an on-screen sequentially numbered
internal sales order (ISO).
e customer then proceeds to provide Curtis with the item codes and quantities of goods he or she
wishes to order. (Ntsimbi Piping emails an updated electronic product catalogue to all its customers at the
beginning of each month, which the customer uses to order goods.) Curtis is only required to enter the stock
code number of the item being ordered and the computer system automatically performs a product
veri cation and availability check on the inventory master le. e price of the item is automatically
allocated to the internal sales order with reference to the official product prices stored in the price list
master le (which agrees with the latest product catalogue sent to customers).
Before concluding the order, Curtis rst reads back the order details to the customer to con rm the
accuracy of the product descriptions and quantities ordered, as well as the prices appearing on the internal
sales order.
For email and fax orders, Curtis captures the orders directly onto the ‘Enter new sales order’ screen. As
with telephone orders, the same computerised veri cation and limit checks apply to email and fax orders
being captured. After an email or fax order has been captured, Curtis either phones or emails the customer to
con rm the total price of the order and to inform the customer that the order is being processed.
A second staff member in the sales department checks the accuracy of the capturing performed by Curtis
by comparing the results of the capturing (as contained on a printed ‘pending ISO report’) back to the email
or fax.
WHY? Why are telephone orders not checked for accuracy by the second staff member?
Recall that Curtis captured the order directly from his conversation with the customer,
leaving no paper trail for a second person to check. However, Curtis did read back the
details on the on-screen ISO to the customer, which in effect served as the accuracy
check.
6.8.2.2 Following up on ISOs

On a regular basis, Curtis prints a report titled ‘ISOs not yet picked’ from PVCACC, which lists all ISOs for
which the status indicates ‘Awaiting picking’ on the computer. As long as the warehouse staff have not yet
changed the status of the ISO to ‘Picked’ (refer to 6.8.4.2 below), the ISO remains on this report. Curtis
follows up with the warehouse staff for reasons for a delay in the picking of the goods on the ISO.
6.8.2.3 Backorders
Should there not be sufficient quantities of an item on hand at the time of the order, Curtis informs the
customer accordingly and, should the customer wish to proceed, Curtis ags the item on the ISO for transfer
by the computer to the backorder system. e computer sends an electronic backorder note to Ntsimbi
Piping’s purchasing division for acquisition from suppliers. Curtis regularly reviews the list of backorders on
the computer for long-outstanding backorders and follows up with the purchasing division about delays.
6.8.2.4 Distribution of source documents (ISOs)

e electronic ISO remains on PVCACC and is sequentially stored in a sales order transaction le
accessible for query purposes through read-only access by the stores supervisor (refer to 6.8.4.1 below) and
the invoicing clerk in the accounting and nance division (refer to 6.8.6.1 below). No physical copy of the ISO
is printed.
6.8.3 Authorisation of sales orders

• Function primarily performed by the sales order office (a section in the marketing and sales division).
• Curtis Lesley (sales order clerk in the sales order office of the marketing and sales division)
• Leanne Ford (sales manager in the marketing and sales division)
• Mike Milton (credit controller in the credit section of the marketing and sales division).
6.8.3.1 System authorisation of sales

Authorisation of an ISO is automatically granted by the computer system if the order does not result in the
customer’s pre-authorised credit limit being exceeded.
Should the credit limit be exceeded, Curtis Lesley calls Mike Milton to ask him to consider an override of
the system restriction. Mike has to enter his username and password and approve the sale should he deem
the customer sufficiently creditworthy to order over and above his credit limit. Mike must enter a reason as
justi cation on the computer. Curtis’ user access on PVCACC does not allow him to continue with sales
orders where the credit limit of the customer will be exceeded after the sale and if the credit controller has
not granted approval for the excess.
6.8.3.2 Management review of orders

Manual approval of an order where the customer will still be within his or her credit limit after the sale is not
required, owing to the system authorisation described in 6.8.3.1 above. However, at regular intervals, Leanne
Ford (sales manager) accesses the sales order module with her unique username and password and asks the
system to print a summary list of all new sales orders from the sales order transaction le (e.g. name of
customer and total amount ordered). She scrutinises this list for any unusual sales, such as possible
duplications, unexpected signi cant order amounts and orders with noti cations and warnings printed next
to the order, and follows up any queries she has with Curtis Lesley or Mike Milton.
She also reviews the ‘credit limit override report’ for reasonability and unusual entries. is report lists all
instances where Mike Milton authorised a sale that led to a customer’s credit limit being exceeded.
She signs both the sales order list and credit limit override report as proof of review and les them in her
office.
No staff member, including managers, has the ability to make any changes to the summary list of orders or
the credit limit override report.
6.8.3.3 Creating a picking slip
After an ISO has been authorised, the system automatically generates a sequentially numbered picking slip.
e computer application has been designed in such a way that stand-alone picking slips (i.e. picking slips
without a supporting ISO) cannot be generated.
e picking slip contains the following information about the items ordered: item code, item description,
storage location of item in warehouse and quantity required. Prices are not indicated on the picking slip. e
picking slip serves as an instruction to the storeman in the warehouse to pick the goods from the warehouse
for eventual delivery to the customer.
No staff member in any section has the logical ability to change the details on the computerised picking slip,
or to generate a picking slip without there being a pre-existing ISO on the system.
6.8.3.4 Distribution of source document (picking slip)
A hard copy of the picking slip is printed by Curtis Lesley and submitted to James Price, a supervisor in the
warehouse, for further follow up. An electronic version of the picking slip is retained on the system.
6.8.4 Picking of goods from warehouse

• Function performed by Ntsimbi Piping’s nished goods warehouse in the manufacturing division.
• James Price (a warehouse supervisor in nished goods warehouse)
• Raymond Harris (production manager in the factory).
6.8.4.1 Selecting of goods from warehouse

On receipt of the hard copy of the picking slip, James Price instructs his picking staff to pick the ordered
goods from the warehouse’s storage area. ey securely pack all goods into containers or fasten piping with
dedicated packing materials. James ticks the goods off the picking slip as his staff packs each item, and, once
all picked, he signs the picking slip as proof of having checked the goods picked.
6.8.4.2 Finalising picking

When the goods on the picking slip have been picked and checked, James changes the status of the related
ISO on PVCACC to ‘Picked’ (the ISO’s number is referenced on the hard-copy picking slip for query
purposes). By default, the computer assigns a status description of ‘Awaiting picking’ for all ISOs not yet
addressed by the warehouse. is action of updating the ISO’s status removes the ISO from the report of
‘ISOs not yet picked’ printed for follow up by Curtis Lesley in the sales order office (refer to 6.8.2.2 above).
6.8.4.3 Further distribution of source document (picking slip)

e hard-copy picking slip accompanies the packed goods to the despatch area for the despatch staff to
check the quantity and descriptions of goods as they take custody of them.
6.8.5 Despatch and delivery of goods to customers

• Function performed by the despatch area of the nished goods warehouse in the manufacturing
division.
• Simon Peters (despatch supervisor in the despatch area)
• Delivery truck drivers
• Security guards at gate.
6.8.5.1 Preparing goods for despatch
On receipt of the picking slip and packed goods from the warehouse, Simon Peters inspects the contents of
the containers and piping fastened together with dedicated packing materials with reference to the picking
slip and signs the picking slip as evidence of having received all goods from James Price. e signed picking
slip is led in numerical sequence for record-keeping purposes.
Simon accesses the despatch module on the inventory module of PVCACC and enters the picking slip
number. Details of the corresponding ISO appear on-screen, including the ISO number and customer details
for delivery (such as name, address and contact number). A sequentially numbered multicopy delivery note
is created and printed using the ISO data stored on the computer, indicating item codes, item descriptions
and quantity of items to be delivered. No item prices are indicated on the delivery note.
6.8.5.2 Delivery of goods to customers

After the goods have been loaded onto the delivery vehicle, the delivery truck driver proceeds to the exit gate
where security guards rst perform a check on the contents of the delivery vehicle by agreeing the number
and description of items in the truck to the product details indicated on the delivery note. e security
guards also perform a random spot check on the contents of some deliveries leaving the premises.
6.8.5.3 Distribution of source document (delivery note)

e delivery note is distributed as follows:
• An electronic copy is retained on PVCACC; and
• ree printed carbon copies are signed by the customer and distributed as follows:
• Copy one is retained by the customer;
• Copy two is returned to Simon Peters in the nished goods warehouse, and he updates the status of
the delivery on PVCACC to ‘Delivered’; and
• Copy three is submitted directly to Mary Carlson in the invoicing section for the purpose of invoicing
the customer.
6.8.6 Invoicing
• Function performed by the bookkeeping office (a section in the accounting and nance division).
• Mary Carlson (the invoicing clerk and bookkeeper responsible for accounts receivable)
• Jason Naidoo (senior bookkeeper in the bookkeeping office).
Mary Carlson is responsible for creating and emailing invoices to customers. As and when a customer-signed
delivery note is received from the driver (see distribution of delivery notes in 6.8.5.3 above), Mary les it
sequentially in a ‘pending invoice le’.
6.8.6.1 Creating an invoice

Each day, Mary accesses the ‘Customer invoicing’ menu option in the debtors module of PVCACC to create
customer invoices. e computer application rst shows her a list containing all deliveries that have been
lled (refer to 6.8.5.3), together with the delivery note number. Mary then checks that a customer-signed
delivery note exists (as received from the driver, refer to 6.8.5.3) for each delivery note on the computer list.
For each completed delivery transaction, she selects the ‘create invoice’ button next to each delivery in order
to generate an on-screen invoice.
Customer details and item prices on the invoice are automatically retrieved from the supporting internal
sales order (ISO) data previously stored on the system, whereas item codes, product descriptions and item
quantities are retrieved from the delivery note data stored on the system. e computer automatically
allocates the delivery note and ISO numbers to the invoice created (for the purpose of cross-referencing).
Once the invoice is created, Mary agrees the quantities on the on-screen invoice with the customer-
signed delivery note to ensure the customer is only invoiced for those goods that appear on the delivery note.
e system does not allow Mary to make changes to the quantities or prices on the on-screen invoice. Should
changes be necessary, standard credit note procedures should be followed (see section 6.8.10).
All invoices are generated by the system in sequential number order and only if a agged delivery note
( lled order) is stored in its database. It is therefore not possible to create a duplicate invoice for the same
delivery note or an invoice for which no delivery note and ISO exists.
e computer application performs a range of programmed edit checks on the invoice:

• ‘Matching check’ with delivery note and ISO as explained above;
• ‘Sequential numbering check’ to ensure invoices are generated in sequence; and
• ‘Missing data check’ to ensure that all information has been included on the invoice from the other
supporting documents, as well as full customer details such as name, address, VAT number and cross-
referencing to delivery note and ISO.
6.8.6.2 Following up on outstanding invoices

On a routine basis, the senior bookkeeper, Jason Naidoo, prints a report from the debtors module of PVCACC
which shows completed deliveries for which no invoice has yet been generated. He follows up any such
instances with Mary. is review procedure by Jason ensures that customers are always promptly invoiced
for any goods delivered and that sales transactions are processed in the nancial period to which they relate.
6.8.6.3 Distribution of source document (invoice)

e electronic version of the invoice is retained on PVCACC while an electronic copy is emailed to the
customer. Mary performs emailing of invoices on a daily basis and this is checked by Jason to a system-
generated ‘Daily emailing report’ to ensure that all invoices have been emailed.
6.8.7 Recording of sales in the accounting records

• Mary Carlson (bookkeeper responsible for accounts receivable)
• Jason Naidoo (senior bookkeeper).
6.8.7.1 Posting of sale

e posting of sales transactions to the sales transaction le (sales journal) takes place after Mary Carlson
has generated an invoice on PVCACC (i.e. when an invoice has been nalised). After having generated all
invoices from the delivery notes as described above, she selects the ‘Post invoices’ button on-screen, which
automatically initiates batch processing by the computer to the sales transaction le. At the same time, the
transactions are also automatically posted to the debtors master le and the general ledger. e system does
not allow any person to make changes to the sales transaction le, debtors master le or general ledger other
than by following the steps described above.
6.8.7.2 Reviewing of posted sales transactions

On a routine basis (usually once a week), Jason Naidoo (senior bookkeeper) prints a log (list) of all sales
transactions posted to the sales transaction le. He reviews the postings for any unusual items and for
missing invoice numbers (these are usually due to cancellations). He follows up on any queries he may have
with Mary Carlson for resolution. He signs the list as proof of having reviewed the sales transaction le and
les the transaction log in his office.
6.8.7.3 Debtors reconciliations

At the end of each month, Mary Carlson performs a debtors reconciliation between the grand total of
outstanding debtors balances in the debtors master le (computerised debtors listing) and the balance of the
trade debtors control account in the general ledger. Any reconciling items are followed up and resolved by
Mary. e reconciliation is printed and handed to Jason Naidoo for him to review and sign.
6.8.7.4 Debtors statements

After Mary has successfully completed the debtors reconciliation, she instructs the system to generate a
debtors statement (in electronic format) for each debtor. ese re ect the outstanding balance of the debtor
brought forward (if any), all transactions with the debtor during the past month (including invoices, receipts
and adjustments) and the outstanding balance payable by the debtor at statement date, with ageing of the
balance. She emails each debtor statement to the applicable debtor.
6.8.8 Receipt of cash from customers

• Function performed by the cashiers (a section in the accounting and nance division).
• Tracy Lee (cashier)
Customers pay their outstanding debtors balances mostly by making EFTs (using their internet banking
facility) directly into Ntsimbi Piping’s bank account. A minority of customers pay in cash at the company’s
head office where the cashier is located, or they make direct deposits into the company’s bank account by
depositing money in person at a branch of Ntsimbi Piping’s bank.
6.8.8.1 Cash received by cashier

Tracy Lee is responsible for receiving cash from debtors. When arriving at the cashier, the debtor provides his
or her customer account number to Tracy, who then accesses the ‘Receipts module’ in PVCACC. She is
asked by the computer system to enter the debtor’s account number before she is allowed to process a
receipt.
When the customer hands the cash to Tracy, she keys in the amount into the computer, which then
opens the drawer of a cash register connected to the computer. She hands any applicable change to the
customer, while the computer records the amount received and prints a sequentially numbered receipt slip.
6.8.8.2 Distribution of the receipt

• A printout of the receipt slip is handed to the customer.
• It is not necessary for Tracy to print a receipt for ling due to the automatic updating of the cash receipts
transaction le, debtors master le and general ledger when the receipt is generated by the system.
However, an electronic receipt is stored on the computer system for record purposes.
6.8.8.3 Cashing up
At the end of each day, Tracy prints a ‘daily cash-up report’ from PVCACC, which shows the total receipts
recorded by the computer for the day. She counts the physical cash received and reconciles it to the total of
the daily cash-up report. Although it rarely occurs that there is a surplus or shortage of cash takings, she has
to inform Jason Naidoo (senior bookkeeper) of any discrepancy should it arise.
Tracy proceeds to complete a bank deposit slip in triplicate, indicating the total cash that should be
banked for the day. is is ordinarily equal to the total of the daily cash-up report.
6.8.8.4 Security over cash

Tracy puts the cash in a bank bag and attaches a tamper-proof zip seal to the bag. (Should there be
tampering with the bag, a plastic tag on the zip will tear and cannot be repaired.) She inserts the bank bag
with the deposit slip into a secure reproof drop safe in the accounting office for safekeeping overnight. Only
the nancial manager and Ntsimbi Piping’s external security company have keys to the safe, and both keys
have to be used simultaneously to open the safe.
6.8.8.5 Banking of cash

e next morning, guards of the security company contracted by Ntsimbi Piping pick up the bank bag after
signing a ‘handing-over register’ as proof of taking custody of the bank bag. ey transport the bank bag to
the bank, deposit it and return a bank-stamped copy of the deposit slip to Sibongile Mathlabe, the cash book
clerk.
6.8.8.6 Reviewing of deposits
Once a week, Jason Naidoo reviews the sequence of deposit slips and ensures no gaps (i.e. missing deposits)
exist. He also con rms that each deposit slip contains a bank stamp and that the total amount deposited
agrees with the attached ‘daily cash-up report’.
6.8.9 Recording of receipts in the accounting records

• Sibongile Mathlabe (cash book clerk)
6.8.9.1 Posting of receipts to cash book and debtors master le (computer system activity)
When Tracy Lee issues a receipt to a customer, the receipt is automatically posted to the cash receipts
transaction le (cash book) and general ledger by the computerised accounting application. In addition, the
receipt is also automatically posted to the applicable debtor’s account in the debtors master le, crediting the
debtor’s account. It is not possible for a user to make changes to the cash receipts transaction le, debtors
master le or general ledger other than by following the steps described above.
6.8.9.2 Allocating deposits other than cash receipts by the cashier to debtor accounts
On a daily basis, Sibongile Mathlabe posts receipts that were received by EFTs and direct bank deposit to the
accounting records. Customers are required to quote their customer account number as banking reference
when effecting an EFT or making a direct deposit. is practice enables Sibongile to identify which deposit
belongs to which debtor. He is able to download the company’s bank statements electronically using Ntsimbi
Piping’s online banking facility.
In order to allocate deposits to debtor accounts, Sibongile rst accesses the ‘Record receipts’ function on
PVCACC with his unique username and password. He also accesses the online banking facility using read-
only access and prints a hard copy of the bank statement. He then ticks off each deposit that appears on the
bank statement as he posts it to a debtor’s account in the computer application. e crediting of the debtor’s
account in the debtors master le takes place automatically at the same time that a receipt is posted by
Sibongile to the cash receipts transaction le. is automated posting is possible as Sibongile has entered the
debtor’s account number before posting the deposit, enabling the system to identify the account to which the
receipt should be allocated.
6.8.9.3 Unidenti ed deposits

It does on occasion happen that Sibongile nds a deposit on the bank statement that does not have any
customer account number as banking reference, or the number is not recognisable as a customer number
belonging to a debtor of Ntsimbi Piping. In such cases, Sibongile compiles a ‘list of unidenti ed deposits’,
which in turn becomes a reconciling item on the bank reconciliation (i.e. money has been received in the
bank, but not yet recorded).
In most cases, these deposits are resolved after the debtor statements have been sent out, when debtors
query why their accounts have not yet been credited with deposits. Sibongile then requests the debtor to
send him a ‘proof of payment’, after which he can identify the deposit on the bank statement, should it exist.
Only then can he clear the list of unidenti ed deposits of that particular amount and allocate the receipt to
the relevant debtor’s account.
6.8.9.4 Performing a bank reconciliation

At the beginning of each month, Sibongile performs a bank reconciliation for the previous month between
the month-end bank statement received from Ntsimbi Piping’s bank and the cash balance as per the
company’s cash book on the computer system. He performs the bank reconciliation using the facility
provided by PVCACC.
e bank reconciliation identi es, among others, any deposits and cheques that have been recorded in
the cash book, but which have not been processed by the bank yet, and vice versa. After completing the bank
reconciliation and making sure there are proper reasons for all reconciling items, Sibongile prints the
reconciliation, signs it as proof of performance and hands it to Jason Khumalo for review. Jason carefully
agrees the bank statement and cash book balances with the supporting evidence attached and also agrees
the reconciling items with attached supporting documentation (such as deposit slips for deposits not yet
processed by the bank and the unidenti ed deposits with the list of unidenti ed deposits).
In addition, James scrutinises the cash book and list of unidenti ed deposits on the computer for any
unusual items and follows up with Sibongile and/or Tracy (cashier) as to reasons for these.
6.8.10 Processing and recording of returns and other sales adjustments

• Function performed by the warehouse in the manufacturing division, marketing and sales division and
accounting and nance division.
• Abdul Paruk (goods receiving supervisor in the warehouse)
• James Price (supervisor of the nished goods warehouse)
• Mary Carlson (invoicing clerk in invoicing section of the accounting and nance division)
• Leanne Ford (sales manager in the marketing and sales division).
It occasionally happens that customers are justi ably not satis ed with goods delivered or that goods are
damaged in transit. In such cases, a customer sends the goods back to Ntsimbi Piping for a credit to his or
her account.
Strict controls are in place over the issue of sales credits due to the high risk of fraud in this area.
6.8.10.1 Receiving returned goods from customers

Should a customer return goods to Ntsimbi Piping, they are received by Abdul Paruk in the receiving area of
the warehouse.
Abdul accesses the ‘Create goods returned voucher’ (GRV) option in PVCACC and must rst provide an
invoice reference number, as quoted by the customer, before the system allows him to proceed. Should the
system nd a matching invoice, Abdul enters the item codes and quantities of all goods that are being
returned and the system matches it to the product descriptions on the original invoice for validity. He then
prints a sequentially numbered GRV, which is handed to James Price. James performs an additional check on
the goods (e.g. to ensure that the goods are in fact damaged as claimed by the customer) and authorises the
GRV. e goods are then transferred to a separate area in the nished goods warehouse from where they will
be repaired or written off.
6.8.10.2 Distribution of source document (goods returned voucher)

• One copy of the GRV is led by Abdul in the warehouse for record purposes.
• e second copy is given to the customer as proof of having returned the goods.
• A third copy is sent to the invoicing clerk (Mary Carlson).
6.8.10.3 Creating a credit note

When Mary Carlson receives an approved GRV from the warehouse, she accesses the ‘Create credit note’
function in PVCACC with her unique username and password. She is asked to input a GRV number as well
as an invoice number relating to the goods returned, before she can continue creating the credit note.
e accounting application automatically furnishes the transaction details on the credit note (item code,
description and quantity), retrieved from the GRV data previously captured by Abdul in the warehouse and
stored on the computer system. It also matches the credit note to the corresponding invoice data stored on
the system in order to retrieve the prices that were originally charged to the customer, and for which credit is
being granted. When generated, credit notes are written by the computer to a pending credit notes
transaction le to await approval.
6.8.10.4 Approval of credit notes

Leanne Ford (the sales manager) must log in to PVCACC using her unique username and password in order
to approve pending credit notes. She electronically approves the credit notes with reference to the
supporting documentation submitted to her by Mary (including GRV and original invoice). Leanne cannot
create or make changes to any credit note on the system, as she has read-only access to view credit notes and
only has write-access to approve them.
Note: Where credit being granted to a customer is not based on returned goods, but is related to other
adjustments, such as account corrections, Leanne Ford must rst authorise the adjustment. Mary Carlson
would generate a preliminary credit note on the accounting application (e.g. to correct a debtor account that
was overcharged) and submit any documentation supporting the adjustment to Leanne. Such documentation
may, for instance, consist of a debit note from the debtor and a print-out of the erroneous invoice. Leanne
authorises the credit note on-screen after con rming that a valid reason exists for the adjustment with reference
to the supporting documentation.
Upon on-screen approval, the credit note is processed automatically to the sales adjustments transaction le
and debtors master le without further action by Mary.
Leanne Ford prints a monthly report of all credit notes generated by the system for review. She
scrutinises this report for any unusual credit transactions or large transaction amounts and performs a
month-to-month comparison of total credit granted to investigate months with unexpectedly large totals.
6.8.10.5 Distribution of source document (credit note)

• PVCACC retains an electronic version of the credit note.
• Once approved by Leanne Ford, an electronic copy of the credit note is emailed to the customer by Mary
Carlson.
For questions 1 to 3, select the most appropriate answer(s) from the options provided:
1. A sale to a customer can ordinarily be recognised in the accounting records as revenue once: (LO 3 & 5)
a) A sales order has been received from the customer
b) e sales order received from the customer has been approved
c) Ordered goods have been delivered to the customer
d) An invoice has been sent to the customer to demand payment
2. A reason for making out an internal sales order (ISO) despite the fact that a written customer order has
been received is that: (LO 6)
a) e entity requires customer orders to be sequentially numbered, while those received from
various customers are not in sequential number order
b) e entity requires an ISO in order to prove the validity of the future sales transaction, without
which a sale cannot be recorded as revenue
c) An internal sales order is necessary for the proper approval of an order
d) An internal sales order is necessary to create a picking slip
3. A customer is required to sign the entity’s delivery note on delivery of goods or rendering of a service
because the signature: (LO 8)
a) Proves that the correct sales prices were originally quoted to the customer
b) Serves as an indication that a sales transaction can be recorded in the accounting records
c) Removes the possibility that delivery staff might misappropriate goods en route to the customer
d) Prevents collusion between the customer and delivery staff
For questions 4 to 9, indicate whether the statement is true or false and explain your answer:
4. A picking slip is an essential document needed for a sale to be recorded in the accounting records and
for an invoice to be created. (LO 5 & 6)
5. If an entity renders a service to a customer over a 24-month period, but the customer paid all 24 months’
fees up front (i.e. on the day the contract was signed), the entity can record the total contract value (24
months’ worth of services) in the initial nancial year if the customer agrees to this. (LO 3)
6. Only staff members at managerial level (and accordingly, not clerks) should be allowed to perform
reconciliations, such as a bank and debtors reconciliation. (LO 10)
7. For proper segregation of duties to occur, the staff member who receives and processes customer orders
should not be allowed also to post sales transactions to debtors’ accounts in the accounting records. (LO
10)
8. It is possible for a computer program to approve a credit note without any manual intervention from a
staff member. (LO 10)
9. A point-of-sales system is linked to the inventory master le in the company’s computer system to
enable it to retrieve the selling prices of items being sold. (LO 8)
10. Brie y explain the purpose of the revenue and receipts cycle. (LO 1)
11. State the major general ledger accounts that are affected by the revenue and receipts cycle. Provide your
answer in terms of the double-entry bookkeeping system, i.e. also state the contra-accounts affected.
(LO 4)
12. State the general ledger accounts most likely affected when the following activities occur: (LO 4)
a) An order is received from a customer.
b) An invoice is made out to a credit customer.
c) Money is received from a credit customer to settle his or her account.
d) A customer returns faulty goods to an entity and a credit note is approved.
13. Brie y explain the main purpose of each of the following functional areas present in the revenue and
receipts cycle: (LO 4)
a) Credit management
b) Invoicing
c) Recording of sales in the accounting records
d) Processing and recording of returns and other sales adjustments
14. Describe the purpose of each of the following documents/accounting records used in the revenue and
receipts cycle: (LO 6)
a) Internal sales order
b) Delivery note
c) Invoice
d) Credit note
e) Sales journal
f) Cash receipts journal
g) Debtors master le
15. State the source documents used in order to record the following in the cash receipts journal (cash
book): (LO 5 & 6)
a) A deposit is received from a customer via an electronic funds transfer.
b) A deposit is received from a customer via a direct deposit made at a branch of the company’s bank.
c) Physical cash is received from a debtor who settled his or her account.
d) A cheque is received from a customer through postal mail.
16. For each of the following risks, state whether the risk will result in an overstatement or an
understatement of revenue in the nancial statements and also state the revenue-related assertion
affected by each risk: (LO 7)
a) Fictitious sales are recorded in the sales journal.
b) A clerk incorrectly used a sales price of R22 for a particular item and not the official price of R30
when preparing an invoice for a customer.
c) A customer order is accepted and processed from a customer who has exceeded their credit limit,
without management approval.
d) Sales invoices were destroyed in a re and could not be recorded in the sales journal.
e) Sales transactions are deliberately omitted from the accounting records in order fraudulently to
reduce an entity’s tax liability.
17. For each of the following risks, state whether the risk results in an overstatement or an understatement
in the accounts receivable account balance and also state the accounts receivable-related assertion
affected by each risk: (LO 7)
a) Trade debtors become uncollectable, but are carried at their original (gross) values in the nancial
statements.
b) An entity delivers goods to a customer, but neglects to record a sale or create an account for the
debtor in the debtors master le.
c) e entity sold its debtors to a debt collection agency, but still shows the debtors in its nancial
statements.
d) A ctitious sale is recorded in the sales journal.
18. Formulate the control objectives of validity, accuracy and completeness in the context of a sales
transaction. (LO 10)
19. For each of the following risks: (LO 10)

• State the control objective that best relates to the risk;
• Describe the internal control(s) that should be in place to prevent and/or detect the risk; and
• State the assertion(s) affected.
Assume that physical products are sold and that no computerisation applies:
a) An invoice is recorded as a sale in the sales journal without the goods relating to the sale having
been delivered to the customer.
b) Not all sales transactions (invoices) are recorded in the nancial records.
c) A credit note is issued to a debtor who has not requested an adjustment to his or her account.
d) A sales transaction is incorrectly posted to a debtor’s account in the debtors ledger from the sales
journal through a transposition error (e.g. incorrectly as R1 240 and not correctly as R1 420). e
general ledger entries are, however, correct.
e) A cashier receives money from a debtor, but misappropriates the money for personal gain and
writes off the customer’s debt in the debtors ledger to conceal the theft.
20. Consider the following scenario: (LO 11)

In recent weeks, customers of Brickalot (Pty) Ltd have complained that their orders are not always acted
on and that short-deliveries are a general occurrence. Because of the resulting major customer
dissatisfaction, the company has started losing customers. On investigation by internal auditors
contracted by the company to resolve problems in its system of internal controls, it was found that:
a) Although internal sales orders (ISOs) are made out in sequential number order and are approved,
delivery notes are not always made out for all ISOs.
b) Goods are picked from the warehouse shelves and are loaded directly onto delivery vans that park
next to the shelves. At this stage, a delivery note is prepared by the warehouse staff member who
picked the goods.
Required: Identify and state the weaknesses in internal controls in the above scenario that may have led
to the customer dissatisfaction and describe the internal controls that should be implemented to
prevent the problems from recurring.
1 Source: US Securities and Exchange Commission news release. [Online]. Available: https://www.sec.gov/news/pressrelease/2016-218.html
2 Based on information found at: http://www.accountancysa.org.za/resources/ShowItemArticle.asp?ArticleId=625&Issue=449.
3 Information obtained and prepared from: ‘Non-audit services: How it affects the independence of the auditor’; Deon Basson, 2004. [Online].
Available: http://reference.sabinet.co.za/webx/access/journal_archive/10289003/28.pdf Reprinted by permission of e Southern African
Institute of Government Auditors (SAIGA).
Purchases and payments cycle CHAPTER 7
Gerrit Penning
CHAPTER CONTENTS
Learning outcomes
7.8 Cycle illustration: e purchase and payments cycle at Ntsimbi Piping
LEARNING OUTCOMES

3. Explain the accounting treatment required for the transactions in the cycle.
balances.
7. Identify and describe the risks of material misstatement in the cycle affecting account balances, classes
of transactions and events in the nancial statements.
8. Describe the computer technologies typically used in the cycle.
10. Describe how internal controls may assist in achieving the control objectives in the cycle and how
control objectives.
IN THE NEWS
SEC charges Bankrate and former executives with accounting fraud1
Extract from a securities2 fraud3 complaint submitted to the Securities and Exchange Commission,
United States of America
8 September 2015
The Securities and Exchange Commission today announced that Bankrate Inc. has agreed to pay
$15 million to settle accounting fraud charges. Three former executives are charged in the case that
involves fraudulent manipulation of the company’s nancial results to meet analyst expectations.4
The SEC alleges that Bankrate’s then-CFO Edward DiMaria, then-director of accounting Matthew
Gamsey, and then-vice president of nance Hyunjin Lerner, engaged in a scheme to fabricate
revenues and avoid booking certain expenses to meet analyst estimates for a key nancial metric:
adjusted earnings before interest, taxes, depreciation, and amortisation (EBITDA). Bankrate
consequently overstated its second quarter 2012 net income. Bankrate’s [securities] rose when the
company announced the in ated nancial results, and DiMaria allegedly proceeded to sell more than
$2 million in company [securities].
Lerner agreed to pay more than $180,000 to settle the SEC’s charges. The litigation continues
against DiMaria and Gamsey.
‘We allege that at the highest levels of its accounting department, Bankrate improperly in ated
its nancial performance to avoid falling short of Wall Street’s expectations,’ said Andrew J.
Ceresney, Director of the SEC’s Division of Enforcement. ‘Bankrate manipulated its nancial results
through numerous small accounting entries in order to meet analyst estimates on a key metric.’
According to the SEC’s complaint led in federal court in Manhattan: [extract of some complaints
only]
• After learning that Bankrate’s preliminary nancial results for the second quarter of 2012 fell
short of analyst estimates, DiMaria arbitrarily decided to increase the company’s revenue after the
end of the quarter.
• In addition to booking improper revenue, Bankrate, through the accounting executives, improperly
reduced certain expenses or failed to book them at all in order to meet analyst estimates.
• One of the expense accounts and related accrual account manipulated by Bankrate had been
used as a ‘cushion’5 account to manipulate the company’s nancial results for at least a year.
• DiMaria, Gamsey, and Lerner lied to the company’s auditor regarding the improper accounting
entries.
Lerner also agreed to be barred from serving as an of cer or director at a public company for ve
years and from public company accounting for at least ve years.
REFLECTION
What incentives do you think an entity might have to fraudulently overstate its pro ts by arti cially
understating its expenditure? Which of the entity’s stakeholders would you say could be affected by
such fraudulent manipulation of the nancial information?
On the other hand, do you think an entity might have an incentive to overstate its expenses in
order to understate its pro ts? Which stakeholders would be affected if this were the case?
of the cycle?
e purchases and payments cycle relates to an entity’s acquisition of goods and services from suppliers,
and payment to the suppliers in exchange. It is also sometimes referred to as the ‘acquisitions and payments’
or ‘requisitions to cheque’ cycle. e cycle does not deal with the purchase of capital assets (such as
investments, property, plant and equipment), which is dealt with separately in the investment and nancing
cycle in Chapter 10.
e main purposes of the cycle are to ensure that:

• Sufficient products and services are purchased at a competitive price in order to satisfy the demand from
customers;
• e purchase is promptly and appropriately recorded in the nancial records; and
• Suppliers are paid in a timely manner for only those goods and services actually purchased.
An entity needs to acquire goods and services from other entities in order to enable sales to its own
customers. Failure to acquire goods on time, or failure to acquire goods at all, may render an entity unable to
engage in further business activities. Similarly, an inability to pay suppliers in a timely manner may lead to
suppliers withdrawing their commercial ties with the entity.
WHAT What if an entity fails to provide goods to its customers within a reasonable time due to a
failure to acquire goods in time or if it fails to provide goods at all? What could the
IF? economic implications be for the entity?
Establishing good business relations with suppliers is an important component of an entity’s ability to
remain competitive. Not only can it result in reduced purchase costs, but will also contribute to an
uninterrupted supply chain of goods and services from the supplier to the entity and on towards the entity’s
customers. To maintain favourable supplier relations, an entity should, among other things, strictly adhere to
the payment terms as negotiated with suppliers, for example payment of all purchases within 30 days from
date of receiving the supplier’s invoice, in order to qualify for a purchase discount.
A supply chain is the process whereby products or services are transferred from a supplier to a customer.
Ensuring a continuous, unbroken supply chain may add to an entity’s ability to remain a viable business
concern.
It is typical of a successful business always to attempt to increase the ef ciency, effectiveness and
economy of its supply chain activities. A business may seek to automate (computerise) the bulk of
its purchases and payments cycle in order to gain further supply chain ef ciencies and maintain
control over increasing volumes of business information and transaction data.
7.1.2 Forms of purchases

Purchases may take a variety of forms, depending on the type of entity and the industry within which it
operates. Examples of different forms of purchases include:
• A construction entity purchasing raw materials such as cement, bricks and other materials for the
construction of a building;
• A manufacturing entity purchasing raw materials from a mine, a re nery or a farm for use in a
manufacturing process to produce nished goods;
• A wholesale entity purchasing manufactured goods for bulk sale to retailers;
• A retail business purchasing goods from a wholesale entity for sale to the general public; and
• Any entity acquiring various items such as fuel, stationery, maintenance and repair services for internal
use in the conduction of its business (i.e. not for resale).

e speci c internal controls in the cycle can vary from entity to entity. ere is no set recipe of controls that
can be applied to each and every business scenario. e risks facing individual entities will be a determining
factor in the internal controls that an entity will implement in the cycle. For example, some entities may be
heavily reliant on a small number of suppliers, which can lead to delays in production or even the entity’s
demise, should it not be able to obtain the necessary goods and services from these suppliers. For this
purpose, such an entity will implement additional measures beyond the standard procurement controls
addressed in this chapter in order to enhance its procurement process.
However, regardless of the type of entity making the purchase, the industry in which it operates, or the
type of goods or services it purchases, the purpose of the cycle and the objectives of the internal controls in
the cycle will remain the same. Accordingly, it is crucial to have a proper understanding of the nature and
purpose of the cycle and the typical risks an entity faces in the cycle.

e cycle makes speci c provision for routine purchase and payment transactions:
• For a purchase transaction to commence, an internal purchase requisition should be issued by the
department in the entity that requires the goods or services. is action will in turn lead to an order being
submitted to a supplier.
• For a payments transaction to commence, an invoice should become payable within the agreed payment
terms.
A transaction in the cycle will come to an end once the goods or services purchased have been received or
rendered respectively, payment to the supplier has been made, and the purchase and payment transaction
has been appropriately recorded in the nancial records.
e cycle will repeat itself each time a purchase or payment transaction is initiated.
Figure 7.1: The purchases and payments cycle
7.1.5 Example of a typical transaction in the purchases and payments

cycle
A routine transaction in the cycle will originate from an internal requisition. Should the warehouse (or raw
materials stores) for instance, identify a product with a low inventory level, the warehouse staff may request
that the entity’s procurement department initiate an order with a supplier. With the necessary approval, the
procurement department will order the goods from the supplier. e supplier will deliver the goods ordered
to the entity’s warehouse and request payment by sending the entity an invoice. e entity will record a
purchase in its nancial records and, at a speci ed time, pay the supplier, followed by the recording of the
payment.
Sometimes services are ordered instead of goods, for instance repairs to plant. e cycle operates in a
similar way for this type of transaction.
In some computerised systems it is possible to programme the computer to identify low inventory
levels. The software would trigger an alert or send a noti cation to the appropriate staff member in
the entity when a particular item of inventory has fallen to a certain minimum theoretical quantity.
Such automation may allow for faster identi cation of low-running inventory and can optimise the
purchase process accordingly. Automation however, does not change the need for an internal
requisition: it should still be generated in order to document the need for the item.

Transactions in the cycle have to be recorded in the entity’s nancial records and posted to speci c general
ledger accounts. e following accounts are affected by the cycle:
1. Statement of Comprehensive Income (classes of transactions and events)

Purchases of goods (periodic inventory systems)
• Cost of sales (perpetual inventory systems, and periodic inventory systems when purchases are
reversed at period end)
Refer to the Statement of Comprehensive Income of Ntsimbi Piping (page 8) and note the line item
‘Cost of Sales’. Also refer to its Detailed Income Statement in the supplementary information (page 25)
and note the item ‘Purchases’ under ‘Cost of Sales’.
• Period costs allocated to various expense accounts, including those accounts affected when services
are purchased (e.g. water and electricity charges, rental fees and security expenses).
Refer to the Detailed Income Statement in the supplementary information to Ntsimbi Piping’s nancial
statements (page 26) and note the detailed list of operating expenses (period costs).
2. Statement of Financial Position (account balances)
• Current assets:
• Cash and cash equivalents (including cash in bank accounts and cash on hand)
• Inventory (including raw materials, work-in-progress and nished goods)
• Current liabilities:
• Trade and other payables (including trade creditors, accruals and other payables).
Refer to the Statement of Financial Position of Ntsimbi Piping (page 7) for above line items.
7.1.7 Accounting treatment of certain speci c transactions in the cycle

7.1.7.1 Purchases or cost of sales?
Entities that operate a periodic inventory system record acquisitions as purchases in their nancial
records. After performing an inventory count at period end, the purchase entries will be reversed against
inventory (assets on hand remaining after the period’s sales) and cost of sales (expenditure relating to the
sales).
An entity that operates a perpetual inventory system will record acquisitions as inventory (current
assets acquired) in its nancial records. Immediately on the sale of the inventory to customers, an expense in
the form of cost of sales is raised. ere is no purchases account in a perpetual inventory system.
REFLECTION
By referring to the nancial statements of Ntsimbi Piping, can you determine the type of the inventory
system operated by the company?
In both the above-mentioned systems, accounts payable in the form of trade creditors are raised on
acquiring inventory on credit.
e journal entries will comprise the following:
Perpetual system Periodic system
Account Dr Cr Account Dr Cr
R R R R
i. Buy 1 000 items of inventory from supplier costing R2 000 in total (R2 per item)
Inventory 2 000 Purchases 2 000
Trade creditors 2 000 Trade creditors 2

000
ii. Sell 750 items to customer for a total of R2 250 (R3 per item)
Trade debtors 2 250 Trade debtors 2 250
Sales 2 250 Sales 2

250
Cost of sales 1 500 No entry
Inventory 1 500 No entry
iii. End-of-period inventory adjustment
No entry Inventory 500
No entry Cost of sales 1 500
Purchases 2
000
(Remaining 250 inventory items already up-to- (Remaining inventory items recorded as inventory
date in inventory records due to perpetual balance, reversing purchases and recognising the
recording after each transaction.) difference as cost of sales.)
7.1.7.2 Credit purchases

Purchases made on credit will lead to the creation of trade creditor accounts in the nancial records.
Transactions with trade creditors are typically recorded in the creditors subsidiary ledger, and allocated to
the trade creditors control account in the general ledger. e entity’s bank account will be used when
creditors are paid, affecting cash and cash equivalents.
An entity will arrange with each supplier what the supplier’s payment terms are for payment of
outstanding debt. A supplier may require that all its invoices be paid within 30 days of invoice (or
statement) date should the entity want to make use of a payment discount. Suppliers may also
charge interest for late payments beyond an allowed period. It is in an entity’s best interest to ensure
optimal cash ow is derived from favourable payment terms.
REFLECTION
Refer to document 2E (supplier statement) in the appendix at the end of the book. Can you
determine the date on which the balance on the statement is due for payment?
7.1.7.3 Accruals
Accruals is a form of liability recorded in the statement of nancial position at the year-end. It relates to
existing liabilities that have not yet been paid at year-end and which have not yet been included in accounts
payable. Accruals may, for example, relate to water and electricity services received from the municipality,
but which have not been paid for at the year-end, as no invoice has yet been received from the municipality.
An accrual will be raised at year-end to record an outstanding liability payable to the municipality. In the
subsequent period, the accrual is reversed against the relevant expense account. Refer to Figure 7.2 for a
municipal bill that was subsequently received and which will reverse the accrual previously created for the
bill.
Figure 7.2: Municipal bill
Other expenses that may result in the need to accrue for liabilities include:
• Telephone accounts for which invoices are only received in the period following the month in which the
calls were made (refer to Figure 7.3 for an example of a telephone account);
• Contractual expenses paid only in the period subsequent to the month in which the goods were received
or a service was rendered to the entity; and
• Salaries and wages or any other expenses incurred before year-end, but which are only paid after year-
end and are not normally included in trade creditors or other liability accounts.
WHAT What if an entity has received goods from a supplier before the nancial year-end, but the
supplier has not invoiced the entity yet. Will accruals be affected? What would the effect
IF? on net pro t for the nancial year be if the entity neglects to accrue for the outstanding
invoice?
Figure 7.3: Telephone account
7.1.7.4 Expenditure or capitalisation?

It is important to distinguish between transactions that relate to the acquisition of items that are of a capital
nature (resulting in the creation of an asset balance in the Statement of Financial Position) and transactions
that relate to expenditure (re ected in the Statement of Comprehensive Income). e Conceptual
Framework for Financial Reporting makes an explicit distinction between an asset (an item of capital nature
written down over its useful life) and an expense (an item expensed in the year in which it was incurred).
Certain items, such as repairs and maintenance expenses, cannot be capitalised (i.e. recognised as an
asset), as they do not meet the recognition criteria of an asset and should therefore be expensed. Other
expense items, however, may sometimes meet the de nition of an asset and should then be capitalised.
ese items include certain types of interest, development costs and lease payments.
What if an entity were to purchase consumables for its of ce (such as cleaning materials,
WHAT small kitchen utensils and stationary) and instead of expensing it, the entity capitalises
IF? the items as assets. What would the effect on the entity’s total assets in the nancial
statements be? And on its net pro t? Which accounts will be over or understated as a
result?
7.1.7.5 Other expenditure and payment transactions

Transactions that are generally classi ed under other business cycles (e.g. the investment and nancing
cycle) may be affected by risks and controls in the purchases and payments cycle. When interest on loans, for
example, is paid in cash, or when cash dividends are distributed to shareholders, the transaction will result
in a cash out ow for the entity and will be affected by this cycle’s controls relating to payments.
Refer to the ‘Detailed Income Statement’ in the supplementary information to Ntsimbi Piping’s nancial
statements (page 25) for examples of speci c transactions and events relating to types of expenditure other than
purchases and cost of sales.
7.1.7.6 Acquisitions from foreign suppliers
e nancial record keeping for acquisitions from foreign suppliers is complex and falls mostly outside the
scope of this text. Only the conversion of transactions and balances between local and foreign currency is
explained here.
7.1.7.6.1 Date of acquisition

Should acquisitions be made from foreign suppliers, it is important that the entity establishes the exact time
at which control of the goods purchased are transferred to the entity. is point in time will determine the
date on which the entity has to record the transaction in its nancial records.
7.1.7.6.2 Currency exchange rates

On the date when control of the acquired goods is transferred, a transaction with a foreign supplier has to be
recorded at the spot rate. e spot rate is the currency exchange rate ruling on date of the purchase
transaction. In addition, according to IAS 21, the liability should be recalculated at the closing rate at each
subsequent reporting date.
In other words, if the amount owing to the supplier is still outstanding at reporting date (i.e. year-end),
the entity will have to recalculate the outstanding liability with reference to the period end (closing) exchange
rate. Any exchange difference resulting from the application of the spot rate and closing rate to the liability
has to be recorded as a foreign exchange gain/loss to pro t or loss.
Terms that one will encounter when importing goods

• Free on board (FOB): The seller delivers when the goods pass the ship’s rail at the named port of
shipment. This means that the buyer has to bear all costs and risk of loss of or damage to the
goods from the port of shipment to the nal destination. The FOB term requires the seller to clear
the goods for export.
• CIF (Cost, insurance, freight): The risks of ownership are transferred to the buyer once the goods
are loaded on the vessel (pass the rail of the ship) and apply to transport by sea/inland
waterways only. However, the seller must pay the costs and freight necessary to bring the goods
to the named port of destination and is responsible for a minimum insurance coverage against
the buyer’s risk of loss or damage to the goods.

7.2.1 Description of functional areas
For a typical retail entity purchasing goods from suppliers on credit, the following functional areas in the
purchases and payments cycle will apply:
1. Purchase requisition (requesting of goods and services);
2. Ordering goods and services;
3. Receiving goods and services;
4. Recording of purchases;
5. Payment preparation;
6. Paying the supplier;
7. Recording payments; and
8. Returning goods and recording a purchase adjustment.
A brief summary of each functional area follows.
1. Purchase requisition
Purpose: To ensure that an entity’s operational and sales requirements are met timeously.
Main activities: Determining anticipated sales levels using sales forecasts and budgets; identifying inventory
that is at low levels and needs replenishment, or services that are required; preparing a requisition and
obtaining authorisation therefor; requesting the procurement department to obtain goods (including raw
materials for the production process – refer to Chapter 8) from suppliers.
Persons involved: Depends on department in the entity that initiates the requisition, such as the sales
department, warehouse or factory.
2. Ordering goods and services from suppliers

Purpose: To ensure that purchases are made from reliable suppliers in a cost-effective and timely manner,
based on approved requisitions.
Main activities: Identifying the most suitable suppliers; obtaining quotes; negotiating competitive prices;
ordering goods and services from suppliers; following up on long-outstanding orders.
Persons involved: Buying staff in procurement department.
3. Receiving goods and services from suppliers

Purpose: To ensure that all goods and services ordered from suppliers are received in accordance with an
approved purchase order.
Main activities: Receiving and accepting delivery of goods from suppliers at receiving bay; checking quantity
and quality of goods received; transferring goods into warehouse; recording inventory received in inventory
system; receiving services from suppliers and ensuring that a service has been sufficiently rendered by the
supplier at the required quality.
Persons involved: Goods receiving clerk in warehouse/factory stores; designated staff member signing off as
proof of a service having been rendered to the entity.
CRITICAL THINKING
Why do you think the ordering and the receiving of goods and services are two separate functions?
What are the risks involved in relation to the possible misappropriation of the purchased goods or
services should the staff member ordering the goods or services also receive them and take
custody of them?
4. Recording of purchases
Purpose: To ensure that all valid purchases made are accurately accounted for in the entity’s nancial
records, and in a timely manner.
Main activities: Recording purchases, cost of sales and other expenses and related creditors (liabilities) in
the nancial records; performing creditors reconciliations.
Persons involved: Accounts payable clerk and senior bookkeeping clerk (accounting department).
5. Payment preparation
Purpose: To prepare payment timeously for purchases that are payable to suppliers.
Main activities: Performing reconciliations of the supplier’s account in the entity’s records to the supplier’s
statement; preparing payment documentation based on valid supporting documents.
Persons involved: Accounts payable clerk and senior accounting staff (accounting department).
6. Paying the supplier

Purpose: To pay suppliers based on valid payment documentation.
Main activities: Approval of payment to suppliers; paying suppliers by cheque, cash, direct deposit or EFT.
Persons involved: Management staff authorised to approve payments.
CRITICAL THINKING
Why do you think senior staff members, usually at management level, are responsible for the
payment of suppliers, rather than the clerks responsible for the recording of purchases? Consider
for instance the risk that exists from a bookkeeping clerk creating a creditor account and posting a
purchase invoice to the account and subsequently paying that creditor a certain amount to settle the
apparent debt.
7. Recording payments
Purpose: To record properly all payments made to suppliers in the entity’s accounting records.
Main activities: Recording of payments in the books of primary entry and posting the payment to the
subsidiary and general ledgers.
Persons involved: Cash book clerk (accounting department).
8. Returning goods and recording a purchase adjustment

Purpose: To return unsatisfactory (e.g. damaged or faulty) goods previously purchased and to record the
transaction as a purchase return; to record other adjustments to supplier accounts, such as where incorrect
prices or item quantities have been invoiced by a supplier.
Main activities: Returning goods to suppliers; updating the inventory system with the returned goods;
initiating and recording a debit note.
Persons involved: Warehouse staff (return of goods); accounts payable clerk (recording); senior nancial
and accounting staff (authorisation and review).

Various originating departments
1. The requisition of goods and services will originate from various departments in the entity, where
approval for the purchase will also be granted usually by the departmental/warehouse manager.
Procurement department Warehouse (Stores) Accounting department
2. Ordering goods and services 3. Receiving goods from 4. Recording of purchase

from suppliers suppliers 5. Payment preparation
8. Returning goods to suppliers 6. Paying the supplier
7. Recording of payment
8. Recording of purchase returns

7.3.1 Accounting for purchases and payments transactions
e purchases and payments cycle forms part of an entity’s information system, which includes the
accounting system. e information system aims to achieve management’s control objectives of validity,
accuracy and completeness of nancial information. is information eventually forms part of the entity’s
nancial statements.
7.3.1.1 Routine transactions and the use of speci c journals in the cycle
e documents shown in Figure 7.4 will ordinarily be used to enter routine purchases (and related returns)
and payment transactions into speci c books of primary entry (journals) in the accounting system, should
goods be purchased from suppliers on credit.
Figure 7.4: Documents in the purchases and payments cycle
7.3.1.2 Non-routine transactions and the use of general journals in the cycle
On occasion, a non-routine transaction or event, including adjusting entries, may occur. ese will not be
recorded on standard documentation or in a speci c journal. In such instances, a general journal voucher
will be used to record the transaction or event in the general journal. An example of non-routine
transactions in the cycle is the raising of accruals (refer to section 7.1.7.3).

As a purchase or payment transaction ows through the information system of an entity, source documents
will be created in each functional area to document and track the transaction, among other things. A list of
supporting documents, records, reports and reconciliations that may be found in the purchases and
payments cycle is discussed below.

1. Master le amendment form (computerised systems)
A master le amendment form is completed in a computerised system each time a creditor’s (supplier’s)
details are to be changed on the creditor master le (the creditor master le represents the creditors ledger in
a computerised system), or if a creditor is to be added to or removed from the master le. For example, if a
new supplier has been selected to provide goods or services to the entity, a document approving the supplier
will be attached to the master le amendment form to support the amendment to the master le.
Example: Refer to document 2C in the appendix at the end of the book.
2. Purchase requisition
A purchase requisition is created when a need for goods or services is identi ed in the entity. A requisition
may originate from various sources in the entity, including the warehouse or factory (e.g. when low inventory
levels are identi ed), the sales department (e.g. based on customer orders received for out-of-stock items) or
any department requiring items or services for use in the entity (e.g. the administrative offices requiring
stationery such as printer cartridges or paper).
A purchase requisition has to be authorised by the relevant departmental supervisor or manager
(including the warehouse manager if the requisition originates from the stores), depending on the approval
structure in the entity. A purchase requisition is usually not sent to the supplier – it remains an internal
document used only by the entity to initiate the purchasing process.
3. Quotation
e department requisitioning the goods or services, or the procurement department, may have to obtain
quotations from one or more suppliers (depending on the procurement policy of the entity). A quotation
stipulates the best price of the goods or services offered by the supplier. Quotations from different suppliers
can then be compared and the best quotation (based on a combination of factors such as price and quality)
can be accepted. Obtaining quotations can further ensure that the entity receives relevant or appropriate
goods and services to meet its requirements at a cost-effective price and that the entity is not biased towards
a certain supplier for unacceptable reasons.
WHAT What if an entity was to allow its buying department to order goods or services from any
supplier without obtaining quotations? Consider the possible nancial consequences for
IF? the entity and the effect that this leniency may have on the business relationships between
the entity and its customers.
4. Purchase order
A purchase order is an internally created, sequentially numbered document that is sent to the supplier
indicating the goods or services needed by the entity. It contains the quantity, description and, in some
cases, the price of the items required. A purchase order will typically be based on the approved internal
requisition and will be referenced to a quotation if a quotation was received from the supplier. e purchase
order will further stipulate the delivery address where the supplier must deliver the ordered goods or
services to.
5. Supplier delivery note
e supplier delivery note (prepared by the supplier) is a document that speci es the details of the goods
delivered to the entity. When a supplier delivers goods to the entity, the supplier will provide the entity with a
copy of the delivery note, which the receiving staff member signs as proof of acceptance of the delivery. is
external document serves as proof that goods have been delivered by the supplier and that the goods have
been accepted by the entity. It contains the quantities and descriptions of items delivered, but may not
contain item prices. Similarly, for services rendered, a delivery note (or appropriately named equivalent
document such as a job card) will be provided to the entity by a supplier to serve as proof of the service
having been rendered.
6. Goods received note (also referred to as a goods receipt)

A goods received note (GRN), a written record created by the entity’s staff on taking custody of inventory
from suppliers, indicates the quantities and descriptions of goods received and serves as documentary proof
that the entity did receive the ordered goods. e GRN also indicates the date on which the goods were
received, prompting the accounting department to record the purchase in the nancial records with
reference to the amounts on the supplier invoice.
Note that for services rendered, a GRN will not apply as no goods are delivered. e supplier would typically
request the entity to sign the supplier invoice or a job card as proof that the services stipulated on the document
have been rendered. A job card sets out the details of the work done by the supplier.
What if a GRN is not created for goods received and only the supplier’s delivery note is
WHAT signed and used as evidence of the goods having been received? What could the potential
IF? effect be on an entity’s inventory records and accounts payable records as a result of this
shortcoming in its purchases cycle?
7. Supplier invoice
An invoice is a supplier’s documented instruction to the entity that the entity owes it compensation for goods
delivered or services rendered. e invoice contains the quantity and description of goods delivered/service
rendered, as well as the amounts charged for the goods/services. e invoice may further indicate payment
terms and conditions (e.g. the payment due date or discount eligibility, if applicable). In most instances, a
separate invoice will be generated for each purchase transaction.
CRITICAL THINKING
Can you think of possible nancial consequences for an entity if it was to pay a supplier upon receipt
of an invoice for goods sold by the supplier, without rst ensuring that a goods received note has
been created by the warehouse staff who took custody of the goods?
8. Supplier statement
A supplier statement is received from a supplier at periodic intervals (e.g. once a month). It indicates the
entity’s outstanding balance with the supplier, made up as follows:
• Balance carried forward from the previous period’s statement (if unpaid);
• All amounts invoiced since the previous statement date;
• Any subsequent adjustments made to the entity’s account by the supplier (such as credit notes granted for
goods returned);
• Payments received from the entity since the previous statement date;
• Any payment discounts for which the entity quali ed; and
• e ageing of the entity’s outstanding balance (current, 30 days, 60 days, etc.).
9. Remittance advice and proof of payment
A remittance advice is sent by the entity to the supplier to accompany a payment and indicates which
invoice(s) the payment relates to.
In addition, a proof of payment document may be sent to the supplier after payment has been made to
inform the supplier of the payment having been made. With EFT systems, such as through internet payment
facilities, the entity can request via the EFT system that the bank automatically notify the supplier of the
payment made, whether through fax, SMS or email.
Example: Refer to document 2F and document 2G in the appendix at the end of the book.
10. Goods returned to supplier voucher
A goods returned to supplier voucher (GRSV) is a document indicating the quantities and descriptions of
goods that are returned to a supplier. Several reasons may result in an entity returning goods previously
purchased, for example unsatisfactory or defective goods received from the supplier and broken/damaged
goods sent back by customers (which should be returned to the supplier if they are still under warranty).
11. Debit note
A debit note is a documentary request to a supplier to debit the entity’s account, in other words to reduce the
outstanding debt owing by the entity to the supplier. A debit note may, for instance, be created due to a
purchase return (see goods returned to supplier voucher above). e debit note indicates the quantity and
description of goods being returned and the amount of the debit requested (usually equal to the price of the
goods involved as per the supplier’s invoice). e entity records a debit entry in its creditors ledger, reducing
the outstanding balance it owes to the supplier, after recording a debit note in the purchase returns (or credit
adjustments) journal.
1. Purchase journal
e purchase journal is a book of primary entry in which routine purchase transactions are recorded. Cash
purchases are not recorded in the purchase journals, only credit purchases. (Cash purchases are posted to
the purchases account in the general ledger from the cash book.) Purchase transactions are commonly
recorded in the number sequence of GRNs. Daily purchase totals are posted from the purchase journal to the
purchases account and the creditors control account in the general ledger.
In order to record a purchase in the purchase journal (and, resultantly, a trade creditor in the
creditors ledger), a bookkeeper will require the following documents (for the purpose noted in
brackets):
• Purchase order (proof of authorisation of the purchase);
• Supplier delivery note (supplier name and proof that goods were delivered);
• GRN (further proof that goods were delivered and actual quantity of goods accepted from supplier
and classi cation of the expense); and
• Supplier invoice (supplier name and prices invoiced).
Once these documents are matched, it makes sense to record purchases in the purchases journal in
GRN number sequence, as this will facilitate the identi cation of goods received (for which the entity
is liable to pay the supplier), but which have not been recorded (i.e. ensuring the completeness of
recording of purchases).
WHY? Why would purchase transactions be recorded in GRN number sequence in the purchase
journal and not in the sequence in which or on the date when supplier invoices are
received? Consider the timing difference between the receipt of goods and the receipt of
invoices from suppliers and the risk involved for proper cut-off of the purchase transaction:
a supplier might not necessarily supply an invoice with the delivered goods. And goods
could be received a few days before the entity’s nancial year-end, while the invoice from
the supplier is only received several days after year-end.
WHAT What would the purchase journal look like if the entity uses a computerised system?
The purchase journal may be referred to as the ‘purchases transaction le’. If one could
IF? download the purchases transaction le from the computer system and open it on a
computer screen, it would resemble a spreadsheet or set of data, consisting of the same
columns one would nd in a typical purchase journal (called ‘data elds’ in the
computerised system) and numerous rows (‘records’ of individual purchase transactions).
2. Cash payments journal (cash book)

e cash payments journal is a book of primary entry in which all payment transactions are recorded. Such
payments may relate to cash expenses (including cash purchases) and payments made to suppliers for
goods/services previously acquired on credit. Should a cash payment be made to a creditor, the payment will
be posted from the cash book to the creditor’s account in the creditors ledger (and (as part of a total) to the
creditors control account in the general ledger).
3. Purchase returns journal (or credit adjustments journal)
e purchase returns journal is another book of primary entry, used for the recording of debit notes. It
contains a summary of all transactions involving the return of goods to suppliers (purchase returns) and
other debits obtained from a supplier (e.g. adjustments in item quantities or unit prices incorrectly invoiced
by a supplier and subsequently corrected).
In order to record a purchase return in the purchase returns journal, the following will be needed:
• Original supplier invoice to which the return relates (description and price of goods returned);
• Goods return voucher (GRV) (authorisation for the return; contains the description and quantity of
goods returned and supplier name); and
• Debit note (approval for the recording of the return; contains description, price and quantity of
goods returned to supplier).
4. General journal
e general journal, also a book of primary entry, contains a record of all non-routine transactions and
events and adjusting entries not allocated to the above specialised books of primary entry.
Example: Refer to document 2L in the appendix at the end of the book.
5. Creditors ledger (a subsidiary ledger to the general ledger)
e creditors ledger contains a detailed record of all transactions (invoices, payments, purchase returns and
adjustments) applicable to creditors. Each creditor has its own account in the creditors ledger. e closing
balance per the creditors ledger should represent the outstanding debt payable by the entity to the supplier
according to the entity’s records and should be the same as the balance on the creditors control account in
the general ledger, unless reconciling items exist (refer to section 7.3.5 below).
6. General ledger
e general ledger contains accounts drawn from all books of primary entry affected by the cycle to serve as
a collection point for transactions that occurred in the cycle. e general ledger facilitates the preparation of
a trial balance and the nancial statements. e use of a creditors control account in the general ledger
further facilitates the validity, accuracy and completeness of the accounting records, as the balance on this
control account can be compared to the total of the subsidiary ledger (creditors ledger) on a monthly basis.

1. Creditors master le
Manual system equivalent: Creditors ledger
e creditors master le is a database on an entity’s computer system containing all permanent (standing)
data relating to the entity’s trade creditors. Standing data includes data elds such as the creditor’s name,
address, contact details and any applicable payment terms. In addition, the creditors master le serves as the
creditors ledger in a computerised system, implying that it contains the transactions that were undertaken
with a supplier, as well as the outstanding balance owing.
2. Inventory master le
Manual system equivalent: Inventory listing or Inventory register
e inventory master le is a database containing the quantities of inventory on hand, together with
standing data pertaining to the inventory, for example inventory code, description and location.
7.3.4 Reports
1. Creditors list
A creditors list is printed from the creditors master le (computerised systems), or can be manually prepared
using the balances due to each supplier in the creditors ledger (manual systems). A computer application
will commonly allow a user to choose which information (data elds) to include in the list, for example
creditor’s code, name and balance due. e total outstanding balances when adding all individual creditor’s
balances should agree with the grand total due to all creditors according to the creditors ledger (as well as
the creditors control account in the general ledger).
2. Creditors age analysis

e creditors age analysis is an extended creditors listing that also contains a breakdown of the balance
owing to each creditor in terms of the balance’s ageing, for example current balance, 30 days, 60 days and 90
days, etc.
Example: Refer to document 2M in the appendix at the end of the book.
1. Supplier statement reconciliation
A supplier statement reconciliation is made between the outstanding balance owing to a creditor as per the
creditors (subsidiary) ledger (internal accounting information) and the balance owing as re ected on the
statement received from the creditor/supplier (external information). It is an internal reconciliation
performed by the entity’s staff.
e reconciliation re ects all reconciling items that cause the balances not to agree. A reconciling item
may exist due to the entity having recorded a transaction with the supplier, but which the supplier has not yet
recorded in its nancial records, or vice versa.
Reconciling items may also exist due to disputes with suppliers (e.g. when one party records an amount
which is different from the other party’s amount). It is important that the reconciling items not include
amounts that are in fact errors in the entity’s own records – these should be corrected by way of an
appropriate adjustment to the entity’s records.
A supplier statement reconciliation is a critical accounting function, particularly where payments to
suppliers are based on the supplier statements and not on supplier invoices.
Example: Refer to document 2N in the appendix at the end of the book.
What if an entity does not perform a supplier statement reconciliation before it pays a
WHAT supplier ‘on statement’ – what are the risks associated with the disbursement? In
IF? considering this matter, ask yourself whether the supplier could have made a mistake on
its statement. Do you think the entity’s accounts payable staff could perhaps have made a
mistake in the entity’s internal records? How would a reconciliation bene t the accounting
process in such a case?
Pay on invoice or on statement?

An entity can pay its suppliers based either on invoices or on monthly statements received from the
supplier.
Paying on invoice implies that the payment being made to a supplier is based on individual
invoices. For each invoice received, a corresponding payment will be made. Paying on invoice may
thus simplify record keeping in relation to trade creditors as each invoice received is simply matched
to supporting documentation and then paid. However, an entity may run the risk of an invalid
payment being made:
• Should the supplier accidentally send the same invoice twice;
• Should the supplier send an inaccurate invoice;
• Should an adjustment relating to the invoice have been processed subsequent to the invoice
being received; or
• If a false invoice is received from an unauthorised party.
These risks apply especially to entities where controls over payments are weak, such as where
supporting documentation is not properly kept or reviewed before payment, or where supporting
documentation is not cancelled after payment and can therefore be resubmitted for a future
payment. The risks are lower where an invoice received is matched to both a purchase order and
GRN before payment to reduce the likelihood of an invalid payment being made.
Paying on statement implies the payment of an amount determined with reference to the
outstanding balance re ected on a supplier’s statement, which is usually received on a monthly
basis. Paying on statement requires that a supplier statement reconciliation be prepared before
payment is made, ensuring that the amount to be paid reconciles with the outstanding supplier
balance in the entity’s creditors ledger. Although paying on statement will require more detailed
record keeping of transactions with suppliers, it can assist in avoiding invalid, double or
overpayments, as the entity will not pay an outstanding balance if not adequately supported by
detailed purchase transactions in its own accounting records.
2. Creditors reconciliation
A creditors reconciliation reconciles the creditors control account in the general ledger with the creditors
(subsidiary) ledger. When adding all creditors’ balances in the subledger, the total outstanding balance
owing to all creditors should agree with the outstanding balance per the creditors control account.
Such a reconciliation will identify purchase, payment or purchase return transactions recorded in the
primary journals and posted to the general ledger, but which have not been posted to the subsidiary ledger. It
can also identify double or other inaccurate postings to the subsidiary ledger.
7.3.6 Illustration: Transaction ow in the purchases and payments cycle

e following diagrams in Figure 7.5 show the typical ow of a purchase (and related returns) and payment
transaction through the cycle. e diagram depicts an entity that purchases goods from suppliers on credit.
Note that entities differ regarding the exact nature of the ow of the purchase and payments transactions,
the names, types and numbers of copies of documents and the application of the internal controls. Any
purchases and payments cycle should, however, address the risks facing the entity relating to purchases and
payments in order to achieve the control objectives of validity, accuracy and completeness of nancial
information relating to this cycle.
Figure 7.5: Transaction ow diagram
ere are various risks of misstatement relating to the nancial information produced in the purchases and
payments cycle. Should a misstatement be material and it is not corrected, the nancial statements will not
be fairly presented. e following risks of misstatement, whether due to fraud or error, apply to the cycle.

Financial reporting risks may result from the fraudulent manipulation or the erroneous recording or
omission of nancial information.
7.4.1.1 Expense transactions

• Not all purchase transactions, other expense transactions or accrual events are recorded (i.e. expenses are
incomplete, which will also result in incomplete accounts payable balances should those
transactions/events relate to credit expenses). is risk may result in:
• An overstatement of pro ts which will incorrectly portray a more favourable nancial performance for
the entity as reported in its Statement of Comprehensive Income; and/or
• An understatement of liabilities, which will improperly lead to more favourable liquidity or solvency
ratios as reported in its Statement of Financial Position.
• Invalid purchases or other expenses are recorded, resulting in a reduction in pro ts, with a resultant
inappropriate reduction in taxable income. ‘Invalid’ may include transactions that were never authorised,
or transactions that never took place (i.e. ctitious transactions). is misstatement risk will also result in
an overstatement of the accounts payable balance should the expenditure relate to credit purchases.
Note that the theft of inventory does not create an under or overstatement risk for purchases or
accounts payable. (It does, however, create an overstatement risk for inventory.) In most cases, as
soon as there is evidence of the entity having taken control of the goods, usually evidenced by
acknowledgement of receipt through the signing of a delivery note (or sometimes through the
realisation of a condition in an agreement), a purchase transaction occurs and the entity becomes
liable for payment to the supplier. Should goods be stolen before being received by the entity’s staff
(i.e. in transit to the entity), there is no misstatement risk for the entity as control over the goods
has not yet transferred from the supplier. The goods remain the property (and risk) of the supplier
until the entity has taken control of the goods (or as per the conditions of an agreement, if
applicable).
• Purchases or other expense transactions are not recorded accurately, leading to expenditure and
accounts payable or accruals balances being either under- or overstated. Such misstatements might occur
where a purchase transaction, for instance, is inaccurately recorded in the purchase journal from the
supplier invoice by recording an incorrect price. For example, the supplier charged R230 for item A on its
invoice, but the entity’s bookkeeper erroneously recorded an amount of R320 in the purchase journal. e
result is an overstatement of purchases (or inventory in a perpetual system) and an overstatement of the
trade creditor liability.
• Purchase or other expense transactions are not recorded in the nancial period to which they pertain.
Such incorrect cut-off of purchase transactions may result in either:
• An overstatement of expenditure/accounts payable if the transaction took place in a different nancial
period than the one in which the transaction was recorded; or
• An understatement of expenditure/accounts payable if the transaction took place in the nancial
period under consideration, but was recorded in a preceding or subsequent period.
• Purchase or other expense transactions are not classi ed in the appropriate account in the nancial
records, leading to either an over or understatement of expenditure and possibly accounts payable should
the transaction relate to a credit purchase.
CRITICAL THINKING
Can you identify from the above the risk(s) which may apply in the following cases?
• A director of an entity fraudulently records a personal expense incurred by the director in his/her
private capacity, as a business expense of the entity.
• Goods are received by the warehouse and taken custody of, but because of circumstance, the
warehouse staff neglect to ever create a goods received note.
• Goods are received by the warehouse on the last day of the nancial year, but due to the
computerised system having gone off-line, the warehouse staff could only create the necessary
goods received notes on the computer system several days later.
• On the last day of the nancial year, a bookkeeper responsible for expense accounts enquired
from the municipality as to when the invoice relating to the water and electricity account for the
last month of the entity’s nancial year would be received. The municipality couldn’t provide the
bookkeeper with an answer. Accordingly, the bookkeeper decided not to take any further action in
relation to the accounting records for the particular nancial year.
7.4.1.2 Payment transactions

• Not all payments made to suppliers are recorded, leading to an overstatement of the accounts payable
balance and an overstatement of the cash book balance.
• Invalid payment transactions are recorded, resulting in an understatement of accounts payable and
possibly an understatement of the bank balance.

Misappropriation risks relate to misstatements in the nancial statements as a result of theft of assets. Assets
affected by the cycle are inventory and cash. Such risks include, among others:
• Goods received from a supplier and recorded as inventory, but stolen by parties (either internal or
external to the entity) before they can be sold to customers. Effect on nancial statements: overstatement
of inventory (if shortage is not detected during an inventory count and subsequently corrected); and
• eft of cash (either physically or through electronic means) before suppliers are paid, resulting in an
invalid party being paid instead of the actual supplier. Effect on nancial statements: none, as the trade
creditor would still be owed the money while a payment would have been recorded in the cash book.
In order to reduce or eliminate the above-mentioned nancial reporting and misappropriation risks,
management will implement and maintain a system of internal controls to achieve the control objectives of
validity, accuracy and completeness of nancial information related to purchases (and related returns) and
payments transactions.
Unauthorised purchases and payments in a supply chain process
An entity’s supply chain activities are a prime target for theft and fraud, as they involve:
• Obtaining assets (which can be misappropriated through theft or unauthorised use); and
• Payment of money to outside parties (which can be misappropriated through overpayments or
unauthorised payments).
Common instances of fraud in a supply chain process may include:

• Not procuring goods through the established levels of procurement authorisation. For example, an
entity’s procurement policy states that staff at assistant managerial level may authorise the
acquisition of goods and services up to a maximum of R20 000 per order, while senior managers
may request goods up to R40 000 per order. If, in this scenario, an assistant manager were to
authorise an order to the value of say, R50 000 and thus exceed his level of authority, it may lead
to unnecessary goods being purchased (unauthorised) or the misappropriation of the goods for
personal use (theft) if not detected;
• Obtaining goods and services from parties that are related to the entity (e.g. purchasing goods
from a company owned by a director of the entity) while the procurement policy of the entity
explicitly disallows purchases from related parties;
• Procurement staff colluding with a supplier to place orders at excessively high prices in exchange
for kickbacks from the supplier;
• Adding ctitious suppliers to an entity’s supplier database with resultant unauthorised payments
to the ctitious suppliers;
• Loss of funds if payments are made for goods and services never received; and
• Abuses through various means in a tendering process whereby the most appropriate supplier who
tendered or quoted is not awarded the tender.
The above unauthorised actions may also lead to invalid nancial information being recorded in the
nancial records.

Various computer technologies can be applied in the purchases and payments cycle. Some examples of such
technologies are discussed below.

An entity may choose to pay its suppliers by means of an EFT facility (refer to the appendix of Chapter 5 for
details). Some banks provide a dedicated online payment facility onto which an entity can load all its
intended supplier payments and have the payments electronically transferred to the suppliers’ bank
accounts.
7.5.2 Electronic data interchange (EDI)

An EDI system enables an entity to process business transactions with its suppliers with minimal manual
intervention. EDI is an electronic communication system between an entity and its suppliers whereby both
parties are connected to a joint computer network through which electronic data can be transferred (in a
structured format), back and forth. e internet or a wide-area network might be used as the medium
through which the EDI information is communicated.
Purchase orders can, for example, be placed through EDI, enabling the supplier to receive the purchase
order on its sales order system directly (i.e. without the customer having to phone, fax or email the purchase
order to the supplier).
An EDI system can further assist with dedicated backorder, goods delivery and payment facilities
between the entity and the supplier.

also applies to the entity’s purchases and payments cycle. Should an entity not be able to avoid these risks,
the purchases and payments transactions recorded in its accounting records might be invalid, inaccurate or
Accordingly, management implements application controls (refer to Chapter 5 section 5.9) to ensure that
purchases and payments transactions (including any adjustments) are valid, and are completely and

Validity, accuracy and completeness of purchase and payment information comprise the control objectives
that management aims to achieve to address the major risks present in the cycle.
To ensure that the recorded purchases and payments transactions are valid, these transactions should:
• Have been authorised in terms of management’s policy;
• Relate only to genuine transactions that occurred (i.e. are not ctitious);
• Have been recorded in the year to which they pertain; and
• Be supported by sufficient documentation.
To ensure that purchase and payment transactions are accurate, they should be recorded at the appropriate
amount. ‘Appropriate’ implies that all amounts were calculated correctly (in terms of quantity and price in
respect of goods purchased and in terms of price where services have been rendered). Accuracy further
entails that internal controls ensure these transactions are correctly classi ed in terms of their nature and
recorded in the appropriate accounts.
To ensure that purchase and payment transactions are complete, all purchase and payment transactions
that occurred in a given period should have been recorded in the accounting records and recorded in a
timely manner. No purchase or payment transaction that occurred should thus be omitted from the entity’s
accounting records.
Table 7.2 summarises the consequences if the control objectives are not achieved.
control objectives can be achieved either manually (a person performs the internal control) or by automated
Table 7.2: Consequences if control objectives not achieved
CONSEQUENCE FOR ENTITY’S FINANCIAL STATEMENTS IF

CONTROL OBJECTIVES ARE NOT ACHIEVED (INTERNAL CONTROLS
CONTROL OBJECTIVE HAVE FAILED)
Purchases and purchase returns Payments
Validity Fictitious or unauthorised Invalid payments (e.g. recording

purchases, or purchases in the wrong period):
recorded in the incorrect understatement of accounts
nancial period: overstatement payable and bank and cash
of expenditure and accounts account (invalid payment
payable due. inappropriately reduces liabilities
and bank/cash funds).
Fictitious or unauthorised
purchase returns, or purchase Invalid payments (due to
returns recorded in the incorrect misappropriation – e.g. employee
nancial period: understatement paying personal expenses that
of expenditure and accounts are recorded as entity expenses):
payable. overstatement of expenditures.
Accuracy Inaccurate purchases and Inaccurate payments: over or

purchase returns: over or understatement of accounts
understatement of expenditure payable and bank and cash
and accounts payable depending account depending on nature of
on the nature of the inaccuracy. misstatement.
Completeness Incomplete purchases: Incomplete payments:

understatement of expenditure overstatement of accounts
and accounts payable due to payable and bank and cash
unrecorded purchases. account (non-payment results in
the balances not being reduced).
Incomplete purchase returns:
overstatement of expenditure
and accounts payable due to
unrecorded purchase returns.
e following examples illustrate in broad terms several ways in which the control objectives can be
achieved in the cycle. Note that it is not a re ection of the detailed control activities required to achieve the
control objectives.
Validity of purchases and payments:

• Preapproval, by an authorised staff member, of the supplier from which the goods/services are
purchased;
• Authorising each individual subsequent purchase from and payment to the approved supplier in terms
of management’s policies; and
• Preparing supporting documentation for all these transactions.
Accuracy of purchases and payments:

• Recalculation of the amounts on a supplier invoice; and
• Checking of recorded amounts in the purchase journal by a supervisory staff member. is staff member
would request the supporting documents for a transaction (such as the supplier delivery note and
invoice) to compare the recorded amounts with both the quantities of items delivered (in cases where
goods were received) and the prices charged by the supplier and accepted during initial authorisation of
the transaction.
Completeness of purchases and payments:

• Checking by a supervisory staff member of the sequential recording of GRNs in the purchase journal
for indications of gaps in the sequence, which will point to possible non-recording of purchase
transaction, and following up to attempt to obtain reasons for the missing transaction and have it
recorded to ensure all purchase information is complete in the nancial records.
Operational versus nancial controls in the cycle

Not all internal controls implemented by an entity in its purchase and payments cycle affect nancial
reporting (refer to Chapter 4, section 4.4.3.2). As long as a transaction between the entity and
supplier has not yet taken place it cannot be assumed that all controls operating prior to the
transaction are nancial in nature. Controls that do not affect nancial reporting risks are referred to
as operational controls. (Note: A transaction is usually recognised as such at the point in time when
the transfer of control over purchased goods and services occurred between the entity and its
supplier).
For example, obtaining quotations from suppliers in order to secure the best prices does not aim
to prevent misstatement of recorded nancial information: should an expensive supplier be chosen
over a supplier who could have offered more reasonable prices, there is no misstatement of nancial
gures because of this action. If the higher prices were authorised and accurately recorded and the
transaction is supported by the necessary documentation, the nancial control objectives of validity,
accuracy and completeness would have been achieved regardless of the non-performance of an
operational control to secure more favourable prices.

achieved) will result in purchases and payments (and related account balances) being misstated in the
accounting records, which will in turn result in the nancial statements being misstated.
e process of recording a transaction in the nancial records, and thus for it to be included in the
During a transaction’s ow through an entity’s information system, it will be subject to numerous internal
controls that ‘assist it’ along the way to ensure that the control objectives are achieved. e transaction will
only reach its end point appropriately if it ends up in the nancial statements in a manner that achieves the
control objectives. us, if management wishes to ensure proper nancial recording (and fairly presented
nancial statements), they need to implement and maintain a proper information system, including an
accounting system and related internal controls.
In this way, the achievement of the control objectives contributes to the appropriateness of the assertions
made by management in the nancial statements. It will indirectly also result in the nancial statements
being free from material misstatement.
CYCLE CASE STUDY

Note the line item ‘Trade and other payables’ with a balance of R13,381,893. Also refer to the Notes
to the Annual Financial Statements of Ntsimbi Piping – speci cally note 11 (Trade and other payables)
(page 19).
• In relation to existence, trade and other payables (i.e. the underlying short-term liabilities making
up the balance) exist (i.e. these constitute liabilities that are not ctitious).
• In relation to rights and obligations, Ntsimbi Piping is the party obliged to settle the underlying
liabilities making up the balance (obligations). It is not for the account of another entity.
• In relation to accuracy, valuation and allocation, the balance of R13,381,893 is considered an
appropriate amount as the balance re ects the appropriate value of the underlying liability
accounts repayable in the future. Further, any adjustments as to the value or allocation of the
underlying liabilities have been recorded appropriately.
• Classi cation implies that the liabilities making up the balance of R13,381,893 have been
correctly classi ed as trade and other payables. There are, for instance, no creditors with debit
balances included in it.
• Concerning completeness, all liabilities deemed trade and other payables, and which are
obligations of Ntsimbi Piping, have been recognised as such in the nancial statements
(notwithstanding the measurement thereof, which is dealt with separately under the valuation
assertion).
• In relation to the presentation assertion, trade and other payables have been appropriately
presented in the nancial statements and notes thereto and have been clearly described. The
components making up the balance have been appropriately disaggregated (broken down) where
applicable. Related disclosures are relevant and understandable.

Refer to the Detailed Income Statement in the supplementary information of the nancial statements
of Ntsimbi Piping (page 25). Note the item ‘Purchases’ in the amount of R104,794,348.
• In relation to the occurrence assertion, purchase transactions amounting to R104,794,348 did
in fact take place (they occurred and are not ctitious) and also pertain to Ntsimbi Piping.
• Regarding accuracy, the purchase transactions making up the total have been recorded at
correct amounts (e.g. in terms of the correct item quantities accepted during delivery and prices
agreed with suppliers).
• In relation to completeness, all purchase transactions that took place during the nancial year
and which pertain to the company have been recorded and included under purchases.
• As to cut-off, all the purchases included in the total relate to transactions that took place within
the nancial year (i.e. the transactions concerned relate only to deliveries of raw materials
accepted from suppliers between the rst and last day of the nancial year (inclusive of both
days)).
• Classi cation implies that all transactions constituting the total of R104,794,348 should indeed
have been classi ed as purchases and do not relate to, for instance, repairs and maintenance or
insurance expenses.
• In relation to the presentation assertion, purchase transactions have been appropriately
presented in the nancial statements and notes thereto and have been clearly described.
Related disclosures are relevant and understandable.
e assertions for purchases and accounts payable are linked to the control objectives in the cycle as shown
in Table 7.3.
Table 7.3: The link between the assertions for purchases/accounts payable and the control objectives
Classes of transactions and events Account balances and related

CONTROL OBJECTIVE and related disclosures disclosures
Purchases (including purchase Accounts payable (including
returns) accruals)
(Assertions are indicated in bold) (Assertions are indicated in bold)
Validity Occurrence and Cut-off Existence and Rights and
A control achieving the validity obligations
objective for a purchase will Purchase transactions that
ensure that the recorded pertain to the entity were
transaction pertains to the authorised and actually took
entity, was authorised, actually place, resulting in the raising of a
took place (i.e. is not ctitious) creditor liability that is approved,
and is supported by suf cient is genuine and is the obligation
documentation (occurrence) and of the entity (existence and
further ensure that it has been obligations).
recorded in the nancial period
to which the transaction relates
(cut-off).
Classes of transactions and events Account balances and related

CONTROL OBJECTIVE and related disclosures disclosures
Purchases (including purchase Accounts payable (including
returns) accruals)
(Assertions are indicated in bold) (Assertions are indicated in bold)
Accuracy Accuracy and Classi cation Accuracy, valuation and allocation
A control achieving the accuracy and Classi cation
objective for a purchase will A control achieving the accuracy
ensure that the transaction is objective for purchase
recorded at the correct amount transactions making up a liability
(including quantities, prices and will ensure that the gross amount
correct calculations) (accuracy). of the liability (accuracy) is
It will further ensure the appropriate. Furthermore, a
transaction has been correctly control achieving the accuracy
classi ed, summarised and objective for any transaction
posted to the correct account in resulting in a valuation or
the nancial records in allocation adjustment to the
accordance with its nature gross amount of the liability will
(classi cation). ensure that the net amount of
the liability is correctly valued
and allocated (valuation and
allocation). Furthermore, controls
that achieve the accuracy
objective for transactions that
affect accounts payable balances
will also ensure the liability has
been appropriately classi ed.

A control achieving the A control that ensures that all
completeness objective for a credit purchases that took place
purchase will ensure that all from suppliers are recorded in a
transactions that occurred timely manner, will ensure that all
during the period are recorded creditor liabilities are raised and
(completeness). included in the nancial records
(completeness).
disclosures, and account balances and the related disclosures in the nancial statements. Consequently, the
Presentation assertion is not included explicitly in the table above.
e assertions for payments are linked to the control objectives in the cycle as shown in Table 7.4.
Table 7.4: Assertions for payments
CONTROL OBJECTIVE MANAGEMENT ASSERTIONS

CONTROL OBJECTIVE Classes of transactions
and events and related disclosures
Payments (recorded in the cash book) (Assertions are
indicated in bold)
Classes of transactions and events and related disclosures

Payments (recorded in the cash book) (Assertions are
indicated in bold)
Validity Occurrence and Cut-off
A control achieving the validity objective for a payment

transaction will ensure that the payment pertains to the
entity, was authorised, actually took place (occurrence) and
will further ensure that it has been recorded in the nancial
period to which the payment relates (cut-off).
Accuracy Accuracy and Classi cation

A control achieving the accuracy objective for a payment
transaction will ensure that the payment is recorded at the
correct amount (accuracy). It will further ensure the payment
has been correctly classi ed, summarised and posted to the
correct account in the nancial records in accordance with
its nature (classi cation).
Completeness Completeness and Cut-off

A control achieving the completeness objective for a
payment transaction will ensure that all payments that were
made during the nancial period are recorded as such
(completeness).

computerised)?
As with other business cycles, proper control activities have to be implemented in the cycle to ensure that the
entity achieves its control objectives of validity, accuracy and completeness of nancial information. e
major control activities particular to the purchases and payments cycle, performed either manually or
programmatically (by a computer system), are summarised below.

• Used in conjunction with a proper chart of accounts for transactions related to the purchases and
payments cycle.
7.7.1.2 Authorisation or approval
Authorisation or approval is required each time before:
• A request for goods or services is submitted to an entity’s procurement department;
• A new supplier is added to the entity’s approved list/database of suppliers;
• An order is placed with a supplier;
• Goods are returned to a supplier;
• A debit adjustment request (other than a goods return) is sent to a creditor; and
• A payment is made to a supplier.
Authorisation or approval can be made either manually or electronically (computer-based) in terms of

preprogrammed restrictions.

e following activities should be performed by different staff members/departments:
• Authorisation of the transaction;
• Recording of the transaction; and
• Custody of the assets involved.
Typical duties that should be segregated and performed by different persons in the purchases and payments
cycle include those shown in Figure 7.6. (Each block represents one or more persons performing the same
function that should be segregated from the functions performed by a person(s) in the other blocks.)
Figure 7.6: Segregation of duties for the purchases and payments cycle
In a computerised system, segregation of duties can be achieved through the implementation of user pro les
whereby an employee is only granted access to the part of the accounting system that is necessary for the
performance of the employee’s duties.
7.7.1.4 Access controls

Assets affected by the cycle include inventory and cash. Access controls to protect against the
misappropriation of assets (or damage to goods) should apply whenever:
• e entity takes custody of goods from a supplier;
• Inventory received from a supplier is transferred to the requesting department within the entity;
• Goods are returned to a supplier (purchase returns); and
• A payment is made to a supplier (in cash or by cheque or EFT).
Examples of veri cation checks (the checking of work initially performed by another person or by the
computer system) in the purchases and payments cycle include:
• Agreeing purchase transaction information collected by the entity to the supplier’s invoice before the
transaction is recorded in the purchase journal; and
• Checking the completeness of the sequential number order of GRNs for missing items and thus
incomplete recording of purchases.
e cycle includes the performance of the following reconciliations:

• Supplier statement reconciliation (refer to section 7.3.5);
• Creditors reconciliation (refer to section 7.3.5); and
• Bank reconciliation (also applicable to the revenue and receipts cycle).
Reconciliations will usually be performed by a clerk and must be reviewed by a senior staff member. In the
event that the person who is responsible for recording transactions in the accounting records also performs a

e following tables include the most common activities and related internal controls for the purchases and
payments cycle to address the risks associated with each activity.
Have a look at the control table illustrated in Table 7.5. You will notice that each ‘what could go
wrong/risk’ is related to a control objective in the column to its right. e control objective is numbered (e.g.
‘A’). e assertion(s) affected by the ‘what could go wrong/risk’ (and impacted by the related control
objective) is indicated in the next column. In the next two columns, you will nd the control(s) that address
the control objective (linked to the control objective by means of a letter (e.g. ‘A’)). (It follows that these
controls then address the related ‘what could go wrong/risk’.) e additional numbering that you will see in
the controls columns (e.g. ‘1.1’) relates each control to the activity where it belongs.
Note that the controls in a manual system are described in full, whereas only controls in addition to the
objectives was discussed in section 4.4.3.2 of Chapter 4. Note that where a control is indicated in the control
underlying risk.
e tables apply to a business entity that manufactures goods and purchases its raw materials on credit
from suppliers. e speci c activities performed, and hence the internal controls, will vary from entity to
entity, but the overall control objectives remain the same for all entities. Furthermore, controls similar to
those that apply to purchases apply to services (e.g. repairs).
Table 7.5: Purchase requisition
1 PURCHASE REQUISITION
| ORIGINATES FROM DEPARTMENT WHERE THE NEED FOR RAW MATERIALS/GOODS IS IDENTIFIED |
Activity Responsible party Documents What could go Control objective Account/assertion

and wrong/risks affected
records;
master les
1.1 A need for Staff member in Purchase Failure to A Sales or N/A:

raw materials department who requisition identify need for production Operational
(for becomes aware purchase of raw demand for control
manufacturing of the need to materials/goods inventory is objective, no
purposes) or requisition raw (inventory) or timeously nancial
goods (for the materials/goods. services may identi ed to reporting
purpose of lead to ensure implications.
Departmental
reselling to supervisor or production availability of Assertion(s)
customers) is delays, loss of goods for only affected
manager
identi ed in the potential sales production or once a
entity. Needs and customer sale to transaction has
can be dissatisfaction. customers. (No taken place.
identi ed control objective
through: applicable as
Sales this is an
forecasts operational
and budgets; control.)
Low raw
• materials
levels in the
factory;
• Low levels of
goods in the
warehouse;
• Speci c or
customised
orders
received
from
customers;
and
• Operational
requirements
necessitating
purchases
such as fuel
for entity’s
vehicles and
stationery for
of ce use.
Unauthorised B Only raw N/A:

requisitioning of materials/goods Operational
raw that are needed control, no
materials/goods by the entity nancial
not needed by (e.g. for reporting
the entity. operational or implications for
sales purposes) expenditure or
Incorrect items
are accounts
are requisitioned.
requisitioned. payable.
(Operational
control) Valuation of
inventory
affected if
unnecessary
raw
materials/goods
ordered that
must
subsequently be
written down to
net realisable
value.
Table 7.6: Ordering raw materials/goods from suppliers
2 ORDERING RAW MATERIALS/GOODS FROM SUPPLIERS

| PROCUREMENT DEPARTMENT |
Activity Responsible Documents What could go wrong/risks Control objective Account/assertion Manu
party and affected
records;
master les
2.1 Buying Purchase Invalid or unauthorised A All purchase Occurrence of 2.1A

Purchase clerk order (PO) orders are sent to orders are expenditure. creat
order is Chief Approved suppliers and may lead to supported by (Although a purc
created buyer list of inappropriate/unnecessary valid and transaction has cross
and sent suppliers. inventory being received, authorised not yet taken to an
to or items being ordered for documentation place, approval purc
supplier. personal use. (purchase of the requ
requisition). requisition Chie
(Validity) would apply to revie
the occurrence auth
assertion once purc
the transaction ensu
has eventually supp
taken place.) appr
of th
that
purc
requ
been
the r
depa
Purchase orders are B A purchase Operational 2.1B

created but do not agree order is only control: buyin
with the supporting sent to Incorrectly chief
purchase requisitions, suppliers if ordered items • C
leading to incorrect orders the order is will not be ca
being placed with accurate in accepted and ca
suppliers. terms of simply returned th
Purchase orders are not quantity, to suppliers or
sent to suppliers in a description before being • C
timely manner and/or do and price of recorded in the qu
not lead to delivery of items being accounting de
ordered items. ordered. records. ite
(Operational However, should or
control) these goods su
indeed be pu
accepted and re
not returned, C
they may pr
subsequently or
have to be th
written off as •
qu
obsolete, which lis
affects valuation su
of inventory. th
no
di
en
pu
or
• In
pu
as
th
Purchase orders are not C All purchase N/A: 2.1C

sent to suppliers in a orders sent to Completeness of orde
timely manner and/or do suppliers lead expenditure and in nu
not lead to delivery of to delivery of completeness sequ
ordered items. ordered of accounts Purc
inventory in a payable only proc
timely manner. affected once depa
(Operational inventory has matc
control: No been taken (rece
transaction custody of. facto
has taken rece
place yet as led
no inventory orde
has yet been sequ
delivered by Chie
the supplier.) revie
purc
on a
to fo
miss
orde
purc
not y
a GR
outs
orde
Items are ordered from D The most N/A: 2.1D

inappropriate suppliers appropriate Operational supp
(e.g. suppliers who cannot supplier is control not auth
supply the required items identi ed who affecting chief
or who supply them at can ful l the nancial orde
inferior quality). business reporting. (A mad
needs of the purchase supp
entity in terms transaction can supp
of availability, occur albeit it inclu
quality and with an of ci
nature of inappropriate supp
inventory supplier.) can o
needed. with
(Operational the o
control)
Supplier Items are ordered at E The best N/A: 2.1E

quotations excessive item prices. prices are Operational polic
obtained for control not that
items to be affecting pred
ordered. nancial minim
(Operational reporting. of qu
control) obta
supp
an o
prep
Chie
revie
of qu
befo
the p
orde
Table 7.7: Receiving raw materials/goods from suppliers
3 RECEIVING RAW MATERIALS/GOODS FROM SUPPLIERS

| RECEIVING BAY IN WAREHOUSE |
Activity Responsible party Documents What could go Control objective Account/ assertion
and wrong/risks affected
records;
master
les
3.1 Goods receiving Supplier Items that have A All inventory Occurrence of
Supplier clerk in delivery not been received has been expenditure.
delivers factory/warehouse note ordered (i.e. ordered in terms of
ordered Goods unauthorised an approved
items to received items) are purchase order.
entity. note accepted and (Validity)
(GRN) recorded as
inventory.
Physical B All inventory Existence of inventory

security risk: received is kept (risk may lead to
items being secure after receipt. lost/stolen goods
received are (Validity) inappropriately being
misappropriated included in nancial
(e.g. stolen) statements should it
after having have been recorded
been recorded after delivery and
as inventory. before theft).
Recording risk: C All goods Completeness and cut

goods are delivered are off of expenditure.
received, but recorded as Completeness of
are not purchases/inventory accounts payable.
recorded on on hand on the
Completeness and cut
source entity’s inventory
off of purchases.
documents, system in a timely
leaving manner. Completeness of
insuf cient inventory.
(Completeness)
evidence of the
goods having
been received.
It will also be
dif cult or
impossible to
identify
subsequent
inventory
losses if goods
are not
recorded on
receipt.
Goods of D All goods received Occurrence of

inferior quality are in terms of the expenditure.
or damaged quality standards of Accuracy, valuation an
goods are the entity. (Validity) allocation of inventory
accepted from
suppliers.
Quantities of E Quantities of Accuracy of

inventory goods physically expenditure.
received are accepted agree with Accuracy, valuation an
inaccurately the quantities allocation of accounts
recorded on recorded on the payable.
GRNs, leading GRN. (Accuracy)
Existence/completene
to possible over
of inventory.
or
understatement
of recorded
purchases and
inventory
holdings.
Table 7.8: Recording of purchases
4 RECORDING OF PURCHASES
Activity Responsible Documents What could Control objective Account/ Manual controls
party and records; go assertion
master les wrong/risks affected
4.1 Invoice Accounts Standard Fictitious A All purchase Occurrence of 4.1A Senior
is received payable chart of purchases transactions expenditure. bookkeeping cle
from clerk accounts are that are Existence and reviews purchase
supplier Senior Purchase recorded in recorded in the obligation of journal (and cred
and bookkeeping journal the accounting accounts ledger) to ensure
purchase clerk (Purchases accounting records pertain payable. each recorded
is transaction records. to actual purchase is supp
Financial
recorded. le) This may purchase by a GRN, suppl
manager
occur where transactions delivery note and
Goods
a purchase that took place authorised purch
received
is recorded with bona de order.
note (GRN)
for items suppliers and
Supplier that were are only
invoice never recorded if an
Supplier ordered order was
statement and/or for approved and
Creditors items that items have
subsidiary were never been delivered.
ledger received. (Validity)
General Purchases
ledger are
creditors erroneously
control duplicated
account in the
accounting
records.
Purchases B All purchases Cut-off of 4.1B Senior

are not are recorded in expenditure. bookkeeping cle
recorded in the correct Existence and when checking
the nancial nancial period completeness whether all purch
period to (i.e. in the of accounts are supported by
which the period when payable. appropriate supp
transactions control documentation a
pertain. associated with also notes the d
the delivered GRN when inven
goods/services was received to
have been ensure purchase
transferred recorded in corre
from the nancial period.
supplier to the
entity).
(Validity)
Amounts on C All purchases Accuracy of 4.1C Accounts p

supplier in the expenditure. clerk:
invoices are accounting Accuracy, • Reperforms a
inaccurately records are valuation and calculations o
recorded in based on allocation of supplier’s invo
the correct Accounts before record
accounting quantities of payable – • Matches quan
records. goods received gross of goods on
and correct amount. supplier invoi
prices as those per the
agreed with and
supplier.
• Matches unit
(Accuracy)
on supplier
invoices with
on purchase o
or
quotations/su
agreement/of
price list.
Any price varianc
between invoice
purchase order a
followed up and
resolved accordi
The invoice is in
by the above cle
evidence of the a
checks.
4.1D Expense ac
to which transac
should be poste
speci ed on the
purchase requis
(and also indicat
purchase order)
reference to a
standard chart o
accounts.
Purchase D Purchase Classi cation

transactions transactions of
are are recorded in expenditure.
allocated to the correct
the accounts
incorrect based on their
general nature.
ledger (Accuracy)
accounts.
Unrecorded Senior E For all goods Completeness 4.1E Matching of

purchases bookkeeping received, a of supplier invoices
clerk corresponding expenditure. GRNs
purchase Completeness Accounts payabl
transaction is of accounts clerk keeps a
recorded in the payable numerical le of
purchase (trade copies of GRNs
journal. creditors and received from
(Completeness) accruals). warehouse
(completeness) f
matching to sup
invoices up to an
including the las
created at the en
the nancial yea
off).
Unrecorded purc
Senior bookkeep
clerk reviews abo
le of GRNs on a
regular basis an
follows up with
warehouse on m
GRNs:
• Ensures that
GRNs with a
corresponding
supplier invoi
purchase has
recorded in th
purchase jour
and a liability
been raised i
creditors ledg
Reviews purc
journal for
sequential
• numbering of
recorded
transactions
(purchases w
likely be reco
in GRN seque
number) and
follows up on
missing entrie
Unmatched GRN
year-end accruals
For all GRNs with
corresponding
supplier invoice
year-end, a liabil
accrued at year-e
means of a gene
journal entry. The
amount of the jo
is determined wi
reference to pric
the correspondin
purchase orders
other supporting
document conta
item prices.
Performing credi
reconciliations
Accounts payabl
clerk performs a
reconciliation be
the creditors con
account in the ge
ledger and the g
total of all credit
accounts in the
creditors ledger
identify postings
were made from
purchase journa
the GL without b
posted to credito
accounts in cred
ledger or vice ve
Financial manag
reviews reconcili
Note: Reconciliat
may also identify
inaccurate or inv
postings.
Accounts payabl
clerk performs a
supplier stateme
reconciliation to
identify any amo
on supplier
statements that
not recorded as
purchases/trade
creditors in the
accounting recor
(see also contro
under 5A).
Table 7.9: Payment preparation
5 PAYMENT PREPARATION
Activity Responsible Documents and What could go Control Account/ Manual controls Alter
party records; master wrong/risks objective assertion addi
les affected cont
comp
envir
5.1 A All Occurrence

Supplier amounts and
invoices due for accuracy of
fall due Accounts Payment Amounts payment payments. 5.1A 5.1A
for payable schedule prepared for relate to Performing a the
payment. clerk payment are goods supplier subs
Cheque
incorrectly actually statement inte
Senior requisition
bookkeeping and cheque determined. received reconciliation the
and are cred
clerk (manual Fictitious or If payment
accurate in mas
system) unauthorised takes place
relation to (cre
EFT listing suppliers are based on the
the amount ledg
(computerised identi ed for invoiced by supplier
system) payment. statement (not EFT
the be g
Remittance Fictitious or supplier. invoice), a
duplicated supplier auto
advice (Occurrence
invoices are and statement base
used in reconciliation amo
accuracy) agg
payment. for each
supplier is paym
performed by mas
the accounts (avo
payable clerk inpu
before each tran
payment run, subs
between the: from
• Balance cred
payable as ledg
per the (Ref
supplier’s Cha
statement; cont
and EFTs
• The A
supplier’s com
outstanding syst
balance as ena
per the sup
creditors stat
ledger. reco
The to b
reconciliation perf
should identify scre
any errors in alth
the entity’s prin
records that stat
should not be man
re ected as cont
reconciling rem
items on the sam
reconciliation, The
but corrected be r
in the entity’s ente
records bala
instead. outs
All reconciling per
items are sup
investigated by stat
the clerk the
performing the syst
reconciliation. this
Financial com
manager the
performs a the
review of the bala
supplier the
statement com
reconciliations cred
and ensures mas
valid reasons (cre
and ledg
supporting Man
documentation calc
exists for all follo
reconciling reco
items. item
subs
Preparing a
have
payment
perf
schedule
afte
A payment of
schedule is reco
prepared by
the accounts
payable clerk
from the
creditors
ledger (and
from
reconciled
supplier
statements)
containing a
listing of all
balances due
to suppliers,
accompanied
by a
remittance
advice and
supplier
statement
reconciliation
for each
balance to be
paid. Each
payment on
schedule to be
further
supported by
purchase
documentation
including
supplier
invoices,
GRNs,
supplier
delivery notes
and
authorised
purchase
orders relating
to the
outstanding
balance being
paid.
If suppliers
are to be paid
by cheque, the
clerk also
prepares a
cheque
requisition and
unsigned
cheque for
each payment
(both
documents to
be issued in
sequential
number order).
Financial
manager
reviews
payment
schedule
ensuring
cheque
requisitions
and cheques
have been
accurately
prepared for
each supplier
on the
schedule.
B Occurrence 5.1B N/A
Stationery of Safekeeping
controls payments. of blank
ensure the cheques and
safekeeping check
of cheques requisition
and cheque documents to
requisitions be the
and strict responsibility
issuing of a
controls designated
over these member of
are management.
enforced. The
(Validity) documents
are locked
away in a
secure
location.
Staff
requesting
these
documents to
sign a register
indicating the
numbers of
the
documents
requested.
5.2 Supplier Entity A Amounts N/A: 5.2A Accounts 5.2A

Entity is invoice, forfeits its due are Operational payable clerk syst
entitled statement or opportunity timeously control. No scrutinises the prog
to a trade to receive a identi ed impact on le of unpaid such
payment agreement payment for payment recording supplier that
discount. with supplier. discount due in order to in nancial statements paym
to not avoid records. (i.e. sche
keeping to penalty statements auto
the charges or that have not re e
supplier’s to qualify been stamped invo
negotiated for payment as ‘cancelled’ cred
payment discount or ‘paid’ by mas
terms (e.g. offered by the payment that
due to late supplier. signatories yet falle
settlement (Operational – refer to paym
of account). control) function 6) on orde
a periodic for a
basis in order
to identify
statements
that have
fallen due but
have not been
paid.
Senior
bookkeeping
clerk follows
up on unpaid
supplier
statements on
a regular basis
to ensure all
outstanding
amounts are
paid to
suppliers
according to
discount
terms.
Table 7.10: Paying the supplier
6 PAYING THE SUPPLIER

Activity Responsible party Documents What could go Control Account/ Manual controls
and records; wrong/risks objective assertion
master les affected
6.1 Payment/cheque Signed Payments are not A Only Occurrence 6.1AB For
Entity signatories cheque made in terms of supplier of payments by
pays (manual the payment invoices payments. cheque
supplier system) documentation authorised At least two
for Proof of prepared during for senior manage
goods payment payment payment staff members
received. (EFT system) preparation. are paid. authorise
Bank Suppliers/parties (Validity) payments on t
statement that are not on signing of
Bank the payment cheques.
reconciliation schedule are The cheque
paid. signatories rev
the payment
documentation
before signing
cheques and
ensure the
following:
• Payment
schedule ha
been signed
by senior
bookkeepin
clerk during
payment
preparation
• Each payme
due as per
payment
schedule is
supported b
cheque
requisition,
cheque,
supplier
statement,
remittance
advice, all
supplier
invoices, GR
and purcha
orders relat
to items be
paid;
• Amounts ag
between the
cheque and
supporting
payment
documentat
and
• Cheques ar
crossed ‘no
transferrab
and contain
alterations.
Amounts paid do B Accuracy The cheque
not agree with Payments of signatories ca
the amounts are made payments. all supporting
prepared for in documentation
payment. accordance (including
with the payment
amounts schedule) by
that should stamping it as
be paid. ‘Paid’ to avoid
(Accuracy) being presente
for payment ag
in the future.
Cheques are
mailed to
suppliers or di
deposits are
made into
suppliers’ ban
accounts by a
person who wa
not involved in
payment
preparation.
Table 7.11: Recording of payments
7 RECORDING OF PAYMENTS
Activity Responsible Documents What could Control objective Account/ Manual Altern
party and records; go assertion controls addit
master les wrong/risks affected contr
comp
enviro
7.1 After Cash book Receipt (for Fictitious A All recorded Occurrence of 7.1ABC All 7.1A
payment, clerk cash payments payments payments. control Com
payment payments) (payments relate to actual objectives to syste
details Bank- that never payments be addressed perfo
are stamped took made. (Validity) through the auto
recorded returned place) are performance bank
in the cheque or recorded. of a bank reco
nancial approved reconciliation, shou
records. cheque which state
requisition reconciles bala
(for cheque the cash avail
payments) book balance elect
Proof of (general for
payment/EFT ledger control com
voucher (for account) with with
EFT the balance com
payments) as per the cash
bank book
Bank
statement. ledge
statement
In this way, bala
Bank Man
payments can
reconciliation revie
be identi ed
which: requ
• Never took follow
place but any u
were reco
recorded; item
error
• Were
reco
recorded
at
incorrect
amounts;
and/or
• Took place
but were
not
recorded.
Payment B Payments Accuracy of

amounts are recorded at payments.
are the correct
incorrectly amount (i.e. in
recorded terms of the
(amount amount
recorded actually paid).
does not (Accuracy)
agree with
amount
actually
paid).
All C All payments Completeness
payments that took place of payments.
that were are recorded in
made are the nancial
not records.
recorded (Completeness)
in the
nancial
records.
Table 7.12: Returning goods and recording of a purchase adjustment
8 RETURNING GOODS AND RECORDING OF A PURCHASE ADJUSTMENT

Activity Responsible Documents What could Control objective Account/ Manual controls Alte
party and go assertion add
records; wrong/risks affected con
master com
les env
8.1 Warehouse Goods Recorded A All purchase Occurrence 8.1A Debit 8.1
Purchase staff who returned purchase returns and cut-off of notes are Co
return is receive to returns are recorded relate purchase created only if sys
recorded returned supplier not to actual and returns. supported by: the
in the goods and voucher genuine. authorised • An of
accounting initiate the (GRSV) goods returned authorised not
records. return Debit during the year. GRSV as to
transaction. note (Validity) well as a ret
Accounts GRN if a
payable evidencing cor
clerk that the GR
Managerial goods is s
staff being the
member in returned if it
approval have ret
capacity originally fou
been GR
purchased; dat
and the
• A supplier sys
invoice on
which the
goods
originally
appeared.
Financial
manager
approves
all debit
notes after
con rming
that all the
above
supporting
documents
exist and
are
attached to
the debit
note.
The B Amounts Accuracy of 8.1B Senior 8.1

amounts of relating to purchase staff member and
purchase purchase returns. in accounting cal
returns are returns are signs the debit on
inaccurately correctly note after aut
recorded in recorded in checking that: per
the terms of • Casts and the
accounting quantity and calculations and
records. price. on the qua
(Accuracy) debit note aut
are sou
accurate; the
• Quantities cor
on debit GR
note agree sto
with GRSV; sys
• Prices on
debit note
agree with
supplier
invoice or
with trade
agreement
with
supplier.
All C All purchase Completeness 8.1C All 8.1
purchase returns that and cut-off of GRSVs Co
returns that took place purchase (warehouse) sys
occurred during the returns. and debit enf
are not nancial year notes cre
recorded in have been (accounting) to GR
the timeously be created in deb
accounting recorded in the sequential seq
records. accounting number order. num
records. Accounting and
(Completeness) department to the
le copy of ar
GRSV in GR
sequential wh
order once deb
matched to has
corresponding init
debit note. foll
Senior sen
bookkeeper to boo
review le of
GRSVs on a
regular basis
to ensure:
• Missing
GRSVs are
followed up
with the
warehouse;
• All GRSVs
matched to
debit notes
have
resulted in
a
transaction
recorded in
the
purchase
returns
journal; and
• Debit notes
have been
recorded in
the correct
accounting
period
(based on
return date
on GRSV).
7.8 Cycle illustration: The purchases and payments cycle at

Ntsimbi Piping
7.8.1 Purchase requisition
• Function performed by Ntsimbi Piping’s raw materials warehouse in the manufacturing division.
• Louis Lynwood (warehouse supervisor in the raw materials warehouse)
e raw materials warehouse, which serves as a warehouse where raw materials are kept until they are
transferred to the production line, is the originating division for a potential purchase transaction at Ntsimbi
Piping.
7.8.1.1 Acting on reorder levels

Louis Lynwood is responsible for initiating purchase requests and does so by printing a ‘raw materials
reorder report’ from the PVCACC inventory application on a daily basis. e reorder report indicates those
raw material items that have reached their minimum reorder level according to the computerised inventory
system’s preprogrammed instructions. For all items on the report, he performs a brief, super cial check on
the physical raw material quantities on hand in the raw materials warehouse to ensure that insufficient or
excessive quantities will not be requested.
7.8.1.2 Creating purchase requisitions

If he is satis ed that reorder quantities are correct, Louis accesses the ‘Requisition module’ of the inventory
application and generates an on-screen, sequentially numbered purchase requisition. He starts by keying in
the reference number of the reorder report, after which the computer system automatically populates the
item details on the purchase requisition, sourced from the reorder report stored in the inventory
application’s database. e details include the item code, item description and quantity of the raw materials
being requested. e computer clearly indicates any changes made by Louis to the on-screen quantities
being requested (in cases where Louis found that the reorder quantities were insufficient or excessive and
therefore manually overrode the system generated quantities).
7.8.1.3 Authorising the purchase requisitions

Louis selects the ‘Process’ button on the computer screen, which sends a message to the computer of
Raymond Harris (production manager in the factory) indicating that a purchase requisition is awaiting
approval. Raymond reviews the requisition on-screen by comparing the details on it with the reorder report
(also accessible on the computer by using Raymond’s user pro le). With his detailed knowledge of
production demand and sales forecasts, Raymond would pick up any unusual raw materials requests.
Raymond is allowed to add items to the requisition should there be an additional need for items not
identi ed by the reordering system. However, in such cases he needs to account for all additional items in
terms of production schedules preapproved by the company’s operations director.
Raymond also follows up on any suspected irregular or unexpected modi cations made by Louis
Lynwood to system-generated reorder quantities. Raymond con rms the date of the requisition and reorder
report, thereby making sure that the dates follow on from the previous day’s documents (this task prevents
the potential skipping of a day’s reordering function). He also indicates on the requisition the due dates by
which the various items should be delivered to Ntsimbi Piping. He then authorises the requisition by clicking
on the on-screen ‘Approve’ button.
PVCACC automatically sends a message to the company’s purchasing division as soon as the requisition
has been approved by Raymond, to inform the buying clerk that a purchase request is awaiting processing.
Should the requisition not be approved by Raymond, the computer logs the rejected requisition and is
programmed never to allow any staff member in the purchasing division to process it further by applying
logical access controls that prevent them from accessing the requisition.
7.8.2 Ordering goods from suppliers

• Function performed by Ntsimbi Piping’s purchasing division (operations).
• Nomvula Ndungu (buying clerk)
• Armin Solomons (chief buyer)
• Saul Mkhize (operations director).
e purchasing division is tasked with ordering raw materials from suppliers.
7.8.2.1 Selecting suppliers from whom to order

Nomvula Ndungu receives an on-screen noti cation that an approved purchase requisition is pending.
Based on the item codes on each requisition, she gets the computer system to perform a search of the
company’s approved supplier database to identify suppliers that stock the particular item. Each item code is
linked to one or more supplier codes, previously approved and preprogrammed.
7.8.2.1.1 Ordering from sole suppliers

Most raw materials used in Ntsimbi Piping’s production process are sourced from sole suppliers (i.e. a
particular item is supplied by only one supplier). Nomvula phones the supplier to con rm item availability
and to request a quote showing the latest selling prices. Quotes are usually emailed by suppliers to Nomvula
shortly after a phone conversation.
7.8.2.1.2 Ordering from multiple suppliers

Where an item code is not linked to a sole supplier, but to multiple suppliers, company policy requires the
buying clerk to select at least three of these suppliers from the approved supplier database. Nomvula phones
at least three such suppliers and requests formal quotations. She then selects the quotation with the best
price from the quotations emailed to her by the suppliers.
Should a particular item on the requisition not be linked to any supplier, the ‘Identi cation and approval
of new suppliers’ procedures (as explained in 7.8.2.6 below) are followed. Note that the purchase order
application (the only system to which Nomvula’s username has access) does not allow a buying clerk to add
supplier names to, change supplier names on or remove the names of suppliers from the supplier database.
7.8.2.2 Creating a purchase order

Nomvula accesses the ‘Purchase order module’ of PVCACC with her unique username and password after
having obtained quotations as per 7.8.2.1 above. She clicks on the ‘Create purchase order’ button next to the
requisition’s number appearing on the on-screen requisition list, after which the system automatically
generates an on-screen sequentially numbered purchase order (refer to document 2A in the appendix at the
end of the book). e purchase order contains the following details:
• Name and particulars of supplier. e supplier name is automatically sourced from the supplier database
for instances where an item on the requisition relates to a sole supplier as per 7.8.2.1.1 above. Where three
quotes had to be obtained for an item on the requisition, Nomvula selects the name of the supplier (as per
the best quote obtained in 7.8.2.1.2 above) from an on-screen drop-down list. e computer does not
allow her to enter a supplier name manually;
• Item codes, descriptions and quantities (automatically sourced from the corresponding items on the
computerised purchase requisition already stored on the system);
• Required delivery date of goods ordered (automatically added from the purchase requisition);
• Ntsimbi Piping’s delivery address to which the supplier must send the ordered goods (this is
preprogrammed, standard information on all purchase orders);
• e quotation number as the supplier’s order reference number (for orders based on a quote as per
7.8.2.1.2 above); and
• Item prices captured manually by Nomvula with reference to the prices on the quotation. (Note: Item
prices are captured manually and are not retrieved from a product price/inventory master le due to
regular price uctuations affecting raw materials acquired by entities in the PVC industry.)
Nomvula prints both the purchase requisition and the purchase order and submits them together with the
quotations to Armin Solomons for approval.
7.8.2.3 Approval of purchase order

When Armin receives the purchase order, he rst con rms that the supplier name printed on each purchase
order by PVCACC is legitimate (with reference to the approved supplier database on the computer system)
and that there are no warning ags against the supplier’s name (e.g. previous problems experienced due to
late deliveries).
Armin reviews the supporting documentation attached to the order as follows. He ensures that:
• A purchase requisition is attached, and reconciles with the quantities on the various purchase orders (to
prevent items requisitioned, but which are not on any order, which could result in out-of-stock
situations);
• For each purchase order, a quotation from the supplier is attached and the quotation appears reasonable
in terms of prices and descriptions of items requested;
• Item prices agree between the purchase order and supplier quotation;
• Where multiple suppliers are applicable, at least three quotes are attached to the order. Armin con rms
that Nomvula has selected the best quote of the three in terms of prices; and
• e raw materials reorder levels on the inventory system (on-screen check) are the same as that on the
requisition. is check is performed to ensure that reorder levels have not subsequently changed to the
extent that the items may not be necessary any more. It does on occasion happen that raw materials are
transferred back from the factory to the raw materials warehouse if production is halted or cancelled.
7.8.2.4 Submitting purchase orders to suppliers

On obtaining the approved purchase orders from Armin, Nomvula emails them to the suppliers. She then
les the purchase orders in numerical sequence, together with all supporting documentation, after stamping
the order ‘Submitted’ to indicate that it has been sent to the supplier.
Twice a week, Armin Solomons reviews the le of purchase orders to identify missing orders (with
reference to their sequential numbering) and orders that have not yet been submitted to suppliers (i.e. not
stamped ‘Submitted’) for follow-up with Nomvula. Armin also prints a report from PVCACC of all purchase
requisitions with items not yet linked to a purchase order (refer to 7.8.2.1.1 and 7.8.2.1.2 above), to follow-up
on possible outstanding requisitions for which no purchase orders have yet been created.
7.8.2.5 Ensuring all orders are lled

All purchase orders are listed by PVCACC on an ‘un lled orders’ list. Whenever a GRN is generated in the
raw materials warehouse (see 7.8.3.3 below), it is automatically matched to a stored purchase order on the
system. Armin reviews the un lled orders list twice a week and, should a long-outstanding order not have
been matched to a GRN by the computer yet, he follows up on the reason for the delay in delivery.
7.8.2.6 Identi cation and approval of new suppliers

Whenever Ntsimbi Piping develops a need for additional raw material items that are not available from the
company’s existing suppliers, the purchasing division must identify new suppliers who can ful l the item
requirements. Armin Solomons, being an experienced buyer in the PVC industry, uses his specialised
knowledge to identify possible businesses that can supply Ntsimbi Piping with the items required and that
can meet the quality and timely delivery standards of the company. He does this in conjunction with
Raymond Harris, the factory manager.
7.8.2.7 Amendments to the supplier database

Should a new supplier have been selected by Armin, Saul Mkhize, the operations director, approves the
supplier and authorises a master le amendment to the creditors master le. e operations director (Saul
Mkhize), Armin Solomons and Nomvula Ndungu do not have write-access to the supplier database and
therefore cannot add new suppliers to the master le or make amendments to it. Only the data capturer can
make amendments, based on authorised master le amendment forms.
At speci c intervals, James Khumalo ( nancial manager) requests PVCACC print a report of all additions
and other amendments to the supplier database and agrees each amendment with the authorised master le
amendment form. Any discrepancies or questionable amendments are followed up with the buying staff.
7.8.3 Receiving goods from suppliers

• Function performed by Ntsimbi Piping’s receiving bay in the raw materials warehouse in the
manufacturing division.
• Abdul Paruk (goods receiving supervisor in raw materials warehouse)
7.8.3.1 Receiving bay

Local suppliers take on average two days from the date of submission of the purchase order to deliver goods.
Deliveries are made to the receiving bay of Ntsimbi Piping’s raw materials warehouse. e receiving bay is a
separate fenced-off area within the raw materials warehouse, while the raw materials warehouse in turn is
situated next to the factory to facilitate easy transfer of raw materials onto the production line. Entry from the
receiving bay into the raw materials warehouse can only be gained through a sturdy, lockable sliding gate.
Abdul Paruk and his receiving staff are responsible for accepting goods from suppliers. Due to strict
segregation of duties in Ntsimbi Piping, none of the buying staff in the purchasing division or staff members
working in the warehouse/factory, other than those speci cally authorised, is allowed to receive deliveries.
Figure 7.7: Receiving bay

Source: Bigstock.
7.8.3.2 Accepting deliveries from suppliers

On delivery of raw materials, the supplier’s delivery personnel hand a delivery note to Abdul, which re ects
the number of items (e.g. containers of materials) being delivered, as well as the quantity and product
descriptions of all content. While the delivery truck is unloaded, Abdul and his staff perform several
functions:
• Carefully counting the number of containers being delivered and matching the total to the supplier’s
delivery note;
• Opening containers where applicable to count the quantities of items inside;
• Ensuring that, where raw materials consist of plastic powder, granules or chemical liquids (used in the
production process of PVC), the container’s measurement size or weight (e.g. 50 litres or 200 kilograms)
agrees with the item details and descriptions on the supplier’s delivery note; and
• Performing a quality check by observing the delivered items for any possible damage or substandard
quality.
7.8.3.3 Creating a GRN

Ntsimbi Piping’s inventory staff utilises mobile computer technology to register the receipt and movement of
inventory. Hand-held data collection devices, which also act as barcode scanners, are wirelessly connected
to Ntsimbi Piping’s computerised purchases and inventory systems. Before counting of delivered goods
commences, Abdul rst selects the purchase order number that relates to the speci c delivery from the
display screen of the hand-held scanner. (e purchase order number is usually displayed on the supplier’s
delivery note as reference.) e selection of a purchase order number is a critical control as Ntsimbi Piping
wants to avoid situations where it receives items that were never ordered, but for which it subsequently has
to pay.
As the goods are counted and checked during delivery, Abdul and his receiving staff scan all items using
the hand-held scanners. Most items delivered by suppliers have previously been registered on the PVCACC
system and can simply be scanned for automatic identi cation by the hand-held devices. For instance,
stored in the PVCACC is an item with a description of ‘150 litres vinyl chloride monomer (VCM)’ or ‘100
litres ethylene’ with speci c barcode numbers. By scanning the barcodes on the sides of containers or
packaged items, the computer automatically determines whether the item has indeed been ordered as per
the stored purchase order in its database.
After completion of the scanning of all containers/items delivered, the hand-held device sends an
instruction to the PVCACC inventory application, which prints the following two documents:
1. A GRN which lists all items scanned as received; and
2. A variance report, which lists items short- or over-delivered in comparison with the quantities and items
on the purchase order stored in the computer’s database.
Over-deliveries must be authorised by Raymond Harris (the production manager) before acceptance,
through an override function on the computer requiring his username and password. If not authorised, the
items are sent back with the supplier’s delivery truck. Short deliveries are indicated on the supplier’s delivery
note and marked off on the variance report for the purchasing division to follow up with the supplier.
Abdul signs the supplier’s delivery note and receives a carbon copy of the document from the supplier’s
delivery personnel.
7.8.3.4 Transferring goods to the raw materials warehouse

If Abdul is satis ed that all raw materials delivered have been properly counted and variances have been
dealt with, Louis Lynwood is called and Abdul unlocks the sliding gate to begin transfer of the raw materials
into the raw materials warehouse for safekeeping. Abdul provides a copy of the GRN to Louis and this
accompanies the goods into the warehouse.
Before taking custody of the inventory, Louis rst compares the quantities and descriptions of the items
transferred to the details recorded on the GRN. Should there be a difference, Louis recounts the items in the
presence of Abdul to attempt to resolve the discrepancy. Louis signs the store’s copy of the GRN as proof of
having checked the items entering the warehouse and as proof of having taken custody thereof. Louis calls
up the GRN on the store’s computer to instruct the system to record the items on the GRN as inventory, at
which point the physical inventory records are updated.
e computer automatically dates the GRN when it is generated. e date indicates when the inventory
was received by Ntsimbi Piping, which is also the date when ownership of the inventory is transferred from
the supplier to Ntsimbi Piping.
Distribution of source documents

e following documents are submitted to the accounts payable clerk (Vuyo Mthethwa) in the accounting
and nance division:
• Original supplier delivery note;
• A copy of the variance report; and
• A printout of the GRN.
7.8.4 Recording of purchases

Function performed by Ntsimbi Piping’s accounting and nance division.
Persons involved in function:
• Vuyo Mthethwa (accounts payable clerk)
7.8.4.1 Recording a purchase and raising a creditor liability

When a GRN is processed to the physical inventory records in the raw materials warehouse by Louis
Lynwood (see 7.8.3.4), the computerised accounting system records a transaction in a ‘Temporary purchases
le’. is electronic le lists all GRNs (pending purchases) not yet recorded in the purchases journal.
On a daily basis, Vuyo Mthethwa accesses the ‘Purchases module’ on PVCACC with his username and
password and selects the ‘Post purchases’ option. e computer system calls up the GRN list on screen. With
reference to the original supplier delivery note and variance report submitted to him by Abdul Paruk from
the warehouse, Vuyo checks for the following:
• For each GRN on the list, a supplier delivery note exists and the name of the supplier agrees with the on-
screen GRN list and the delivery note; and
• Quantities of items delivered as per the on-screen GRN agrees with the quantities on the supplier delivery
note (or are reconciled to the variance report if differences exist).
Should there be no discrepancies, Vuyo clicks on the ‘Post’ button next to the particular GRN on the list. is
instructs the computer to post the transaction to the purchase journal and update the creditors subledger.
e computer multiplies the item quantities on the GRN with the prices stored on the electronic, approved
purchase order (see 7.8.2.2) stored in its database.
Source documents (GRN, delivery note and variance report) are led in number sequence of the GRN for
record keeping and future query purposes.
Note: It is not necessary for Vuyo to ensure that a purchase order exists for each GRN, as the computer
system required Abdul Paruk in the warehouse to furnish a purchase order number before a GRN could be
created. A GRN can thus not be generated if an approved purchase order is not found on the computer’s
database. e system also does not allow the reuse of a purchase order number. It is therefore assumed that all
GRNs relate to an approved purchase order. However, Vuyo does have read-only access to all purchase orders,
which he can call up on-screen should he have a query as to the approval status associated with a purchase.
Vuyo does not have logical access to change any of the details of inventory items on the inventory system
and cannot change details on the on-screen GRN list or GRNs themselves. e computer also prevents him
(and anyone else in the company) from posting a transaction to the purchases journal if there is not a
pending purchase (GRN) listed on the GRN list.
7.8.4.2 Receiving supplier invoices

Supplier invoices are received by email and fax, usually within two days of delivery of the goods, and are
matched to a GRN previously led by Vuyo (emailed invoices are printed). On receipt of an invoice, Vuyo
proceeds to match the details on it with the corresponding printed copy of the led GRN (for accuracy of
quantities) and ensures that the total amount on the invoice agrees with the amount recorded in the
purchase journal for the transaction as a whole. Discrepancies are noted on the supplier invoice for follow-
up and resolution.
7.8.4.3 Reviewing of recorded purchases for completeness

At predetermined intervals, Jason Naidoo accesses the ‘Purchase’ module on PVCACC with his unique
username and password:
• To review the completeness of recorded purchases, Jason requests the computer print an exception report
of GRNs not yet posted to the purchase journal. ese may relate to GRNs for which supporting
documentation has not yet been received by Vuyo from the warehouse, and in respect of which Jason
follows up with Vuyo and the warehouse; and
• To review the accuracy of recorded purchases, Jason agrees the total amounts on the supplier invoices
with the amounts recorded by PVCACC for each purchase. He investigates any discrepancies indicated by
Vuyo on the invoice with reference to the GRN and original purchase order on the system.
7.8.4.4 Performing a creditors reconciliation

At the end of each month, Jason requests PVCACC perform a reconciliation between the creditors control
account in the general ledger and the creditors subledger. Jason uses the reconciliation to identify any errors
that may have resulted from the posting of purchases to the general ledger and might not have been posted
to the individual creditor’s accounts in the subsidiary ledger. Although such errors are unlikely due to the
computerised posting performed by the system (posting to the purchase journal and to the subsidiary ledger
happens automatically at the same time), errors may have resulted if processing errors occurred due to
hardware failure.
7.8.5 Payment preparation
• Function performed by Ntsimbi Piping’s accounting and nance division.
7.8.5.1 Payment terms with suppliers

Ntsimbi Piping’s supplier policy states that all outstanding trade creditor balances must be timeously paid in
order to qualify for the favourable payment discounts offered by suppliers. Suppliers typically allow for a 5%
discount if an outstanding balance as per the supplier’s statement is settled within 30 days of statement date.
7.8.5.2 Performing a supplier statement reconciliation

In addition to a supplier invoice for each delivery, suppliers also send Ntsimbi Piping monthly supplier
statements. Ntsimbi Piping pays its creditors based on supplier statements and not based on invoices.
Supplier statement reconciliations are performed by Vuyo Mthethwa on the computer, in order to reconcile
the outstanding balance according to the supplier’s records (as indicated on the supplier statement) with the
outstanding balance according to Ntsimbi Piping’s accounting records (i.e. the balance stored in the
creditors ledger). Vuyo needs to furnish the computer with the balance and date as per the supplier
statement and he also selects the proposed payment date. is information is used by the computer to
reconcile the respective balances and also to calculate the discount receivable if the payment date is less
than 30 days from the statement date.
Recall that purchases are recorded from GRNs and not from supplier invoices. The amount on a
supplier’s invoice might differ from the purchase amount recorded in the purchase journal, leading to
reconciling items between the records of Ntsimbi Piping and a supplier. A supplier statement
reconciliation should detect such discrepancies.
If no supplier statement has been received from a supplier, the balance as per the creditors ledger is settled
nevertheless and included in the payment schedule (refer to 7.8.5.3 below).
Before each payment run takes place, James Khumalo (the nancial manager) reviews the printed supplier
statement reconciliations with reference to the supporting supplier statement and the creditors ledger and
follows up with Vuyo or Jason on any queries he may have about reconciling items. He signs each
reconciliation as evidence of the review.
7.8.5.3 Preparing a payment schedule

To commence with payment preparation, Vuyo accesses the ‘Supplier payment module’ on PVCACC and
selects the ‘Create payment schedule’ option.
On Vuyo’s instruction, the computer automatically populates an ‘electronic payment schedule’ with the
supplier code, supplier name and balance to be settled, sourced from the creditors ledger and supplier
statement reconciliations stored in its databases. Payments can therefore not be made to suppliers who are
not listed in the creditors ledger. In addition, Vuyo’s access rights on the system do not allow him to add
suppliers to the creditors ledger or make any changes to creditor details.
Furthermore, Vuyo creates a remittance advice on the computer for each supplier, indicating the
invoice(s) being settled by the payment.
After printing the payment schedule, Vuyo attaches the supplier statements and reconciliations, as well
as the remittance advices, to the schedule. He also attaches the supplier invoice, GRN, supplier delivery note,
variance report (if applicable) and a printed copy of the purchase order for each purchase making up the
balance due for payment to each supplier. ese documents constitute a document pack per invoice
(purchase).
7.8.5.4 Reviewing the payment schedule
Jason Naidoo is responsible for reviewing the payment schedule before it is submitted to the payment
signatories for approval of the payment. Jason con rms the following:
• e unique number assigned by the computer to the payment schedule follows on from the number of
the previous month’s payment schedule;
• A supplier statement and reconciliation as well as remittance advice is available for each supplier balance
being settled;
• A document pack exists for all supplier invoices making up a balance being paid;
• Each document pack contains a GRN, a signed supplier delivery note and a purchase order;
• e balance being paid as per the payment schedule is equal to the balance as per the supplier statement
less any eligible discount not shown on the supplier’s statement; and
• e payment date is no more than 30 days from statement date in order to qualify for a discount.
To avoid instances where a supplier’s balance is due for payment, but has not been included on the month’s
payment schedule, Jason requests PVCACC print an age analysis of outstanding creditor balances. He
reconciles the outstanding balances on the analysis with the balances on the payment schedule to ensure all
outstanding creditor balances have been included for payment. Balances not included (and those which are
over 30 days old and the most likely not to qualify for discount) are discussed with the nancial manager,
James Khumalo, for further investigation.
After performing the above checks and if he is satis ed with all payment information, Jason accesses the
‘Supplier payments module’ on PVCACC with his username and supervisor password and ags the
electronic version of the payment schedule as ‘Ready for payment’.
7.8.6 Paying the supplier

• James Khumalo ( nancial manager)
• Lee-Ann Losper ( nancial director).
Payment to suppliers takes place on the last business day of each month by means of a monthly payment
run, using an EFT payment facility.
7.8.6.1 Payment signatories

e nancial manager and nancial director of Ntsimbi Piping are the only persons allowed to execute a
payment run. At least two authorised signatories are required to approve a payment on the company’s EFT
payment facility for the payment run to take place. e EFT facility is programmed in such a way that it does
not allow only one person to approve a payment: two authorised usernames are required.
7.8.6.2 EFT payment facility

e EFT facility utilised by Ntsimbi Piping is in the form of a software application installed on its computer
system by the company’s bank. e application enables the company to make electronic payments into the
bank accounts of its suppliers via the bank.
After Jason Naidoo has agged the payment schedule as ‘Ready for payment’ on PVCACC (refer to
7.8.5.4), he submits the printed version of the payment schedule and the supporting documents to the
payment signatories.
7.8.6.3 Executing a payment run

By performing a review on the payment schedule and supporting documentation, James ensures the
following are in effect before continuing with the payment run:
• e payment schedule has been signed by Vuyo Mthethwa and Jason Naidoo as proof of their having
performed their responsibilities;
• e amounts on the payment schedule agree with the amounts on the remittance advices and printed
supplier statement reconciliations;
• None of the supplier statements, or invoices in the purchase pack, has previously been cancelled, i.e.
there is no stamp on the documentation indicating ‘Paid’ (to avoid duplicated payments); and
• ere are no suspicious supplier names or amounts on the payment schedule.
If the above review indicates no discrepancies, James accesses the EFT application by entering his unique
username and password. James rst instructs the computer to transfer automatically the information on the
electronic version of the payment schedule (as prepared by Vuyo Mthethwa in 7.8.5.3 above) to the EFT
application. e EFT application has been set up in such a way that it can interface with the payments
schedule on the accounting system. is decreases the risks of inaccurate payment details being furnished to
the EFT application, suppliers being inappropriately added to the payment run and suppliers being omitted
from the payment run. As an added control after the transfer of the payment data to the EFT facility, the
computer automatically reconciles the data transferred onto the EFT application with the data on the
payment schedule to ensure all payment data has been transferred to the EFT facility (this is done prior to
the nal approval for the payments to be made).
If James and Lee-Ann are both satis ed with the payment information, they approve the payments on the
EFT application by selecting ‘Process payment’. (Any discrepancies would have been referred back to Vuyo or
Jason for correction prior to payment).
A ‘con rmation of payment’ report is printed from the EFT application indicating the nal amounts paid
to each supplier. Should the report indicate that a payment could not be processed (e.g. supplier has closed
its bank account or incorrect bank account details have been identi ed), the payment documentation is
handed to Jason Naidoo for resolution and resubmission.
After performing a successful payment run, the payment signatories stamp the payment schedule and all
supporting documentation in the purchase packs as ‘Paid’ to avoid the documents from being resubmitted
for payment in the future.
7.8.7 Recording of payment

• Sibongile Mathlabe (cash book clerk)
• Jason Naidoo (senior bookkeeper)
• James Khumalo ( nancial manager).
e payment schedule with supporting documentation is handed to Sibongile Mathlabe to process the
payments to the payments cash book and to send an individual remittance advice/proof of payment to each
supplier, which shows the details of the payment made.
7.8.7.1 Recording payments in the cash book

Sibongile accesses the cash payments transaction le (cash book) on PVCACC with his unique username
and password. He selects the ‘Process new payment’ function on the payments menu and enters the
payment schedule reference number. e payment schedule appears on-screen in read-only mode. He then
instructs the computer to post automatically all payments stored in the electronic payments schedule to the
cash payments transaction le and various creditors’ accounts in the creditors ledger.
7.8.7.2 Reviewing of recorded payment transactions

In order to ensure the accuracy, completeness and validity of recording and posting of payments, Jason
Naidoo (senior bookkeeper) reviews the cash payments transaction le by agreeing all recorded transactions
with the EFT facility’s ‘con rmation of payment’ report and vice versa. He identi es any incorrect amounts
recorded, payments not recorded at all and payments that do not appear on both the transaction le and the
‘proof of payment’ report.
7.8.7.3 Posting payments to the general ledger

When transactions are posted to the cash payments transaction le and creditors subledger, the transaction
is automatically posted by the computer to the appropriate accounts in the general ledger at the same time.
7.8.7.4 Bank reconciliation

At the end of each month, Jason Naidoo performs a bank reconciliation on the computer between the bank
control account in the general ledger and the balance of the company’s bank account on the bank statement.
James Khumalo reviews the bank reconciliation to ensure that valid reasons and supporting documentation
exist for all reconciling items and signs the reconciliation as proof of his review.
7.8.8 Returning goods and recording a purchase return

• Function performed by Ntsimbi Piping’s raw materials warehouse (manufacturing division) and the
accounting and nance division.
• Raymond Harris (production manager in the factory)
7.8.8.1 Identifying inventory to be returned

Should a need arise to return items purchased from suppliers, Louis Lynwood (warehouse supervisor in the
raw materials warehouse) creates a GRSV on the company’s computerised inventory system. Returns are
usually the result of items found to be unsuitable after they entered the production process in Ntsimbi
Piping’s factory. Louis enters the item code and quantity on the on-screen GRSV and the system
automatically determines the identity of the supplier with reference to information stored in its GRN
database. He must also furnish a reason for the return on the GRSV.
Raymond Harris (production manager in the factory) must authorise all GRSVs by signing them after
agreeing the quantities and item descriptions on the GRSV with the physical items being returned and
con rming through inspection of the items and supporting reasons (usually from factory personnel and
documented on the GRSV by Louis) that a return is indeed warranted.
Two copies of the GRSV are printed and distributed as follows:

• Copy 1 is led in the warehouse by Louis Lynwood for record keeping; and
• Copy 2 is sent to the accounting and nance division to initiate the creation of a debit note.
7.8.8.2 Creating a debit note

On receiving a GRSV from the raw materials warehouse, Vuyo Mthethwa retrieves the corresponding
supplier invoice showing the items being returned to ensure that Ntsimbi Piping has previously been
invoiced by a supplier for the particular items. He then enters the ‘Record adjustment’ menu on PVCACC
and selects the ‘Create purchase return’ option to commence the creation of a debit note. Vuyo needs to
enter the GRSV number before the computer allows him to create a debit note.
A separate debit note is generated for each GRSV, indicating the full particulars of the items being
returned as well as the prices of the items as per the purchase information stored in the purchase journal. At
the same time as the creation of the debit note, a transaction is posted to a ‘pending purchase returns le’
stored on PVCACC.
When Ntsimbi Piping requests a debit to its account from a supplier for a reason other than one relating
to items being returned (such as for accidental overcharge or discount not given by a supplier), Vuyo creates
a debit note on the computer that clearly contains a reason for the account debit request.
Vuyo then submits all supporting documentation (such as the GRSV, supplier invoice or supplier
statement) to James Khumalo, the nancial manager.
7.8.8.3 Approval and review of debit notes

James Khumalo is responsible for approving debit notes before they are sent to suppliers and before any
goods are returned. James accesses PVCACC and enters the ‘Debit notes awaiting approval’ menu on the
nancial application with his unique username and password. He ensures that:
• For each debit note in the pending le on the computer, a supplier invoice and authorised GRSV exist,
and that these reference to the returned items;
• e quantities and descriptions of items on the supplier invoice and GRSV agree to the details entered on
the debit note; and
• For any debit note not relating to items being returned, a valid reason exists on the debit note and
supporting documentation exist.
If he is satis ed with the validity and accuracy of the debit requests, James clicks on the ‘Approve’ button,
which posts the debit notes to the nancial records (purchase returns journal and general ledger accounts)
and updates the physical inventory records.
Jason Naidoo, the senior bookkeeper, reviews the physical copies of sequentially led GRSVs on a regular
basis to follow up on missing GRSVs and to con rm that for each GRSV a corresponding approved debit note
exists on the nancial application (posted to the purchase returns journal and general ledger accounts). He
prints a log from the computer system showing any missing GRSV numbers in the purchase returns journal
for follow-up. While performing the above review, he also accesses the pending purchase returns le to
ensure it has been cleared.
Vuyo submits an electronic copy of the debit note to the supplier by email.
For questions 1 to 3, select the correct answer(s):
1. Which of the following duties should be performed by different staff members in the purchases and
payments cycle in order to achieve proper segregation of duties? (More than one answer is possible.)
(LO 7)
a) Performing a quantity check on goods received and signing as acknowledgement of acceptance of
the goods
b) Ordering goods from suppliers and recording purchases in the accounting records
c) Receiving invoices from suppliers and performing supplier statement reconciliations
d) Obtaining quotations from suppliers and preparing a purchase order
e) Approving new suppliers and preparing a purchase order
2. When should an entity record a purchase in its accounting records? Generally when: (Only one answer
is possible.) (LO 3)
a) e purchase order is sent to a supplier
b) Goods are taken custody of on delivery from a supplier
c) An invoice is received from a supplier
d) A supplier con rms receipt of payment for goods previously purchased on credit
e) At any of the above times
3. A purchase transaction is initiated in the purchases component of the cycle when: (Only one answer is
possible.) (LO 5)
a) A purchase order is approved by the chief buyer
b) A purchase is recorded in the purchase journal
c) A need for goods or services is identi ed and a purchase requisition is completed by the relevant
department
d) A supplier statement is received from a creditor demanding payment of an outstanding balance
4. From an accounting perspective, the purpose of the purchases and payments cycle of a retailer is to
ensure that an entity procures the necessary goods for resale from trusted suppliers, in order to operate
an efficient and pro table business. (LO 1)
5. Internal controls implemented for the purpose of achieving the control objective of validity aim to
ensure that all purchase transactions that were entered into during a period are recorded in the nancial
records. (LO 9)
6. e control objective of accuracy aims to ensure that all purchase transactions in the nancial records
have been correctly recorded in terms of their amount and account classi cation. (LO 9)
7. State whether ‘expenditure’ in an entity’s Statement of Comprehensive Income would be understated or

overstated if unauthorised purchases have been recorded in the accounting records. Explain your
answer in terms of the applicable control objective that would not have been achieved. (LO 7)
8. List the functional areas in a typical purchases and payments cycle for a wholesale entity selling goods to
retail customers on credit and provide a brief description of the purpose of each functional area. (LO 4)
9. Complete the following table by linking the relevant assertion(s) to each control objective for purchase
transactions: (LO 10)
ASSERTION AFFECTED: PURCHASE

CONTROL OBJECTIVE
TRANSACTIONS
Validity
Accuracy
Completeness
10. Brie y describe the purpose of the following supporting documentation in the purchases and payments
cycle: (LO 6)
a) Goods return voucher
b) Debit note
c) Supplier statement
d) Purchase requisition
e) Goods received note
f) Remittance advice
11. For each of the items below, identify at least two reasons that an entity may fraudulently want to: (LO 7)
a) Overstate its expenditure.
b) Understate its accounts payable balance.
12. Identify and explain the effect of each of the following risks on an entity’s ‘net pro t for the year’ (if any):
(LO 7)
a) e risk that not all purchases that took place during the year were recorded in the accounting
records
b) e risk that the entity recorded invalid purchase returns during the nancial year
c) e risk that not all payments made to suppliers was recorded in the entity’s accounting records
13. Explain the term ‘accrual’ in the context of trade creditors and provide an example of why such accruals
may be required. (LO 3)
14. List the major classes of transactions and account balances affected by the purchases and payments
cycle. (LO 2)
15. Brie y describe the following computer technologies typically found in the cycle: (LO 8)
a) Electronic funds transfer (EFT)
b) Electronic data interchange (EDI)
16. Explain why the following internal control achieves the control objective of ‘completeness’ of recorded
purchase transactions: (LO 9)
‘On a weekly basis, the nancial manager scrutinises the purchase entries in the purchase journal to
detect any missing goods received note numbers (GRNs) and follows up with the accounts payable clerk
on reasons that a GRN has not yet been recorded as a purchase.’
17. Consider the following scenarios relating to Car Sound (Pty) Ltd, which manufactures a broad range of
vehicle audio equipment (including standard car radios on contract for a major vehicle manufacturer):
i) e company’s factory manager discusses the availability of inventory items used in the
manufacturing process with his factory foreman on a weekly basis in order to identify raw material
levels that are running low. e computer software that previously monitored inventory levels
stopped working the preceding month and has not yet been reprogrammed.
ii) When goods are received in the receiving bay of Car Sound (Pty) Ltd’s raw materials store, the
goods receiving clerk phones the senior bookkeeper to inform the accounting department of the
quantity of goods delivered and from which supplier the goods were received. e senior
bookkeeper then records the purchases in the purchase journal after having written down the items
on a blank piece of paper.
iii) Car Sound (Pty) Ltd maintains a list of approved suppliers, who are the only suppliers from which
purchases are allowed to be made. Due to staff shortages in the buying department, the company’s
bookkeeper has been tasked with the temporary responsibility of approving any new suppliers.
For each scenario (i to iii): (LO 11)

a) Identify and describe any weaknesses evident from the internal control system
b) For each weakness, state whether it involves an operational risk or a nancial reporting risk and
explain your answer
c) For nancial reporting risks, state the control objective affected by each such weakness.
18. For scenario (ii) of the previous question (question 17), brie y describe the internal controls that should
be implemented to achieve the control objective concerned. Also state the number of copies of the
goods received note that should be prepared and to which persons/departments each copy should be
distributed. (LO 12)
1 Source: U.S. Securities & Exchange Commission. [Online]. Available: https://www.sec.gov/news/pressrelease/2015-180.html

2 Securities: nancial instruments such as shares in a listed company.
3 Fraud: an act intended to deceive or mislead someone else in order to gain an illegal advantage.
4 Analyst expectations/estimates: the expected or estimated price of a company’s shares at a particular point in time, made by nancial
analysts and certain nancial services entities.
5 ‘Cushion account’: when used fraudulently and in the case of expenses, an expense account that is deliberately overstated so as to understate
net income in order to ‘soften’ the impact of uctuations in earnings over a period of time. Used to overstate income in later years when
provisions or liabilities are reversed.
Inventory and production cycle CHAPTER 8
Rolien Kunz
CHAPTER CONTENTS
Learning outcomes
Reference list
8.8 Cycle illustration: e inventory and production cycle at Ntsimbi Piping
LEARNING OUTCOMES

3. Explain the accounting treatment required for inventory and purchases/cost of sales.
balances.
7. Identify and describe the risks of misstatement at the assertion level affecting account balances,
classes of transactions and events in the nancial statements.
10. Describe how internal controls may assist in achieving the control objectives for the cycle and how
control objectives.
REFERENCE LIST
International Accounting Standards Board (IASB) (2003) (Revised) IAS 2 Inventories.
IN THE NEWS
Employee inventory theft – a reality
An employee from a cellular phone store in the United States was charged with the theft of 22
cellular phones with a value of $18 901.38, from the store where he worked. The employee
disguised the theft of the 22 iPhone 8s by adjusting the inventory records. He did this by writing the
phones off as damaged inventory. This was detected by the store’s operations manager when the
operations manager went to look for the damaged phones on the pallet of write-off phones in the
warehouse, and determined that the phones were not there. The operations manager reported the
matter and the necessary actions were taken by the store.
REFLECTION
Which assertion(s) will be affected if proper internal controls regarding the safeguarding of
inventory are not implemented by an entity?
• Another word for safeguarding is protecting. An entity should protect its inventory from theft as
well as damage.
• If inventory is not safeguarded by an entity, it might be stolen which will lead to inventory that
does not exist being included in the nancial statements, therefore the existence assertion will be
affected.
• If inventory is damaged due to a lack of safeguarding, the inventory’s net realisable value may be
below cost – which in turn will affect the accuracy, valuation and classi cation assertion.

of the cycle?
e inventory and production cycle relates to an entity’s function of managing and safeguarding its
inventory and, in the case of a manufacturing entity, controlling the production process.
REFLECTION
Will the inventory and production cycle be relevant to all entities, irrespective of the type of
entity?
• This cycle is only applicable to entities selling goods (e.g. trading or manufacturing entities) and
not to those entities only rendering services.
e inventory balance (originating from this cycle) will have a material effect on both the Statement of
Comprehensive Income and the Statement of Financial Position of entities manufacturing and/or selling
goods.
Failure to safeguard inventory by a trading or manufacturing entity may lead to theft of and damage to
inventory and will put signi cant strain on the entity’s cash ow, which may lead to eventual bankruptcy.
Failure to control the production process effectively may result in the products produced not being saleable,
obsolete inventory for which there is low demand and claims against the entity for damages suffered by
those purchasing the products, which will also cause considerable damage to the entity’s reputation.
However, the cycle is not just about the operational functions of safeguarding of inventory and controlling
the production process. It is also about the accounting function where transactions associated with the
production process are costed and accounted for (recorded) in an entity’s accounting records.
e purpose of the inventory and production cycle in an entity is to:

• Safeguard the inventory against theft and damage;
• Control the movement of inventory (raw material, work-in-progress and nished goods) during the
production process (for manufacturing entities); and
• Control the production process itself (e.g. what and how many to manufacture, spillage during the
production process and quality of the manufactured goods) – for manufacturing entities.
From an accounting perspective, raw materials, work-in-progress and nished goods are recorded as
inventory. It is imperative that only inventory that exists and to which the entity has the rights of ownership
are recorded, that all inventory items are recorded and that inventory is recorded at the appropriate
amounts, otherwise the misstatements in the inventory account balance included in an entity’s nancial
statements will re ect an incorrect picture of the nancial performance and nancial position of the entity.
For this reason, it is also important that the movement of the inventory as it progresses through the
production process from raw materials to work-in-progress to nished goods, and the costs relating to the
transformation, are appropriately recorded.
is chapter focuses on the nancial internal controls that will ensure that inventory is safeguarded, costed
and accounted for correctly. e focus is not on the operational controls that might also be necessary in the
cycle to control the production process.
REFLECTION
Consider the following: What are the implications for the nancial statements should an entity
not correctly record (i) all the movements of the inventory through the production process from
raw materials to work-in-progress to nished goods, and/or (ii) all the costs relating to this
transformation of raw materials into nished goods?
• If it is not correctly recorded, inventory (and the related costs) will be misstated in the accounting
records and consequently in the entity’s nancial statements.
• Speci cally, the assertions for the inventory account balance and related disclosures such as
classi cation and accuracy, valuation and allocation will be affected – the speci cs of the fact set
will determine the speci c assertion(s) that are misstated.
REFLECTION
Can you think of reasons why the management of an entity would want to overstate or understate
its inventory? These incentives may give rise to risks relating to the entity’s nancial statements
containing material misstatements.
• Overstating inventory will translate to assets and pro ts being overstated (as cost of sales will be
understated) leading to the entity appearing to be more pro table/ nancially sound than it
actually is. By arti cially improving the appearance of an entity’s nancial performance and
position, this will facilitate the entity’s ability to raise funds from banks or shareholders.
• On the other hand, the understatement of inventory will lead to an understatement of the entity’s
pro ts and ultimately to an understatement of its taxable income. This, in turn, will reduce the
entity’s tax liability.
8.1.2 Types of inventory and production

Although entities sell different types of inventory and have different production processes, the cycle’s
purpose will remain the same in principle. Some examples of various types of inventory and production
processes are:
• A retailer selling clothing, food products or motor vehicles;
• A wholesaler selling bulk food products to retailers;
• A forestry entity selling wood to a furniture manufacturing entity;
• A furniture manufacturing entity selling goods it has produced (e.g. wooden furniture) to wholesalers,
retailers or the public; and
• A resource entity (e.g. an iron ore mine selling minerals it has mined to a metal re nery).
Irrespective of the type of entity, its inventory will have to be safeguarded against theft and damage.

As with the other business cycles, one will have to search far and wide to nd two inventory and production
cycles that are exactly the same. As a result, the names of the source documents and records and types of
controls used in the cycle differ among entities. Although the principles and objectives of sound internal
controls, the risks facing entities and the related principles of sound internal controls are similar for all
entities, each entity will implement its own particular controls and will have its own way of initiating,
recording, processing and reporting transactions in the inventory and production cycle.
erefore, a proper understanding of the purpose of the cycle and the typical risks an entity faces when
manufacturing and safeguarding inventory is crucial.
8.1.4 e link between this cycle and the other cycles

is cycle relates to an entity’s function of managing and safeguarding its inventory and, if the entity is a
manufacturer, controlling the production process. It is important to note that in order to have inventory to
safeguard, the entity must rst order and receive the inventory, after which it will be safeguarded until it is
sold and despatched to the clients. e inventory and production cycle therefore has very close links with
two of the other business cycles, namely the purchases and payments cycle and the revenue and receipts
cycle.
In order for a manufacturing entity to transform the raw material into nished goods, additional costs
will be incurred. ese costs will include labour costs, which have a direct link with the human resources
cycle. e additional costs will also include overhead costs, which once again implies a direct link with the
purchases and payments cycle.
In a manufacturing entity, a production transaction (to transform raw materials into nished goods) will
commence as soon as a job order has been received from a client or as soon as internal production orders
have been prepared and authorised. To ensure that the required raw materials are available timeously,
purchase requisitions will be prepared by the entity’s staff. ese will then become part of the purchases and
payments cycle discussed in Chapter 7.
e receipt of the requisitioned inventory into the entity’s warehouse will be the starting point for an
entity purchasing inventory for resale purposes (i.e. a retail or wholesale entity). e initiation of a purchase
requisition will be recorded as part of the purchases and payments cycle, but on receipt this inventory has to
be managed and safeguarded. Although no transactions take place, this is the part where the inventory and
production cycle ts in. If the inventory is not properly safeguarded, adjustments will ultimately have to be
made to the inventory gures in the accounting records.
As soon as one of the above triggers occurs, the inventory and production cycle will go into motion and
the internal controls in the cycle are triggered.
In a manufacturing entity, the production aspect of the cycle is completed when the nished goods are
transferred to the warehouse and the allocation of costs related to the production process is recorded in the
accounting records.
In all entities that have inventory on hand, the receipt of an order from a client will lead to the despatch of
inventory, and from the moment the inventory is moved from the place where it has been safeguarded
(normally the warehouse) to the despatch area, the inventory no longer forms part of this cycle. e
inventory then becomes part of the revenue and receipts cycle.
Figure 8.1: PVC pipes in the nished goods warehouse, ready for despatch
Source: Bigstock.
For details of how an inventory transaction is recorded in the accounting records, refer to section 7.1.7 of
Chapter 7.
8.1.6 Example of a typical transaction in the inventory and production

cycle
For a retail entity as soon as the quantity on hand of an inventory item reaches a certain predetermined
minimum inventory level, the inventory will be ordered from a supplier, which will be the commencement of
a purchase transaction (purchases and payments cycle). On receipt of the goods from the supplier, the entity
will prepare a goods received note (GRN) and the goods will be transferred to the warehouse (purchases and
payments cycle). e entity then has to manage the inventory and safeguard it against theft and damage until
the inventory is sold to a customer (inventory and production cycle). e customer may phone or email the
entity to place an order for goods (revenue and receipts cycle). If the goods are available in the warehouse,
the sales and credit department will instruct the warehouse to pick the goods and pack them for despatch
(revenue and receipts cycle). Despatch will deliver the goods to the customer, who is then invoiced by the
accounting department (revenue and receipts cycle).
Figure 8.2 illustrates the movement of inventory in a retail entity.
Figure 8.2: Movement of inventory in a retail entity
In a manufacturing entity, a transaction will commence as soon as a job order has been received from a
customer or as soon as internal production orders have been prepared and authorised. e goods ordered
and received will represent raw materials and consumables that will be transformed into nished goods. In
addition to the actions described above for a retail entity, namely the preparation of a GRN for the raw
materials received, the transfer of the goods to the warehouse and the safeguarding of the inventory against
theft and damage until the inventory is sold to a customer, the process will have to incorporate the following
in a manufacturing entity – all of which form part of the inventory and production cycle:
• e control of the movement of the raw materials from the raw materials warehouse to the factory (where
it will become part of the work-in-progress) and from there to the nished goods warehouse;
• e control of the costs allocated during the production process; and
• e control of the operation of the production process itself.
Figure 8.3 illustrates the movement of inventory in a manufacturing entity.
Figure 8.3: Movement of inventory in a manufacturing entity

Transactions in the inventory and production cycle must all be recorded in the accounting records of the
entity and be allocated to a particular general ledger account. Understanding which account is affected by a
speci c transaction will enable better understanding of the risks involved in the transaction’s path through
the cycle.
e following accounts are affected by the inventory and production cycle:

• Cost of sales
Refer to the Statement of Comprehensive Income in the nancial statements of Ntsimbi Piping (page 8)
and its Detailed Income Statement in the supplementary information (page 25) and note the line item
‘Cost of Sales’.
• Purchases (only in the case of a periodic inventory system).

• Inventory which can consist of:
• Raw materials;
• Work-in-process; and
• Finished goods.
Refer to the Statement of Financial Position in the nancial statements of Ntsimbi Piping (page 7) and
note the line item ‘Inventories’.
8.1.8 IAS 2 and the treatment of inventory for nancial reporting

purposes
IAS 2 contains the requirements for accounting for inventory. In terms of IAS 2 paragraph 6, inventories are
those assets:
• Held for sale in the ordinary course of business ( nished goods);
• In the process of production for such sale (work-in-progress); or
• In the form of materials or supplies to be consumed in the production process or in the rendering of
services (raw materials).
Inventories shall be measured at the lower of cost and net realisable value, the latter being the estimated
selling price in the ordinary course of business, less the estimated cost of completion and the estimated costs
necessary to make the sale (IAS 2 paragraph 28). e cost of inventories shall comprise all costs of purchase,
costs of conversion and other costs incurred in bringing the inventories to their present location and
condition (IAS 2 paragraph 10).
When inventories are sold, the carrying amount of such inventories shall be recognised as an expense in
the period in which the related revenue is recognised. e amount of any write-down of inventory to net
realisable value and all losses of inventories shall be recognised as an expense in the period in which the
write-down or loss occurs.
Should an entity not comply with the requirements of IAS 2, it runs the risk of having material
misstatements in its nancial statements, which will result in a modi ed opinion in the auditor’s report and
possibly adverse consequences for the entity.
REFLECTION
How can management use inventory to manipulate the nancial statements?
• The pro t gure in an entity’s nancial statements can be misstated by manipulating the inventory
gure in the nancial statements.
• Overstating inventory will provide an arti cially ‘better’ picture of an entity’s nancial position and
performance compared to when inventory is not overstated. The entity’s assets and as a
consequence its pro ts will be overstated (as cost of sales will be understated) leading to the
entity looking more solvent and pro table than it actually is.
• On the other hand, the understatement of inventory will go hand in hand with the understatement
of pro ts and taxable income.

From the moment a transaction in the cycle is triggered (job order has been received from a client or the
internal production order has been prepared and authorised) to the time of receipt of the raw materials and
the despatch of nished goods, many activities take place to ensure that the transaction is executed properly
and that it is properly recorded in the accounting records.
For a typical manufacturing entity, the cycle can be split into the following functional areas:
1. Storage of raw materials;
2. Production planning;
3. Transfer of raw materials to production;
4. Production;
5. Transfer of nished goods to nished goods warehouse;
6. Storage of nished goods;
7. Cost allocation and updating of inventory records; and
8. Maintenance of inventory records.
A brief summary of each functional area follows:

1. Storage of raw materials
Purpose: To safeguard raw materials against theft and damage.
Main activities: Protecting the raw materials.
Persons involved in this area: Raw material warehouse personnel.
REFLECTION
Can you think of examples of how inventory can be protected from theft?
• Implement access control to the warehouse (e.g. locked, with restricted entry, and minimal
entry/exit points to the warehouse and/or factory); and
• Employ security guards to patrol and monitor the area, who can be supported by installing and
monitoring surveillance cameras.
REFLECTION
Can you think of possible circumstances which may result in damaged inventory, and identify
examples of how inventory can be protected from damage?
• There are a number of general circumstances which might result in damaged inventory, such as
leaking roofs and untidy warehouses. Therefore solid-structure, well-maintained buildings and
neatly packed warehouses are examples of how inventory can be protected from being damaged.
• Another point to consider in answering this question is the type of inventory being discussed.
• For example, consider frozen meals compared to text books. The frozen meals could be
damaged if not kept below a certain minimum temperature, whilst the temperature at which
text books are stored will have no effect on them.
• Therefore, the examples identi ed for protecting speci c types of inventory from damage need to
take the inventory’s speci c characteristics into account.
2. Production planning
Purpose: To plan the production process.
Main activities: Determine production needs, determine raw materials needed and request raw materials.
Persons involved in this area: Marketing manager, production manager, factory manager.
REFLECTION
What will happen if an entity does not determine its production needs properly?
• The entity might manufacture too much inventory, for which there is no demand, resulting in
obsolete inventory; or
• The entity might not manufacture suf cient inventory to meet the demands of customers,
resulting in unhappy customers; or
• The production process may be disorganised (e.g. production commencing without all the raw
materials being available), resulting in the entity’s resources such as labour and material being
wasted.
3. Transfer of raw materials to production

Purpose: To control the raw materials issued to the factory.
Main activities: Preparation of raw materials to be transferred, transfer of raw material to the factory, receipt
of raw material at the factory.
Persons involved in this area: Raw materials warehouse personnel, factory personnel, inventory clerk and
other accounting personnel.
REFLECTION
Why are personnel from both the raw materials warehouse and the factory involved in this
functional area?
• Raw materials warehouse personnel will be involved in the selection, preparation and transfer of
the raw material from the raw materials warehouse and the factory personnel will have to receive
the raw materials transferred to the factory.
4. Production
Purpose: To control the production process.
Main activities: Comparison and reconciliation of raw materials received and nished goods manufactured,
inspection of the quality of nished goods.
Persons involved in this area: Factory personnel.
REFLECTION
Why is it necessary to inspect the quality of the nished goods?
• The manufactured goods might not meet the entity’s quality standards and if it is not detected
the sub-standards goods will be sold and delivered to the entity’s customers. This will result in
dissatis ed customers and reputational damage to the entity – and nancial losses that have to
be incurred in order to replace the inferior products.
5. Transfer of nished goods to nished goods warehouse

Purpose: To control the nished goods transferred to the nished goods warehouse.
Main activities: Transfer of nished goods from the factory to the nished goods warehouse, receipt of
nished goods at the nished goods warehouse.
Persons involved in this area: Factory personnel, nished goods warehouse personnel, inventory clerk and
other accounting personnel.
6. Storage of nished goods

Purpose: To safeguard nished goods against theft and damage.
Main activities: Inspecting goods received into the nished goods warehouse, protecting the inventory in
storage.
Persons involved in this area: Finished goods warehouse personnel.
REFLECTION
Will the controls implemented for this function be similar to the controls implemented for the rst
function (storage of raw materials)?
• Yes, the controls will be similar but there might be slight differences regarding the controls to
prevent damage.
• As explained earlier, the type of inventory might have an effect on the controls required – for
example, while the raw materials might have to be protected from getting wet (e.g. PVC resin in
powder form as raw material), this will not apply to the manufactured PVC pipes ( nished goods).
7. Cost allocation and updating of inventory records

Purpose: To update costing for the manufactured inventory on the inventory records.
Main activities: Calculation, review and recording of labour and overhead costs allocated to nished goods,
recording movement of inventory, performing inventory counts and updating inventory records accordingly.
Persons involved in this area: Accounting personnel, warehouse personnel.
There are different costing methods to account for the cost of goods sold, of which the following are
examples: rst in, rst out (FIFO); last in, rst out (LIFO); and weighted average.
When using the FIFO method, the oldest costs are assigned to the inventory items sold,
regardless of whether the sold items were actually purchased at that cost. Once the number of
inventory items purchased at the oldest cost has been sold, the next oldest cost is assigned to
sales. For example, for costing purposes, if an entity buys 100 pencils at R2 each, then buys 100
more at R2.50 each, the entity would assign the R2 cost to the rst 100 pencils sold and thereafter
begin to assign the R2.50 cost.
The LIFO method is the exact opposite of the FIFO method, assigning the most recent inventory
costs to items sold. Using the example above, for costing purposes under the LIFO method, an entity
would assign the latest cost of R2.50 to the rst 100 pencils sold, then move on to the R2 cost,
assuming it had not made another purchase in the meantime.
The weighted average cost method assigns inventory costs by calculating a moving average of all
inventory purchase costs. With the same example as above, using the weighted average method for
costing purposes, the entity would assign an average cost of R2.25 (weighted average of 100 at
R2.50 and 100 at R2) to all 200 pencils sold.
It should be noted that according to IAS 2 on Inventories, speci cally paragraph 25, the cost of
inventories shall be assigned using the FIFO or weighted average cost methods, and not the LIFO
method.
8. Maintenance of inventory records

Purpose: To keep the inventory records up to date.
Main activities: Recording any adjustments required to the inventory records.
Persons involved in this area: Accounting personnel.
Be sure to distinguish between operational activities and nancial recording (bookkeeping). Many
actions in the cycle are not performed by accounting/bookkeeping staff. An entity is primarily about
manufacturing and/or selling goods or rendering services, and not about the accounting behind it.
However, the accounting function is crucial as it evidences the history of the transactions from their
origin all the way through to when they were recorded in the accounting records (to eventually form
part of the entity’s nancial statements).
For a retail entity, only functions 6, 7 and 8 above are applicable, as no manufacturing (dealt with in
functions 1 to 5 above) takes place.

MARKETING PRODUCTION ACCOUNTING

FACTORY WAREHOUSE
DEPARTMENT DEPARTMENT DEPARTMENT
2. Production 2. Production 2. Production 1. Storage of raw 7. Inventory costing

planning planning planning materials and updating of
inventory records
3. Transfer raw 3. Transfer raw 8. Maintenance of

materials to materials to inventory records
production production
4. Production 5. Transfer nished

goods to nished
goods warehouse
5. Transfer 6. Storage of nished

nished goods goods
to nished
goods
warehous
8.3.1 Accounting for inventory and production transactions
An entity must implement an information system for all cycles, which includes an accounting system. e
purpose of the information system is to account for transactions that ow through the entity’s cycles, from
the time the transaction is initiated, to where it is recorded, processed, transferred to the general ledger and
reported to stakeholders by means of the nancial statements.
Proper record keeping of transactions on source documents (such as a raw materials transfer note), in
journals (such as the general journal) and in ledgers (such as the general ledger) is therefore critically
important for reliable nancial reporting. Should the information system (including the accounting system)
fail to keep proper records of inventory and production transactions and the resultant related assets, an
entity’s nancial statements might be materially misstated, possibly rendering it unreliable or even
meaningless or misleading.
8.3.1.1 e use of general journals

e inventory and production cycle includes the use of recurring standard general journal entries on a
periodic basis, such as the recording of the transfer from raw materials to work-in-progress and the transfer
of nished goods from work-in-progress. Non-standard general journal entries may be used to account for
the discrepancies between theoretical and actual inventory identi ed during cycle and/or year-end
inventory counts. Additional internal controls are required for general journals, as there is an increased risk
of accounting staff and/or management using them to commit fraud.

As an inventory and/or manufacturing transaction ows through the information system of an entity, source
documents will be created in each functional area (refer to section 8.2). Each source document will be used
when the transaction has to be recorded in the accounting records (journals and ledgers).
A list of supporting documents, records, reports and reconciliations to be found in the inventory and
production cycle follows.

All the supporting documents mentioned below relate primarily to quantities of inventories. You will recall
from section 8.1.4 of this chapter that the inventory and production cycle is linked to the purchases and
payments cycle (where the cost of raw materials and production overheads is determined) and the human
resources cycle (where labour costs related to production are determined). erefore, there are no source
documents in the inventory and production cycle that deal exclusively with the costing of inventory.
1. Production plan/schedule (manufacturing entity)

is document is prepared based on sales forecasts, inventory currently on hand and speci c customer
orders that have been received. It is used to inform the factory about the nished goods (Ntsimbi Piping:
PVC products) that need to be manufactured and the raw materials that need to be requested from the raw
materials warehouse.
2. Production order (manufacturing entity)
A production order is prepared based on the production plan/schedule and is normally used in a process
costing system. is document records an order for the factory to produce a speci ed quantity of an item of
inventory. Note that this is very different from a purchase order (order to purchase goods, which could be
raw materials for manufacturing or goods for resale), which is part of the purchases and payments cycle
covered in Chapter 7.
A job order is the equivalent of a production order but is used in a job costing system where inventory has to
be manufactured according to a client’s speci cations.
Process costing is a method of costing used mainly in manufacturing where units are continuously
mass-produced through one or more processes. Examples of this include the manufacturing of
pencils, clothing and cars. In process costing, the process is costed, unlike job costing where each
job is costed separately.
3. Raw materials requisition (manufacturing entity)

A raw material requisition is prepared by the factory, in terms of the production schedule, to request the raw
materials (e.g. at Ntsimbi Piping this will include PVC stabilisers, plasticisers, antioxidants and other
excipients from the raw material warehouse). It is generally similar in appearance to a purchase requisition,
an example of which appears in the appendix at the end of the book (document 2H).
4. Raw materials transfer note (manufacturing entity)

To transfer the requested raw materials from the raw materials warehouse to the factory, a raw materials
transfer note is necessary to accompany the raw materials.
5. Finished goods transfer note (manufacturing entity)
is document is prepared for the transfer of nished goods (at Ntsimbi Piping: PVC products) from the
factory into the nished goods warehouse. It is generally similar in appearance to the raw materials transfer
note (document 3C in the appendix at the end of the book).
6. Production reports/shift report (manufacturing entity)

is report provides a summary of the inventory (PVC products) that was manufactured within a speci c
time frame. e report can be prepared per shift, daily or even weekly depending on the type of products
being manufactured.
7. Inventory count sheets (manufacturing, wholesale and retail entities)
ese sheets are used to record inventory quantities on hand during the inventory counting process. e
quantities recorded on the inventory sheets (actual inventory) are then compared to the quantities on the
entity’s perpetual inventory records (theoretical inventory) or used as a starting point to cost the inventory
on hand (periodic system).
8. Inventory tags (manufacturing, wholesale and retail entities)

Inventory tags are attached to the inventory items during the inventory count process and are used to record
the inventory quantities on hand. ese quantities are then recorded onto the inventory count sheets
explained above.
9. Master le amendment form (computerised systems) (manufacturing, wholesale and retail entities)
A master le amendment form is completed in a computerised system each time an inventory item’s
standing data is to be changed on the inventory master le (the inventory master le contains details
regarding the inventory items), or if an inventory item is to be added to or deleted from the master le. For
example, if an inventory item not previously purchased is bought, the GRN will be attached to the master le
amendment form as a supporting document for the amendment to the master le (i.e. the creation of the
new inventory item).
10. Inventory adjustment form (manufacturing, wholesale and retail entities)
e inventory amendment form will also be used to adjust differences between actual inventory (quantities
counted during the inventory count) and theoretical inventory (quantities contained in the inventory master
le).
EXAMPLE
Source documents in a cycle facilitate the creation of other source documents as a transaction
ows through the cycle. For example, a production plan will be used to create a production
schedule.
Further examples:

1. General journal (manufacturing, wholesale and retail entities)
e general journal contains records of all non-routine transactions and events not allocated to the ordinary
journals (e.g. sales, sales adjustments and cash receipts journal) such as recording of the discrepancies
between perpetual inventory records and actual inventory counted during the inventory count.
2. General ledger (manufacturing, wholesale and retail entities)

transactions that occurred in the various cycles of an entity. e general ledger facilitates the compilation of
a trial balance and the nancial statements.
It further enables a double-entry bookkeeping function that controls the recording of transactions in an
accounting system. For example, a credit to the raw materials account will always be matched to a debit to
the work-in-progress account in a manufacturing entity.
3. Inventory transfer journal (manufacturing entities)

is journal will contain all the transfers (movements) of inventory through the different functional areas, for
example from the raw materials warehouse to the factory and from the factory to the nished goods
warehouse.
e amounts re ected in the journals and ledgers have to be determined according to the entity’s
method for costing inventory and the requirements of IAS 2 on Inventories.

1. Inventory master le (manufacturing, wholesale and retail entities)
Manual system equivalent: Inventory ledger
e inventory master le is a database re ecting the quantities of inventory on hand (i.e. raw materials,
work-in-progress and nished goods) at a particular point in time, together with the items’ inventory codes
and descriptions. e cost price may also be re ected in the inventory master le.
8.3.4 Reports
1. Inventory listing (summary list of all inventory: computerised systems only) (manufacturing,
wholesale and retail entities)
e inventory listing is generated from the inventory master le. A computer application will typically allow a
user to choose which information (data elds) to include on the list, such as inventory code, inventory
description, quantity on hand and cost price. e total cost of inventory per this listing, when adding
together all the individual inventory cost amounts, should agree with the balance of the inventory account(s)
in the general ledger.
1. Inventory reconciliation (manufacturing, wholesale and retail entities)
Inventory reconciliations take place during inventory counts between the quantities recorded on the
inventory sheets (actual inventory) and the quantities on the inventory list (theoretical inventory). In this
way, an accountant can detect inventory shortages/surpluses, which may be the result of theft, inventory
items which were never recorded, as well as damaged inventory items. e adjustments required as a result
of this process will be recorded on the inventory adjustment form.
8.3.6 Illustration: Transaction ow in the inventory and production

cycle
For an illustration of the transaction ow in this cycle refer to Figure 8.2 and Figure 8.3 in section 8.1.6 of this
chapter under the heading ‘Example of a typical transaction in the inventory and production cycle’. Note that
entities differ regarding the exact nature of the ow of the transactions, and the names, types and numbers of
copies of documents and application of the internal controls. Any inventory and production system should,
however, address the risks facing the entity relating to the cycle in order to achieve the control objectives of
validity, accuracy and completeness of nancial information relating to this cycle.

e major risks in the cycle have a direct correlation with the nature and purpose of the cycle (as discussed
earlier in the chapter). e major risks are that:
• Costs (i.e. raw materials, labour and overhead costs) are incorrectly allocated to inventory, resulting in
inaccurate carrying amount of inventory ( nancial reporting risk); and
• Inventory may be stolen and/or damaged, either in the warehouse or during the manufacturing process,
which would lead to losses for the entity (misappropriation risk).

Computer technology which can be applied in the inventory and production cycle includes barcode
scanning. Barcode scanners can be connected to a software application located on the entity’s computer
system that will obviate the need for employees to capture information pertaining to the inventory items
being moved.
e barcodes appearing on the inventory items can be scanned using either a hand-held or a xed
barcode scanning device. e data read by the scanner is fed into the entity’s accounting system (including
inventory records) in order to update these records for the movement of inventory. e use of the scanners
will reduce the risk of incorrect items being captured onto the system, and this will reduce the risks of
inaccurate inventory records (e.g. wrong quantities and/or costs) and dissatis ed customers (e.g. should the
incorrect goods be delivered to them).

also applies to the entity’s inventory and production cycle. Should an entity not be able to avoid these risks,
the inventory and production transactions recorded in its accounting records may be invalid, inaccurate or
that inventory and production transactions (including any adjustments) are valid, and are completely and
accurately recorded and processed by the entity’s nancial information system.

e validity, accuracy and completeness of inventory and production-related information comprise the
control objectives that management aims to achieve to address the major risks present in the cycle.
To ensure that inventory and production transactions are valid, management will have to implement
controls over these transactions to ensure that the recorded inventory and production-related transactions
are genuine. In other words, the manufacturing of the inventory was authorised in accordance with
management’s policy and all the inventory and production transactions that were recorded occurred (thus
were not ctitious) during the period and were supported by sufficient documentation.
To ensure that inventory and production transactions are accurate, controls will have to be implemented
to ensure that the transactions are recorded at the appropriate amounts. An appropriate amount would be
calculated correctly using an appropriate costing method and the correct costs (and would include for
manufactured inventory, raw materials, labour, direct and indirect costs). e transaction should also be
correctly classi ed in terms of the entity’s chart of accounts and be summarised and posted to the entity’s
accounting records.
To ensure that inventory and production transactions are complete, controls will have to be
implemented to ensure that all inventory transactions that took place in a given period should be recorded in
a timely manner. In other words, no authorised inventory and production transactions should be omitted
from the entity’s accounting records.
Table 8.2 explains the consequences if the control objectives are not achieved.
Table 8.2: Control objectives and consequences if not achieved
CONTROL OBJECTIVE CONSEQUENCE IF CONTROL OBJECTIVE IS NOT ACHIEVED
Validity Over or understatement of inventory (Example: Should a

ctitious (fake) manufacturing transaction have been
recorded, the transaction did not occur, leading to the
overstatement of inventory in the entity’s accounting records,
whereas a ctitious inventory despatch (sales transaction)
will lead to the understatement of inventory.)
Accuracy Over or understatement of inventory (Example: Should the

incorrect costs have been allocated to manufactured
inventory, the transaction would not be accurate. As a result,
inventory might be overstated (if excessive costs have been
allocated) or understated (if too little costs have been
allocated).)
CONTROL OBJECTIVE CONSEQUENCE IF CONTROL OBJECTIVE IS NOT ACHIEVED
Completeness Over or understatement of inventory (Example: Should a

manufacturing transaction not have been recorded, the
inventory records will be incomplete, leading to an
understatement of inventory in the entity’s accounting
records. On the other hand, should the movement of raw
materials to work-in-progress not be recorded, the raw
materials inventory balance will be overstated.)

control objectives can be achieved either manually (a person performs the internal control) or by automated
control objectives.
Validity of inventory and production transactions:

• Transfers of raw materials from the raw materials warehouse to the factory being approved by either
manual or automated means;
• Transfers of nished goods from the factory to the nished goods warehouse being approved by either
manual or automated means;
• Recording inventory and production transactions in the accounting records that relate to actual
inventory movements (i.e. transactions that are not ctitious) that are supported by genuine supporting
documentation, such as raw materials transfer notes;
• Performing regular inventory cycle counts, followed by reconciliations between the quantities recorded
on the inventory count sheets and the inventory listing (or master le); and
• Any adjustments required to the quantities of inventory on hand being approved by either manual or
automated means.
Accuracy of inventory and production transactions:

• Recording correct amounts on supporting documentation (such as on the inventory adjustment form);
and
• Independently checking the mathematical correctness of calculations for amounts on supporting
documentation and in the accounting records.
Completeness of inventory and production transactions:

• Independently checking that there are no gaps in the sequential numbering (recording) of raw materials
and nished goods transfer notes; and
• Performing regular inventory cycle counts, followed by reconciliations between the quantities recorded
on the inventory count sheets and the inventory listing (or master le).

Recorded transactions that are not valid, accurate and complete (caused by the control objectives not having
been achieved) will result in inventory and cost of sales/purchases being misstated in the accounting
records, which will in turn result in the nancial statements being misstated.
e process of recording a transaction in the nancial records and thus for it to be included in the
As a transaction is processed through an entity’s information system, it will be subject to numerous internal
controls that help it along the way to ensure that the control objectives are achieved. e transaction will
only reach its destination appropriately if it ends up in the nancial statements in a manner that achieves the
accounting system and related internal controls. In this way, the control objectives contribute to the
appropriateness of the assertions made by management in the nancial statements and will indirectly result
in the latter being free from material misstatement.
CYCLE CASE STUDY


Note the line item ‘Inventories’ with a balance of R9,326,597 and to the Notes to the Annual Financial
Statements of Ntsimbi Piping – speci cally note 4 (Inventories) (page 16).
• In relation to existence, inventories making up the balance exist (i.e. the constituent assets are
not ctitious).
• In relation to rights, Ntsimbi Piping holds or controls inventory, and as a result is entitled to the
underlying assets making up the balance. The inventories do not belong to another entity.
• In relation to accuracy, valuation and allocation, the inventories balance of R9,326,597 is
determined by applying an appropriate costing method and the correct costs to the underlying
quantities of inventory (note that the existence assertion above relates to inventory quantities).
Further, any adjustments as to the carrying amount of the underlying assets have been recorded
appropriately (e.g. where cost exceeds net realisable value, the appropriate write-downs have
been made), and the related disclosures have been appropriately measured and described.
• In relation to completeness, all assets deemed inventories and which are assets of Ntsimbi
Piping, have been recognised as such in the nancial statements (notwithstanding the
measurement thereof, which is dealt with separately under the accuracy, valuation and allocation
assertion). In addition, all disclosures relating to inventories that should have been made (such
as the analysis of the categories of inventories in the notes to the nancial statements) have
been made (completeness of disclosures).
• In relation to classi cation, the transactions relating to the inventories balance of R9,326,597
have been recorded in the appropriate inventories-related accounts, and do not relate to, for
instance, cost of sales.
• In relation to presentation, inventories have been appropriately aggregated/disaggregated, and
are clearly described in the nancial statements, while the related disclosures are relevant and
understandable in the context of the applicable nancial reporting framework (IAS 2 in this
instance). For example, vague and ambiguous descriptions have been avoided in the nancial
statement note on inventories.

Refer to the Statement of Comprehensive Income in the nancial statements of Ntsimbi Piping (page
8). Note the item ‘Cost of sales’ in the amount of R105,274,615.
• In relation to the occurrence assertion, cost of sales transactions amounting to R105,274,615
did in fact take place (these transactions occurred and are not ctitious) and also pertain to
Ntsimbi Piping.
• In relation to accuracy, the cost of sales transactions making up the total have been recorded at
correct amounts (e.g. in terms of the correct item quantities sold and the costs of nished goods
sold). Moreover, the related disclosures regarding cost of sales in the nancial statements, if
applicable, have been appropriately measured and described.
• In relation to completeness, all cost of sales transactions that took place during the nancial
year and which pertain to Ntsimbi Piping have been recorded and are included under cost of
sales (or a corresponding cost of sales transaction was recorded for each sale transaction that
was recorded). In addition, all the disclosures relating to cost of sales that should have been
included in the nancial statements have been included.
• In relation to cut-off, each of the cost of sales transactions included in the total is recorded in
the appropriate nancial period – matching the timing of when the sale (appropriately recognised
in terms of IFRS 15) was recorded.
• In relation to classi cation, all transactions, constituting the total of R105,274,615, are
appropriately classi ed as cost of sales and do not relate to, for instance, inventory.
• In relation to presentation, and to the extent that disclosures about cost of sales are provided in
the nancial statements, this class of transactions has been appropriately
aggregated/disaggregated and is clearly described, while the related disclosures are relevant
and understandable in the context of the applicable nancial reporting framework.
e assertions for inventory and cost of sales/purchases are linked to the control objectives in the cycle as
shown in Table 8.3.

computerised)?
major control activities speci c to the inventory and production cycle, established either manually or
programmatically (by a computer system) depending on the circumstances involved, are summarised
below.

• Used in conjunction with a proper chart of accounts for transactions related to the production and
inventory cycle.
Table 8.3: The link between the assertions for inventory and cost of sales/purchases, and the control
objectives

Cost of sales/purchases (Inventory)
transactions (Assertions are (Assertions are indicated in bold)
indicated in bold)
Validity Occurrence and Cut-off Existence and Rights
A control achieving the validity of a A control achieving the validity
purchases transaction will ensure control objective for a purchases
the recorded transaction was transaction will ensure that the
properly authorised in accordance inventory items included in the
with management’s policy, that it inventory balance physically exist
took place and that it is supported (existence) and that the entity
by suf cient documentation (thus holds the rights to the inventory
not ctitious) (occurrence) during (rights).
the nancial year to which it
relates (cut-off).
Accuracy Accuracy and Classi cation Accuracy, valuation and allocation

A control achieving the accuracy of A control achieving the accuracy
a cost of sales/purchases control objective for a cost of
transaction will ensure the sales/purchases transaction will
transaction is recorded at the ensure that the cost of inventory is
correct amount (including appropriate (accuracy, valuation
quantities, price and correct and allocation). Furthermore, a
calculations) (accuracy). It will control achieving the accuracy
further ensure that the transaction objective relating to the reduction
has been correctly classi ed, to the cost of the inventory to
summarised and posted to the reduce it to its net realisable value
correct account in the nancial will ensure that the net carrying
records in accordance with its amount of the inventory is
nature (classi cation). appropriate in terms of the
requirements of IAS 2 (accuracy,
valuation and allocation).
Completeness Completeness Completeness With the

A control achieving the completeness control objective for
completeness objective will ensure purchases being achieved, all
that all the purchases transactions inventory purchases be recorded
that occurred during the nancial as a result, and the asset balance
year are recorded in a timely would therefore be complete (i.e.
manner (thus none were omitted) there will be no omissions of
(completeness). inventory (completeness)).
disclosures, and account balances and the related disclosures in the nancial statements. Consequently the
Presentation assertion is not included explicitly in Table 8.3 above.
8.7.1.2 Authorisation and approval
One of the most effective ways to ensure that the validity control objective is met in the cycle is to have the
transaction authorised.
Let’s apply this principle to a typical transaction in this cycle. As soon as a retail entity’s inventory items
reach a certain predetermined minimum level, the inventory will be ordered (after being authorised) from a
supplier, and this will be the commencement of a transaction. On receipt of the goods from the supplier, the
entity will prepare a GRN and the goods will be transferred to the warehouse. e entity then needs to
safeguard the inventory against theft and damage until the inventory is sold to a customer. e customer may
phone or email the entity to place an order for goods. is order will once again have to be authorised before
being processed. If the goods are available in the warehouse, the sales order department will instruct the
warehouse to pick the goods and pack them for despatch. Despatch will deliver the goods to the customer
(after being authorised), who is then invoiced by the accounting department.
Note that in a computerised environment, the authorisation of a transaction may in some cases take
place programmatically without intervention by a senior staff member for each transaction. e purchase
order and/or the internal sales order in the preceding paragraph may be automatically authorised by a
computer program after the program has performed the necessary tests to ensure that, for example, the
predetermined minimum inventory level has been reached or that the customer is still within its credit limit.

e following activities should be performed by different staff members:
• Authorisation of the transaction;
• Recording of the transaction; and
• Control over the assets involved.
e following are examples of duties in the inventory and production cycle that should be performed by
different staff members/departments:
• Requesting the transfer of raw materials to production;
• Authorising the transfer of raw materials to production;
• Physically transferring raw materials from the raw materials warehouse to the factory;
• Recording the transfer of raw materials to production; and
• Custody of the raw materials once in the factory.
In a computerised system, segregation of duties can be achieved through the implementation of user pro les
whereby an employee is only granted access to the part of the accounting system that is necessary for the
performance of the employee’s duties.
8.7.1.4 Access and physical controls

is control activity will include the physical safekeeping of inventory, physical access to inventory storage
areas, and periodic counting of inventory and comparison of the count totals to the inventory records. To be
able to perform this comparison (reconciliation), inventory counts will have to be planned, conducted and
nalised according to certain preset standards and procedures, which are dealt with later in this chapter.

Examples of veri cation checks (the checking of work initially performed by another person or by the
computer system) in the inventory and production cycle include:
• Agreeing raw materials transfer note with the raw materials requisition before authorising the former;
• Agreeing the quantities physically on hand (actual quantities) to those quantities recorded on the entity’s
perpetual inventory system as being on hand (theoretical quantities); and
Checking the completeness of the sequential number order of authorised master le amendment forms
• for missing items and thus incomplete master le amendments.
Reconciliations will usually be performed by a clerk and must be reviewed by a senior staff member. In the
event that the person who is responsible for recording transactions in the accounting records also performs a

e following tables include the most common activities for the inventory and production cycle, and related
internal controls to address the risks associated with each activity.
Have a look at the control table on the next page. You will notice that each ‘what could go wrong/risk’ is
related to a control objective in the column to its right. e control objective is numbered (e.g. ‘A’). e
assertion(s) affected by the ‘what could go wrong/risk’ (and impacted by the related control objective) is
indicated in the next column. In the next two columns, you will nd the control(s) that address the control
objective (linked to the control objective by means of a letter (e.g. ‘A’)). (It follows that these controls then
address the related ‘what could go wrong/risk’.) e additional numbering that you will see in the controls
columns (e.g. ‘1.1’) relates each control to the activity where it belongs.
Note that the controls in a manual system are described in full, whereas only controls additional to the
objectives was discussed in section 4.4.3.2 of Chapter 4. Note that where a control is indicated in the control
underlying risk.
e tables that follow are prepared in the context of a manufacturing entity using a process costing
system. e speci c activities performed, and hence the internal controls, will vary from entity to entity, but
the overall control objectives remain the same for all manufacturing entities. Keep in mind that in a retail
entity, only functions 6, 7 and 8 will apply.
Table 8.4: Storage of raw materials
1 STORAGE OF RAW MATERIALS

| RAW MATERIALS WAREHOUSE |
Activity Responsible Documents What could Control Account/ Manual controls Alte
party and records; go objective assertion and
master les wrong/risks affected con
com
env
com
env
1.1 Raw Inventory Inventory A Inventory Accuracy, 1.1A Implement

Implement materials records could be is properly valuation proper physical
physical warehouse (used for damaged protected and controls, for
controls manager reconciliation (thus against allocation example:
to of physical deteriorating damage. of • Solid
safeguard inventory in value) (Accuracy) inventory. structure
the raw with due to poor buildings;
materials recorded physical • Environmental
in inventory) conditions controls (e.g.
storage. or due to PVC resin in
the nature powder form
of the should be
inventory. kept dry);
• Neatly
packed.
Inventory B Inventory Existence 1.1B Implement 1.1
could be is properly of proper physical Imp
stolen. safeguarded inventory. controls like: com
against • Access acc
theft. controls e.g. con
(Validity) locked, gain
restricted to t
entry, minimal mat
entry and exit war
points into suc
the inst
warehouse; • A
• Surveillance o
cameras; t
• Security
guards. w
•
d
a
t
w
com
env
1.1AB Perform
independent
cycle counts and
reconcile the
physical (actual)
inventory on
hand to the
recorded
inventory
quantities on a
regular basis.
Table 8.5: Production planning
2 PRODUCTION PLANNING
| MARKETING DEPARTMENT, PRODUCTION DEPARTMENT AND FACTORY |
Activity Responsible Documents What could Control Account/assertion Manual

party and go objective affected controls
records; wrong/risks
master
les
2.1 Determine Marketing Production The entity A The entity Accuracy, valuation 2.1AB A
the production manager plan may manufactures and allocation of product
needs of the Production Production manufacture inventory that inventory. plan, ba
entity (type manager schedule too much will be sales
and quantity Factory Production inventory for saleable. forecas
of inventory to manager order which there is (Accuracy) sales b
be no demand, inventor
Factory
manufactured) resulting in of nish
personnel
unsaleable goods,
inventory. econom
product
and ord
custom
should
prepare
product
departm

master
les
The entity B The entity N/A: Operational 2.1AB T
may not manufactures control, no product
manufacture suf cient nancial reporting and any
suf cient inventory to implications. product
inventory to meet the orders s
meet the demands of be revie
demands of its and aut
customers. customers. by the
(No control product
objective manage
applicable as copy sh
this is an sent to
operational factory
control.) manage
2.1AB T
factory
manage
should
copy of
product
plan/pr
orders t
prepare
product
schedu
which th
required
materia
indicate

master
les
Unauthorised C Only Accuracy, valuation 2.1C Th

production authorised and allocation of product
can take production inventory (e.g. manage
place (e.g. takes place. should excess should
entity’s (Operational stock be produced and com
resources control) which is the prod
(labour and unsaleable). schedu
materials) are copy of
misused). product
plan/pr
orders.
2.2 Determine Production Production The factory D The factory N/A: Operational 2.2DEFG
the raw manager schedule may run out has suf cient control, no factory
materials Factory Raw of raw raw materials nancial reporting personn
needed to manager material materials during the implications. should
ful l the Factory requisition during the production a raw m
production personnel production process. requisit
needs process, (Operational based o
established in which will control) quantiti
2.1 and lead to delays required
request the in production. product
raw materials schedu
from the raw
materials
warehouse.

master
les
The factory E The factory Existence of 2.2DEFG
may request has inventory (should factory
too much raw suf cient, but this increase the manage
material not risk of inventory should
which will excessive, being stolen). and com
lead to raw materials N/A: Operational the raw
wastage during the control, no materia
and/or theft. production nancial reporting requisit
The incorrect process. implications. the prod
raw material F The factory schedu
may be has the which th
requested correct raw materia
from the raw materials requisit
materials during the should
warehouse. production authoris
process. him or h
(Operational
control)
The factory G Only raw Existence of
personnel materials inventory (should
could request needed this increase the
raw materials during the risk of inventory
for their own production being stolen).
use and not process are
for of cial requisitioned.
manufacturing
purposes.
Table 8.6: Transfer of raw materials to production
3 TRANSFER RAW MATERIALS TO PRODUCTION

| RAW MATERIAL WAREHOUSE, FACTORY AND ACCOUNTING DEPARTMENT |
Activity Responsible Documents and What could Control Account/assertion Manu

party records; master go objective affected contro
les wrong/risks

les wrong/risks
3.1 Raw Raw materials Incorrect A The raw N/A: Operational 3.1A T
Prepara‐ materials requisition Raw raw materials control, no raw
tion and storemen materials materials transferred nancial reporting mater
transfer transfer note may be match the raw implications. storem
of the raw transferred materials should
materials. to the requisition. match
factory. (Operational raw
control) mater
requis
to the
mater
transf
note.
3.1A T
raw
mater
store
manag
should
compa
the ra
mater
transf
note t
raw
mater
transf
to the
factor
before
raw
mater
are
transf

les wrong/risks
3.2 Inventory Raw materials Raw B All the raw Existence of 3.2B T
Receipt receipting transfer note materials materials inventory (should invent
of raw clerk might be transferred there be a risk that receip
materials (dedicated damaged from the inventory can be clerk
at the factory and/or warehouse are stolen). should
factory. worker) stolen received at the inspec
during the factory and are raw
transfer not damaged. mater
process. (Accuracy, receiv
completeness) the fa
for qu
quant
and
descri
and
compa
them
raw
mater
transf
note.
she sh
sign a
of the
transf
note (
retain
the ra
mater
store)

les wrong/risks
3.3 Inventory Perpetual The transfer C All transfers Classi cation of 3.3CD
Record clerk inventory of the raw of raw inventory. invent
the records/Inventory materials to materials to clerk
transfer master le production production are should
on the may not be recorded. record
perpetual recorded at (Completeness) transf
inventory all. the ra
system. mater
the fa
on the
perpet
invent
system
the
invent
transf
journa
The transfer D Transfers of Accuracy, valuation 3.3C R

of the raw raw materials and allocation of mater
materials to to production inventory. transf
production are accurately notes
may be recorded. should
recorded (Accuracy) seque
inaccurately pre-
in terms of numbe
quantities and th
and item accou
codes. should
regula
review
seque
of tran
notes
record
the
invent
transf
journa

les wrong/risks
Invalid E Only valid Classi cation of 3.3CD

transfers of transfers of inventory. record
inventory raw materials on the
are to production perpet
recorded are recorded. invent
(i.e. no system
actual should
transfer check
took place, the
but a accou
transfer is to ens
recorded). has be
accura
and
compl
record
and th
transf
note e
for ea
record
transf
Table 8.7: Production
4 PRODUCTION
| FACTORY |
Activity Responsible Documents What could Control Account/ Manual Ad

party and go objective assertion controls co
records; wrong/risks affected co
master sy
les
4.1 Products Factory Production Spillage A No theft of Existence 4.1A

are personnel report/Shift Theft inventory of Implement
manufactured. report takes place inventory. proper
during physical
manufacturing controls in
and spillage the factory
is minimised. (refer to
(Validity) function 1
above
(storage of
raw
materials) –
4 PRODUCTION
| FACTORY |

master sy
les
similar
controls
should be
implemented
in the factory.
4.1A The
factory
manager
should
supervise the
entire
production
process and
properly
implement
proper quality
control
procedures
to limit
spillage to a
minimum.
4.1A The
factory
manager
should
compare the
production
reports/shift
reports with
the raw
materials
transfer
notes to
detect
spillage and
theft.
4.1A The
production
manager
should
compare
production
reports with
the
production
4 PRODUCTION
| FACTORY |

master sy
les
orders/plans
to ensure
that all the
production
that was
planned did
take place.
4.1A All the
reports
should be
reviewed and
approved by
senior
management.
Table 8.8: Transfer of nished goods to nished goods warehouse
5 TRANSFER FINISHED GOODS TO FINISHED GOODS WAREHOUSE

| FACTORY, FINISHED GOODS WAREHOUSE AND ACCOUNTING DEPARTMENT |
Activity Responsible Documents What could Control Account/ Manual A

party and go objective assertion controls c
records; wrong/risks affected c
master s
les
5.1 Factory Finished Un nished A Only nished Classi cation 5.1A The
Finished personnel goods goods may goods are of inventory. factory
goods transfer be transferred to foreman
transferred note transferred the nished should
from to the goods compare the
factory to nished warehouse. nished
the goods (Validity) goods
nished warehouse. transfer note
goods to the goods
warehouse. to be
transferred
to the
nished
goods
warehouse.

master s
les
5.2 Receipt Finished Finished Finished B All the Existence, 5.2B

of nished goods goods goods may nished goods completeness Finished
goods at storeman transfer be damaged transferred are and accuracy, goods
the note and/or received at the valuation and storeman
nished stolen nished goods allocation should
goods during the warehouse and (i.r.o. inspect the
warehouse. transfer are not damage) of nished
process. damaged. inventory. goods
(Validity, received at
completeness) the nished
goods
warehouse
for quality,
quantity and
description
and compare
to the
nished
goods
transfer note
and sign the
transfer note
(to be
retained in
the factory)
as evidence.
5.3 Record Inventory Finished The transfer C The transfer Classi cation 5.3C The 5
the clerk goods of the of the nished of inventory. inventory A
transfer on transfer nished goods to the clerk should in
the note goods to the nished goods record the p
perpetual nished warehouse is transfer of c
inventory goods appropriately the nished b
system. warehouse recorded. goods to the th
may not be (Completeness, warehouse in
recorded, or accuracy, on the s
may be validity) perpetual e
recorded inventory th
inaccurately. system via o
Finished the inventory
goods not transfer g
actually journal. w
transferred 5.3C c
to the Finished a
nished goods a

master s
les
goods transfer re
warehouse notes should th
may be be tr
recorded as sequentially re
transfers. prenumbered
and the
accountant
should
regularly
review the
sequence of
transfer
notes
recorded in
the inventory
transfer
journal.
5.3C The
recording on
the
perpetual
inventory
system
should be
checked by
the
accountant
to ensure it
has been
accurately
and
completely
recorded and
that transfer
notes exist
for each
transfer
recorded in
the inventory
transfer
journal.
Table 8.9: Storage of nished goods

6 STORAGE OF FINISHED GOODS – SAME AS FUNCTION 1 STORAGE OF RAW MATERIALS
(The only difference is that the party responsible will be the nished goods warehouse manager and not
the raw materials warehouse manager in function 1)
| FINISHED GOODS WAREHOUSE |
Activity Responsible Documents What could Control Account/ Manual Additional

party and go objective assertion controls controls in a
records; wrong/risks affected computerised
master system
les
6.1 Finished
Implement goods
physical warehouse
controls manager
to
safeguard
the
nished
goods in
storage.
Inventory items returned by customers (e.g. damaged goods and incorrect deliveries) will also have to be
safeguarded and recorded. e sales returns process is covered in Chapter 6. e returned inventory will
form part of the entity’s inventory and therefore it will be subjected to the same processes and controls as the
storage of raw materials and the storage of nished goods in Table 8.4, function 1 and Table 8.9, function 6.
Table 8.10: Cost allocation and updating of inventory records
7 COST ALLOCATION AND UPDATING OF INVENTORY RECORDS

Activity Responsible Documents What could Control Account/ Manual Add

party and go objective assertion controls con
records; wrong/risks affected com
master syst
les
7.1 Cost Perpetual The costs A The costs Accuracy, 7.1ABC The 7.1A
Allocation accountant inventory allocated to allocated to valuation cost cost
of raw records inventory inventory are and accountant can
materials, Labour could be accurately allocation of allocates auto
labour costs incorrectly calculated. inventory. raw allo
and records calculated. (Accuracy) Classi cation material, vari
overhead Overhead The costs B The costs of inventory. labour and cost
costs to cost allocated to allocated to Accuracy, overhead inve
work-in- records inventory inventory are valuation costs to the qua
progress Production could be valid and quantities of man
and reports invalid (not expenditures, allocation of inventory reas
nished Costing applicable applicable to inventory. recorded in che
goods. records to inventory. the still
inventory). (Validity) perpetual requ
inventory Rele
records proc
The
7 COST ALLOCATION AND UPDATING OF costs
INVENTORY C All the costs
RECORDS
| ACCOUNTING DEPARTMENT | allocated to that should
inventory have been
Activity Responsible Documents could
What becould allocated
Control to Account/ Manual Add
party and incomplete.
go inventory
objective are assertion controls con
records; wrong/risks allocated. affected com
master (Completeness) syst
les
based on cont
the app
production ens
records and app
general of c
ledger allo
accounts. (refe
The 5.9
calculation Cha
of the costs 7.1A
allocated to syst
inventory prod
should be vari
reperformed and
(checked) by repo
another inve
staff man
member.
7.1ABC The
actual cost
per
inventory
item should
be
compared to
the
budgeted
cost per
item and
variances
should be
investigated.
7.2 Accounting General The costs D The costs Accuracy, 7.2D The
Recording clerk journal allocated to allocated to valuation recording of
of the inventory inventory are and the
allocated could be correctly allocation of allocated
labour incorrectly recorded. inventory. costs should
and recorded. (Accuracy) be checked
overhead by a second
costs to employee.
nished
goods
inventory.
Table 8.11: Maintenance of inventory records
8 MAINTENANCE OF INVENTORY RECORDS


master
les
8.1 Accounting Inventory Inventory A Additions to Existence and 8.2AB A

Update clerk adjustment items could and deletions completeness of suitable
the form be from inventory inventory. member of
standing Inventory incorrectly items are management
data on master le added authorised should inspec
the and/or and are the supportin
inventory deleted. correctly and documentatio
records, completely for all
which processed. inventory
includes (Validity, adjustments
adding completeness) and authorise
new the
inventory adjustments
items by means of
and his or her
deleting signature.
inventory 8.2AB The
items no accountant
longer should
stocked. compare the
inventory
adjustments
recorded to
the details on
the authorise
inventory
adjustment
forms.
8 MAINTENANCE OF INVENTORY RECORDS

master
les
8.2 Accounting The B Only Existence and

Adjust clerk quantities of authorised completeness of
inventory inventory changes are inventory.
balances items on made to the
by hand are quantities of
changing adjusted inventory
the incorrectly items.
quantities (e.g. to (Validity)
of cover up Changes are
existing theft). accurately
inventory and
items. completely
recorded.
(Accuracy,
completeness)
8.7.3 Controls relating to the conducting of inventory counts

Normally, inventory will be counted at regular intervals throughout the year (referred to as cycle counts) as
well as at year-end (referred to as year-end counts). e major difference between cycle counts and year-end
counts, except for the fact that cycle counts are performed throughout the year and year-end counts only at
year-end, is the inventory items being counted during each count. During a cycle count, ordinarily only
some of the inventory is counted, whereas during a year-end count, all the inventory is counted. Various
methods can be used to determine which inventory items should be counted during a cycle count, for
example fast-moving items, high-value items and randomly selected items.
8.7.3.1 Planning inventory counts

e rst step in the planning of the inventory count is to conduct an inventory count planning meeting in
order to determine a date for the inventory count and the number of people that will be needed to conduct
the inventory count (staff requirements). ereafter, a plan (sketch) of all the areas where inventory is kept
and detailed instructions for the inventory count are prepared.
As part of the planning of the inventory count, staff members are assigned to the different functions to be
performed during the inventory count (e.g. inventory count controller, supervisors and counters) and the
detailed instructions for the different functions are communicated to all staff members involved in the
inventory count.
e stationery needed for the inventory count (e.g. control sheet/register, sequentially prenumbered
inventory count sheets and inventory tags) is printed and/or prepared as part of the planning. e last
activity that has to be performed as part of the planning is to ensure that all the inventory items in the
warehouses and on the sales oor are neatly arranged and that all the areas are numbered according to the
prepared plan (sketch).
WHY? Why is it necessary to arrange all the inventory items in the warehouses and on the
sales oor neatly?
• Will it be easy for the client’s staff to nd items in a disorganised warehouse while the
inventory count is in progress, and will it not be possible to miss some items in the
count?
• How will the counting teams know whether items were counted or not if the inventory is
not neatly organised?
• Will it be possible for the inventory count supervisor to accurately compare the rst and
second counts if inventory is not neatly organised?
8.7.3.2 Conducting inventory counts

During the inventory count, the inventory count controller should ensure that each prenumbered inventory
count sheet issued and received back is recorded on the control sheet/register. Inventory should be counted
by teams of two people and the count teams should count all inventory items twice (preferably by two
different teams), complete inventory count sheets in pen, mark counted items by means of, for example,
stickers or crosses (to prevent double counting and/or no counting), cancel open spaces on the inventory
count sheets and sign inventory count sheets. Count teams should also identify damaged and/or obsolete
inventory during the counting process and indicate it as such on the inventory count sheets.
e count supervisors should perform spot checks on items counted, compare it to the quantities on the
completed inventory count sheets and follow up on any differences identi ed. e inventory count
controller should limit (prohibit/control) inventory movement during the count by means of, for example,
keeping all inventory received during the count separate and keeping a trail of all inventory despatched
during the count. To facilitate this, inventory counts are often scheduled for days on which the entity is
closed for trade.
REFLECTION
Why is it preferable to have two different teams each counting inventory items separately?
• The use of two independent counts will result in any incorrect recording of count quantities as a
result of human error being detected and corrected.
How are large quantities of low-value items (e.g. screws and nails) counted?
• How long will it take to count these low-value items? And more likely than not, errors will be made
when the individual items are counted.
• Therefore, in practice, these small items (e.g. the screws and nails) are ordinarily weighed and the
total weight is converted back to a quantity of items (using the standard weight of each item as
denominator in the equation).
What are the risks if scales are used for weighing inventory items during the inventory count and
how can these be mitigated?
• The scale reading might not be accurate as a result of inaccurate scale readings. But why?
• Over time, scales can lose accuracy due to normal wear and tear as a result of regular use and
age.
• The solution: Each scale used needs to be calibrated on a regular basis to restore the scale’s
results back to the standard/correct weights.
What is the risk if different inventory items are boxed?

• What will happen if box is not opened? The inventory re ected on the outside of the box will be
‘counted’ and recorded on the inventory count sheet as being on hand.
• As a result, should the contents in the box not match the details on the outside of the box, the
inventory recorded on the inventory count sheet (thus the quantities of individual inventory items)
and ultimately in the nancial records (quantities and prices) will be incorrect (either over or
understated).
Why should damaged and/or obsolete inventory items be identi ed during the counting process
and to which inventory assertion does this relate?
• In terms of IAS 2 inventory has to be carried at the lowest of cost price and net realisable value.
• The net realisable value of damaged and/or obsolete inventory will most probably be lower than
its cost price.
• Therefore, damaged and/or obsolete inventory need to be identi ed during the inventory count in
order to write it down.
• As this deals with the carrying amount at which the inventory will be included in the nancial
statements the accuracy, valuation and allocation assertion will be applicable.
What will happen if the inventory count controller does not control inventory movement during the
count and which assertion(s) will be affected as a result?
• If inventory movement is not controlled during the inventory count, the possibility exists than
some items might be double counted and other items might not be counted at all.
• If items are double counted, the existence assertion will be affected; on the other hand if items
are omitted from the count, the completeness assertion will be affected.
Figure 8.5: Counting inventory

Source: Bigstock.
8.7.3.3 Finalising inventory counts

After the counting has taken place, the inventory count controller should inspect the numerical sequence of
the prenumbered inventory count sheets to ensure that all the sheets have been returned and also inspect all
areas where inventory is kept to ensure all inventory items have been marked as counted. e inventory
count controller should further compare the quantities counted by team one and team two and, if
differences are found, he or she should recount those inventory items, and record the actual quantity on
hand.
e nal inventory count sheets should then be sent to the inventory clerk for comparison to inventory
quantities recorded in the physical inventory records. Any differences identi ed should be followed up and
adjustments to the inventory quantities should be made following the process and controls described in
function 8.2 in Table 8.11 (Maintenance of inventory records).
Cycle illustration: The inventory and production cycle at
8.8 Ntsimbi Piping
8.8.1 Background to inventory and production
Ntsimbi Piping is engaged in the manufacturing of a broad range of PVC products and its principal products
are PVC pipes and PVC mouldings. e company buys raw materials such as PVC resin, which is supplied in
powder form, and various additives and pigments from the entity’s suppliers, and manufactures the PVC
products at the manufacturing plant.
Figure 8.6: PVC pipe production line

Figure 8.7: Ntsimbi factory oor plan
Ntsimbi Piping makes use of process costing and the manufacturing process takes place at Ntsimbi Piping’s
manufacturing plant in Cape Town. e manufacturing plant consists of a raw materials warehouse, the
production line and the nished goods warehouse (refer to the factory oor plan shown in Figure 8.7). e
manufacturing plant is situated in a secure building, has only one controlled entry and exit point and entry is
restricted to warehouse and factory employees only. Access to the manufacturing plant is controlled by
means of a ngerprint reader.
8.8.2 Storage of raw material

• Function performed by Ntsimbi Piping’s raw materials warehouse.
• Louis Lynwood (supervisor in the raw materials warehouse)
• Jonathan Maliti (storeman: raw materials warehouse)
• Hayley Stanford (storeman: raw materials warehouse).
On receipt of the raw materials from Abdul Paruk (goods receiving supervisor at Ntsimbi Piping’s designated
receiving bay), all the necessary internal controls regarding the receipt of the raw materials are performed
(refer to Chapter 7). e raw materials are then packed into the raw materials warehouse by Jonathan Maliti
and Hayley Stanford. e areas and/or shelves where each inventory item has to be packed are clearly
marked and the storemen pack the inventory according to these designated spaces. Louis Lynwood is
responsible for supervising the storemen and ensuring that the raw materials are neatly packed and
protected against damage.
8.8.3 Production planning

• Function performed by Ntsimbi Piping’s production planning department.
• John Buckley (production manager)
In order to ensure efficient and effective operations, Ntsimbi Piping’s marketing department prepares a
production plan, based on, among other things, sales forecasts, sales budgets, inventory levels of nished
goods, economic production runs and orders from customers. is production plan is reviewed and
authorised by John Buckley, the production manager, after which a copy is sent to Raymond Harris, the
production manager in the factory.
Raymond Harris uses his copy of the production plan to prepare production schedules on which the
required raw materials are indicated, after which he sends it to John Buckley for review and approval. As part
of John Buckley’s review procedures, he compares the production schedules to the copy of the production
plan.
After the approval of the production schedules, John sends them to personnel at the factory where they
are used to prepare raw materials requisitions based on the quantities on the production schedules.
Raymond Harris reviews and compares the raw materials requisitions to the production schedules, after
which he authorises the raw materials requisitions by signing them. e authorised raw materials
requisitions are then sent to the raw materials warehouse.
8.8.4 Transfer raw materials to production

• Function performed by Ntsimbi Piping’s raw materials warehouse, factory, and accounting
department.
• Louis Lynwood (supervisor in the raw materials warehouse)
• Jonathan Maliti (storeman: raw materials warehouse)
• Hayley Stanford (storeman: raw materials warehouse)
• andi Sebokwe (inventory clerk: accounting department)
• Jason Naidoo (senior bookkeeper: accounting department).
On receipt of the authorised raw materials requisitions at the raw materials warehouse, either Jonathan
Maliti or Hayley Stanford selects the requested raw materials and prepares a raw materials transfer note. e
selected raw materials are then compared to the raw materials transfer note by Louis Lynwood, after which
the raw materials are transferred to the factory.
On receipt of the raw materials at the factory, a designated factory worker inspects the raw materials
received at the factory for quality, quantity and description and compares them to the raw materials transfer
note. He signs the raw materials transfer note as evidence.
andi Sebokwe (inventory clerk in the accounting department) records the transfer of the raw materials
to the factory from the raw materials transfer notes on the perpetual inventory system via the inventory
transfers journal (raw materials). Jason Naidoo (senior bookkeeper) checks the recording to ensure that the
raw materials transfer notes have been accurately and completely recorded and that only valid transfers were
recorded.
8.8.5 Production
• Function performed by Ntsimbi Piping’s factory.
• Lindiwe Xolile (factory supervisor)
• Saul Mkhize (operations director).
e production process is supervised by Lindiwe Xolile (factory supervisor). e production process for PVC
pipes, for example, starts with a mixture of the material, followed by shaping the mixture around a cast. e
casts are made the exact width of the pipe. e mixture is poured into a cast and surrounded by an outer
shell. e complete set is then placed into an oven to be cooked. Once the pipe has solidi ed, it is cooled and
moved into nishing. Sections of the pipe are then cut based on common sizes and needs. e sections are
then coated in a chlorine solution to prevent harmful bacteria from growing during shipping and use. Once
the coating has dried, the ends of each section are nished. If the pipe is a smooth connection, the top of the
pipe is sanded down to ensure a perfectly at surface. For tted pipes, a machine engraves a series of grooves
into the pipe. As the grooves are cut, high-pressure water is sprayed on the pipe to remove excess PVC
fragments. After the grooves have been added, the ends are smoothed and the sections are sent for testing to
ensure quality. e pipes are tested for their seal, connection (on grooved sections), and strength. If a section
fails at any point in the process, it is sent back to be melted down and reconstructed. 1 Most of the controls
over these processes to ensure that a quality product is manufactured are operational controls and fall
outside the scope of this text.
Raymond Harris (production manager) is ultimately responsible for the entire production process and he
ensures that proper quality control procedures are implemented to limit spillage to a minimum. He
compares the production reports prepared by Lindiwe Xolile (factory supervisor) with the raw materials
transfer notes in order to detect spillage and theft, after which the production reports are reviewed and
approved by Saul Mkhize (operations director).
8.8.6 Transfer nished goods to nished goods warehouse

• Function performed by Ntsimbi Piping’s factory, nished goods warehouse, and accounting
department.
• Lindiwe Xolile (factory supervisor)
• Jan Steenkamp (storeman: nished goods warehouse)
• andi Sebokwe (inventory clerk; accounting department)
• Jason Naidoo (senior bookkeeper; accounting department).
After production and the quality control process have been completed, Lindiwe Xolile prepares a nished
goods transfer note, which Raymond Harris compares to the physical nished goods being transferred to the
nished goods warehouse.
On receipt of the nished goods at the nished goods warehouse from the factory, Jan Steenkamp
(storeman in the nished goods warehouse) inspects the nished goods for quality, quantity and description
and compares them to the nished goods transfer note. He signs the nished goods transfer note as
evidence.
andi Sebokwe (inventory clerk in the accounting department) records the transfer of the nished
goods from the factory to the nished goods warehouse from the nished goods transfer notes on the
perpetual inventory system via the inventory transfers journal ( nished goods). Jason Naidoo (senior
bookkeeper) checks the recording. It is necessary for him to do this to ensure that the nished goods transfer
note has been accurately and completely recorded and that only valid transfers were recorded.
8.8.7 Storage of nished goods

• Function performed by Ntsimbi Piping’s nished goods warehouse.
• James Price (supervisor in the nished goods warehouse)
• Jan Steenkamp (storeman: nished goods warehouse).
On receipt of the nished goods from the factory and after all the necessary internal controls regarding the
transfer of the nished goods to the nished goods warehouse have been performed, the nished goods are
neatly packed into the nished goods warehouse. Similar processes and controls to those in the raw
materials warehouse are in place.
8.8.8 Update of costing records

• Function performed by Ntsimbi Piping’s accounting department.
• Imraan Daniels (cost accountant)
• andi Sebokwe (inventory clerk).
Imraan Daniels (cost accountant) performs the calculation of the raw material, labour and overhead costs to
be allocated to inventory (based on approved production reports) and prepares the journal entries to record
these. James Khumalo ( nancial manager) reperforms the calculations and compares the actual cost per
inventory item to the budgeted cost per item to detect spillage and theft, and variances are investigated.
James then authorises the journal entries for processing.
andi Sebokwe (inventory clerk) records the journals in the general ledger. e recording of the journals
is checked by Jason Naidoo (senior bookkeeper).
8.8.9 Inventory counts

Independent cycle counts and the reconciliation of the physical inventory on hand with the recorded
inventory quantities are performed on a monthly basis. Ntsimbi Piping also conducts a year-end inventory
count. A plan of all the areas where inventory is kept (e.g. raw materials warehouse, the factory itself, nished
goods warehouse), as well as an inventory count manual which contains all the instructions for the inventory
counts, was prepared by the accountant prior to the rst inventory count and is reviewed and updated prior
to every inventory count. e stationery needed for the inventory count (e.g. control sheet/register, inventory
count sheets and inventory tags) is printed as necessary.
As part of the rst step in the planning of the inventory count, count planning meetings are conducted in
order to determine dates for the inventory count and the number of people that will be needed to conduct
the inventory count (staff requirements). As part of the planning of the inventory count, staff members are
assigned to the different functions to be performed during the inventory count (e.g. inventory count
controller, supervisors and counters) and the detailed instructions for the different functions are
communicated to all staff members involved in the inventory count. e warehouse managers and Raymond
Harris (production manager in the factory) ensure that all the inventory items in the warehouses and in the
factory are neatly packed and that all the areas are numbered according to the prepared plan.
During the inventory count, the inventory count controller ensures that each inventory sheet issued and
returned is recorded onto the control sheet/register. Inventory is counted by teams of two and all inventory
items are counted twice by two different teams. Inventory sheets are completed in pen and all counted
inventory items are marked by means of stickers. Open spaces on the inventory sheets are cancelled, and
damaged and/or obsolete inventory is identi ed by the count teams and indicated as such on the inventory
sheets. e supervisors perform spot checks on items counted, make comparisons with the quantities on the
completed inventory sheets and follow up on any differences identi ed. e inventory count controller
controls inventory movement during the count by keeping all inventory received during the count separate.
After the counting has taken place, the inventory count controller inspects the numerical sequence of the
inventory sheets to ensure that all the inventory sheets have been returned and inspects all areas where
inventory is kept to ensure all inventory items were marked as counted (i.e. have a sticker on them). e
inventory count controller also compares the quantities counted by team one and team two and if
differences are found, recounts those inventory items.
ese quantities on the count sheets are compared by the inventory clerk to the quantities on the
perpetual inventory system. If differences are noted, the inventory clerk prepares an inventory adjustment
form which is submitted to the accountant. e accountant inspects the supporting documentation for all
inventory adjustments and authorises the adjustments by means of his or her signature.
8.8.10 Maintenance of inventory records

• Function performed by Ntsimbi Piping’s accounting department.
• andi Sebokwe (inventory clerk)
James Khumalo ( nancial manager) inspects the supporting documentation for all inventory adjustments
(e.g. resulting from differences between actual and theoretical quantities identi ed during cycle counts, and
changes to the type of products used by the company, etc.) and authorises these adjustments by signing the
inventory adjustment forms. andi Sebokwe (inventory clerk) then records the adjustment, using the
authorised inventory adjustment forms, on the inventory master le, having accessed this application using
her username and password. Jason Naidoo (senior bookkeeper) then compares the adjustments recorded to
the details on the inventory adjustment forms.
1. Which one of the following is not an objective of the inventory and production cycle? (LO 1)
a) Authorisation of inventory acquisition
b) Safeguarding inventory against theft and damage
c) Controlling the movement of inventory during the production process
d) Recording the movement of inventory during the production process
2. Which one of the following assertions will be affected if an entity’s inventory is not safeguarded against
theft? (LO 7 & 10)
a) Existence of inventory
b) Completeness of inventory
c) Rights to inventory
d) Accuracy, valuation and allocation of inventory
3. Which one of the following assertions will be affected if an entity’s inventory is not safeguarded against
damage? (LO 7 & 10)
a) Existence of inventory
b) Completeness of inventory
c) Rights to inventory
d) Accuracy, valuation and allocation of inventory
4. Which one of the following statements regarding inventory counts is incorrect? (LO 12)
a) e only difference between cycle counts and year-end counts is the fact that cycle counts are
performed throughout the year while year-end counts are only performed at year-end.
b) As part of the planning of an inventory count, all the inventory items need to be neatly arranged
and all the areas need to be numbered according to the prepared plan.
c) Inventory movement should be carefully controlled during an inventory count.
d) If differences are found between the quantities counted by the two different counting teams, those
items should be recounted.

5. e inventory and production cycle is applicable to all businesses, irrespective of whether the business’s
operations entail the selling of goods or the rendering of services. (LO 1)
6. Computer technology that can be applied in the inventory and production cycle is barcode scanning.
e barcodes of the inventory items can then be scanned with either a hand-held or a xed barcode
scanning device whereafter the entity’s physical inventory records will be manually updated with the
scanned quantities. (LO 8)
7. If the accuracy control objective is achieved in an entity’s inventory and production cycle, the risk of
material misstatement regarding the accuracy, valuation and allocation of the business’s inventory will
be reduced. (LO 9 & 10)
8. e authorisation of a request for raw materials from the raw materials warehouse will always be a
manual control activity. (LO 12)
9. To achieve the accuracy of inventory and production transactions, the transaction should be recorded at
the appropriate amount. An appropriate amount would be calculated correctly and the transaction
should also be correctly classi ed and correctly summarised and posted to the entity’s accounting
records. (LO 10)
10. Explain why and how the purpose of the inventory and production cycle will differ for a retail entity and
a manufacturing entity. (LO 1)
11. Explain how the other business cycles link to the inventory and production cycle. (LO 2)
12. Which general ledger accounts are affected by the inventory and production cycle? (LO 2)
13. Describe the functional areas in the inventory and production cycle and list the documents and records
applicable to each of the functional areas. (LO 4)
14. Describe the ow of the transactions in the inventory and production cycle through the information
system, including the use of source documents and accounting records. (LO 5)
15. What are the duties of the counting teams while conducting an inventory count? (LO 12)
16. What are the duties of the inventory count controller when planning for, conducting and nalising an
inventory count? (LO 12)
17. Explain the difference between a business’s actual inventory and its theoretical inventory. (LO 3)
18. Why does a business compare its actual inventory to its theoretical inventory? (LO 3)
19. Identify the weakness with regard to the storage of inventory in the following paragraph, assuming that
the entity is a retailer:
On transfer of the goods from the goods receiving section into the raw materials warehouse, the
warehouse clerk compares the physical goods to the GRN and acknowledges receipt by signing the
GRN. Any discrepancies are reported to the warehouse supervisor immediately. e goods are then left
at the entrance to the warehouse and moved into the warehouse when the warehouse personnel have
free time available. (LO 11)
20. Describe two controls that can be implemented in a business to ensure that inventory is not damaged.
(LO 12)
1 [Online]. Available: http://www.ehow.com/how-does_4969093_what-manufacturing-process-pvc-pipes.html.

Human resources cycle CHAPTER 9
Henriëtte Scholtz
CHAPTER CONTENTS
Learning outcomes
9.3 What information system is used in this cycle?
9.8 Cycle illustration: e human resources cycle at Ntsimbi Piping
LEARNING OUTCOMES

balances.
6. Identify and describe the risks of material misstatement in the cycle affecting account balances, classes
of transactions and events in the nancial statements.
9. Describe how internal controls may assist in achieving the control objectives for the cycle and how
11. Design a system of internal controls, both manual and computerised, which will achieve the cycle’s
control objectives.
IN THE NEWS
SA’s national minimum wage could hurt small rms and rural workers
27 April 2017
Cape Town – South Africa is set to adopt a national minimum wage of R20,00 per hour. There are
questions as to whether this is enough to be termed a victory for the country’s working poor. If
historical trends continue, this might be bene cial only for some workers. Others, especially those in
small rms and rural areas, may not be so fortunate.
Workers in rural areas and those currently working in small enterprises could be particularly
susceptible to job losses as a result of the national minimum wage. The wage bill acknowledges
these vulnerabilities. Its recommendations provide temporary exemption for small employers in
particular, but none for rural jobs. That means that workers in rural areas could be adversely
affected. With its raging unemployment and many low-paying jobs, South Africa faces a dilemma as it
introduces a national minimum wage. Higher wages are necessary for better living standards; but
wage growth can potentially exacerbate already high unemployment and consequently reduce living
standards. Simple economic models predict that minimum wages destroy employment. However,
decades of intense research show that the basic model is not an empirical certainty in all
circumstances. Consensus is slowly shifting, with greater recognition for the role of minimum wages
in reducing inequality. Latin America is a case in point where inequality was initially extreme, but
declined (at least partially) in response to minimum wages at the turn of the century. One might
expect the same bene ts in South Africa, which has remained close to the top of world inequality
rankings.1
National bus strike seems to be inevitable

10 April 2018
Cape Town – Golden Arrow Bus Services (Gabs) and transport unions have warned of a looming
national bus strike.
The warning follows a deadlock in annual wage negotiations, between the employers association
and ve transport unions: SA Transport and Allied Workers Union (Satawu), Transport and Allied
Workers Union of SA (Tawusa), Transport and Omnibus Workers’ Union (Towu), National Union of
Metalworkers of SA (Numsa) and Tirisano Transport Workers Union (Taswu). The negotiations started
at the SA Road Passenger Bargaining Council (SARPBAC) National Bargaining Forum in January. The
unions proposed a one-year 12% across the board (ATB) wage increase agreement with a minimum
basic wage of R8 000, while employers offered a three-year agreement with 7% ATB for the rst year,
7.25% for 2019 and 7.5% for 2020. According to Satawu, employers want to keep the current basic
minimum wage of R6 070 and only increase it by the agreed ATB. Those entering the industry for the
rst time this year would be paid the basic minimum wage of R6 070, regardless of whether the
hiring company has a higher minimum wage. The two parties were issued a certi cate to strike by the
CCMA. The two parties were also given a 30-day cooling-off period, which expires on April 16.’ Golden
Arrow would therefore like to inform its passengers that unless an agreement is concluded by April
16, it is likely that a 48-hour notice of pending strike action will be issued. This means that a
national bus industry strike could commence on April 18,’ said Gabs spokesperson Bronwen Dyke-
Beye.2
Ghost employees loot coffers3
25 March 2018
Durban – In one month alone last year, eThekwini Municipality allegedly paid more than R1,2 million
to individuals for work they never did. This has been revealed in a forensic investigation report
compiled by the city integrity and investigations unit (CIIU). The report focuses on ‘ghost employees’
in the city’s Expanded Public Works Programme (EPWP) and payments of in ated daily rates to
individuals. It was established that 71 individuals were paid R950 per day for 43 days during May
2017, which had 22 working days. These payments amounted to just over R31 000 net pay per
month, a huge amount for EPWP workers who are usually paid a pittance, it is alleged. In total, a
minimum amount of R1,2 million was fraudulently paid in that month alone to individuals who never
performed any duties for the EPWP programme, reads the report, which was signed off by CIIU head
Mbuso Ngcobo. During the month of July (2017) these individuals disappeared from the EPWP payroll
subsequent to the CIIU investigation. ‘Those individuals will be dealt with in a separate report,’ said
Ngcobo.

of the cycle?
9.1.1.1 Nature
e human resources cycle (sometimes referred to as the payroll cycle) relates to the paying of salaries and
wages to employees of the company and related expenses (e.g. UIF, medical aid contributions), which results
in an out ow of funds from the company. Expenses paid for salaries and wages are often a material expense
for organisations and cash could also be involved where wages are paid to employees personally rather than
into their bank accounts.
WHAT What if the entity is a manufacturing concern? Why are the salaries and wage expenses
of these entities particularly important from a nancial reporting perspective?
IF? For manufacturers, the wage expenses will also in uence the inventory valuation assertion
(because of the requirements of IAS 2 Inventories).
is cycle is at risk of contributing to material misstatements in the nancial statements for possible fraud
(misappropriation of assets), rstly as remuneration could be paid in cash (necessitating cash on hand on
the premises), and secondly for the creation of ctitious (or ghost) employees (refer to the news story: ‘Ghost
Employees’ on the previous page). Salaries and wages are also usually a major expense for most entities,
which increases the risks of material misstatements arising as a result of the large numbers involved. Wages
often also comprise small amounts being paid per transaction, but with a high volume of transactions, which
may increase the inherent risk of material misstatements arising in wages.
Payments of salaries and wages are typically internally generated transactions without any supporting
external documentation, which makes the documentation less reliable from an auditing perspective as it
lacks involvement of objective third parties (this is discussed in more detail in Chapter 11, section 11.6).
Furthermore, compensation paid to employees may include elements such as contributions to retirement
plans and share options, which require speci c disclosure in the nancial statements.
Difference between salaries and wages

Salaries are:
• Fixed predetermined amounts and the basic salary is not affected by the hours worked;
• Paid monthly; and
• Normally paid by electronic funds transfer (EFT) or, in some cases, with cheques.
Wages are:
• Paid only for productive hours worked;
• Usually paid weekly or fortnightly; and
• Sometimes paid in cash (or more recently also by way of EFT).
9.1.1.2 Purpose
e main purpose of the cycle is to address:
• Appointment of personnel, authorisation of any changes to salaries and wages rates and deductions, and
maintenance of personnel records;
• Time keeping and control over hours worked;
• e preparation of salary and wage transactions and the recording of these transactions;
• Preparation of the salaries and wages to be paid;
• Payment of salaries and wages; and
• Paying over of deductions to the relevant parties (e.g. SARS).
In terms of the accounting function, salaries and wages are recorded as expenses (debited) in the Statement
of Comprehensive Income (in manufacturing concerns, some of these expenses are later transferred to
inventory in the Statement of Financial Position) and the bank account is credited for the payment made.
Provisions for leave pay and deductions from remuneration not yet paid over at year-end (i.e. medical aid
payments not yet paid over) should be provided for at year-end as liabilities. It is imperative that all salary
and wage expense transactions are recorded, all calculations are performed and recorded accurately, all
payments and deductions are authorised and that all deductions are paid over timeously (or provided for if
not paid over at year-end) otherwise the nancial statements will re ect an incorrect picture of the true
performance of the entity.
9.1.2 Relationship with other cycles

Figure 9.1 shows the human resources cycle’s relationship with other cycles.
Figure 9.1: Relationship with other cycles

e nature of processes and accounting and internal control systems relating to salaries and wages will differ
from entity to entity. It will depend, among other things, on the labour intensiveness of the entity and
whether it is a manufacturing, retail, wholesale or service company. As with other business cycles, one will
have to search far and wide to nd two entities in which the human resources cycles are exactly the same. As
a result, the source documents, records and controls used in the cycle differ among entities. Although the
principles and objectives of sound internal control and the general cycle risks facing businesses are similar
for all entities, each business will have to implement its own particular controls and will have its own way of
initiating, recording, processing and reporting transactions in the cycle.
erefore, a proper understanding of the purpose of the cycle and the typical risks a business faces when
salaries and wages transactions take place is crucial.
e type of business and the requirements of the workforce in uence how the wage and salary system
operates:
• If a business is situated in a crime-prone area, it will be dangerous to pay wages in cash and the business
may decide to make payments by EFT.
• A large business may have difficulty paying out wages to its large workforce in cash as it will take a lot of
time, and may decide to make payments by EFT.
• A business with employees who are illiterate, located in a remote area with employees who do not have
bank accounts, or with employees who prefer to receive their wages in cash, may decide to pay the wages
in cash.
• To keep track of time worked, a business may decide to use a manual clock card system if it is situated in a
factory, time sheets if staff work at remote locations, or technologically advanced biometric systems, such
as a ngerprint reader or swiping of employee cards.
No matter what business type or circumstances, as a result of this cycle, funds will ow out of the
business in the form of salaries and/or wages and related expenses.
A business will have to implement proper internal controls in its human resources cycle to ensure
that proper record is kept of time worked and that the paying of wages and salaries is properly
handled and recorded.

• A typical wage transaction in the human resources cycle will originate from the appointment of an
employee. en a wage rate has to be set, deductions have to be authorised and a record of the time
worked has to be kept.
• For a salary transaction to commence, a salaried employee has to be appointed, a monthly salary rate has
to be set and this, as well as the deductions, have to be authorised.
• Deductions transactions commence when the employee is to be paid for the rst time and part of the
remuneration is due to third parties (e.g. medical aid, pension fund, and SARS speci cally in respect of
SITE, PAYE and UIF).
As soon as one of the above triggers occurs, the human resources cycle becomes applicable and the internal
controls within the cycle will start.
When does the cycle end?

• When the salary or wage has been paid over (including unpaid wages) and recorded in the accounting
records, the human resources cycle for the particular salaries and wages transactions is completed.
• When the deductions made from salaries and wages are paid over to the third parties, the deductions are
recorded in the accounting records, and the returns containing pertinent deduction information have
been submitted to the third parties, the deductions transactions are complete.
e cycle will repeat itself every time a new transaction takes place.
CRITICAL THINKING
How is a salary or wage transaction recorded in the accounting records?
A wage transaction is ordinarily recorded when the clock cards or time sheets are received and then
posted to the wage journal/payroll. An employee listing is obtained from the personnel division that
contains the wage amounts and deductions in respect of each employee. A payment of the net wage
is then made. The payment is recorded in the cash book and posted by debiting the wages account
and crediting the bank account in the general ledger.
Salary transactions are recorded on a monthly basis when the updated employee listing, which
includes employee names and gross salaries and deductions in respect of each employee, is
received from the personnel division. This is then posted to the salaries journal.
The payment of the net wage is then recorded in the cash book and debited to the salaries
account, crediting the bank account in the general ledger.

Transactions in the human resources cycle must be recorded in the accounting records of the business and
must be allocated to the relevant general ledger accounts. Understanding which accounts are affected by a
speci c transaction will enable a better understanding of the risks involved in the transaction’s path through
the cycle.
e following accounts are affected by the human resources cycle:

• Salaries (gross, including fringe bene ts);
• Wages (gross, including fringe bene ts);
• Commission expenses;
• Bonuses; and
• Leave pay expenses.
Refer to the notes to the nancial statements of Ntsimbi Piping for information on directors’ emoluments (page
21). Also refer to its Detailed Income Statement in the supplementary information (page 26) and note the line
item ‘Employee costs’.
• Inventory (direct wages form part of the cost of inventory for a manufacturing concern);
• Bank;
• Accruals for deductions payable (e.g. pension, medical aid and PAYE); and
• Provision for leave pay.
Refer to the Statement of Financial Position of Ntsimbi Piping (page 7). Note the line item ‘Trade and other
payables’ with a balance of R13,381,893. Refer to note 11 (Trade and other payables) (page 19). e amount of
R1,191,473 for ‘other payables’ would include liabilities accrued for any deductions from employees’
remuneration not yet paid over to third parties.
9.1.6 Applicable accounting standards, legislation, listings

requirements and corporate governance principles
e accounting standards discussed below may be applicable to disclosure of the human resources cycle in
9.1.6.1 IAS 19: Employee bene ts

IAS 19.7 states that an employee may provide services to an entity on a full-time, part-time, permanent,
casual or temporary basis. Employees include management and directors.
IAS 19 de nes the term ‘employee bene ts’ in paragraph 8 as all forms of consideration given by an entity
in exchange for services rendered. IAS 19 establishes the principle that the cost of providing employee
bene ts should be recognised in the period in which the bene t is earned by the employee rather than when
it is paid or payable, and outlines how each category of employee bene ts is measured, providing detailed
guidance about post-employment bene ts in particular.
Employee bene ts are divided into four categories:

1. Short-term bene ts (IAS 19.8–9)
• Short-term bene ts are de ned as those that are due to be settled within 12 months after the end of the
period in which the employee renders the service. Short-term employee bene ts include wages, salaries,
paid annual leave and sick leave, bonuses payable within 12 months after the end of the period, and
non-monetary bene ts such as housing, medical care and free or subsidised goods or services.
Termination bene ts are excluded from short-term bene ts.
• For short-term employee bene ts, the undiscounted amount of the bene ts expected to be paid in
respect of services rendered by employees in a period should be recognised in that period as an
expense. (IAS 19.11)
• e entity should recognise the expected cost of pro t-sharing and bonus payments when, and only
when, it has a legal or constructive obligation to make such payments as a result of past events and a
reliable estimate of the expected cost can be made. (IAS 19.19)
2. Post-employment bene ts (IAS 19.8, 26–27)

• Post-employment bene ts are de ned as those that are payable after the completion of employment.
Post-employment bene ts include retirement bene ts such as pensions and lump-sum payments and
post-employment life insurance and medical care. Post-employment bene t plans are classi ed as
either de ned contribution plans or de ned bene t plans, depending on the economic substance of the
plan. Termination bene ts are excluded from post-employment bene ts. e accounting treatment for a
post-employment bene t plan is determined according to whether the plan is a de ned contribution or
a de ned bene t plan:
• Under a de ned contribution plan, the entity pays xed contributions into a fund but has no legal or
constructive obligation to make further payments if the fund does not have sufficient assets to pay all
of the employees’ entitlements to post-employment bene ts.
• A de ned bene t plan is a post-employment bene t plan other than a de ned contribution plan.
ese would include both formal plans and those informal practices that create a constructive
obligation for the entity in respect of its employees.
Accounting treatment for de ned contribution plans

For de ned contribution plans, the cost to be recognised (as an expense) in the period is the
contribution payable in exchange for services rendered by employees during the period. (IAS 19.51)
If contributions to a de ned contribution plan do not fall due within 12 months after the end of
the period in which the employee renders the service, they should be discounted to their present
value. (IAS 19.52)
Accounting treatment for de ned bene t plans

For de ned bene t plans, the amount recognised in the Statement of Financial Position should be
the present value of the de ned bene t obligation (that is, the present value of expected future
payments required to settle the obligation resulting from employee service in the current and prior
periods), reduced by the fair value of plan assets at the end of the nancial reporting period. (IAS
19.8, 63)
3. Other long-term bene ts (IAS 19.8, 153)

• Other long-term bene ts are de ned as those that are not due to be settled within 12 months after the
end of the period in which the employee renders the service. Other long-term bene ts include long-
service or sabbatical leave, long-service bene ts, long-term disability bene ts, pro t sharing and
bonuses payable 12 months or more after the end of the period and deferred compensation payable 12
months or more after the end of the period. Termination and post-employment bene ts are excluded
from these bene ts.
• IAS 19 requires a simpli ed application of the model described above for de ned bene t plans for the
accounting for other long-term bene ts. (IAS 19.155–156)
4. Termination bene ts (IAS 19.8,141)

• Termination bene ts are de ned as those that are payable as a result of either:
• e entity’s decision to terminate employment before normal retirement date; or
• e employee’s decision to accept a voluntary redundancy package in exchange for those bene ts.4
• Termination bene ts are normally a lump sum, but can also include enhancement of retirement
bene ts or of other post-employment bene ts through an employee bene t plan, or a salary until the
end of a speci ed notice period.
Accounting treatment for termination bene ts

For termination bene ts, IAS 19 speci es that amounts payable should be recognised as a liability
and expense at the earlier of the following dates: (IAS 19.165)
• When the entity can no longer withdraw the offer of those bene ts; and
• When the entity recognises costs for a restructuring that is within the scope of IAS 37 and
involves the payment of termination bene ts.
9.1.6.2 IFRS 2: Share-based payments

Shares and share options are generally used by businesses as part of employees’ remuneration packages.
IFRS 2 deals with all share-based payments and de nes the concept of share-based payments to include
more than just employee share options. IFRS 2 identi es three types of transactions (IFRS 2.2):
1. Equity-settled share-based payment transactions, in which the entity receives goods or services as
consideration for equity instruments of the entity (including shares or share options);
2. Cash-settled share-based payment transactions, in which the entity acquires goods or services by
incurring liabilities to the supplier of those goods or services for amounts that are based on the price (or
value) of the entity’s shares or other equity instruments of the entity. Transactions involving share
appreciation rights fall into this category; and
3. Transactions in which the entity receives or acquires goods or services and the terms of the
arrangement provide either the entity or the supplier of those goods or services with a choice of whether
the entity settles the transaction in cash (or other assets) or by issuing equity instruments.
Let us look at the recognition and measurement of these transactions:

• Equity-settled IFRS 2 transactions: e issuance of shares or rights to shares requires an increase in a
component of equity. IFRS 2 requires the off-setting debit entry to be expensed when the payment for
goods or services (i.e. the service rendered by the employee) does not represent an asset. e expense
should be recognised as the employee renders services that entitle him or her to the equity instruments.
• Cash-settled IFRS 2 transactions: e consideration for such payments is recognised when it is received
(i.e. immediately or over any vesting period), with a corresponding liability.5
9.1.6.3 Legislation and regulations regarding the disclosure of directors’ emoluments
9.1.6.3.1 Companies Act and other regulations

Section 30 of the Companies Act 71 of 2008 requires that the remuneration and bene ts of each director and
prescribed officer of a company that must be audited in terms of the Companies Act be disclosed separately.
Disclosure of information about directors’ emoluments is also required in terms of IAS 24 on Related Party
Disclosures. King IV™ increased the transparency and accountability of directors’ remuneration. King IV™
requires the disclosure of why directors earned the salaries they have earned, while King III required and the
Companies Act requires disclosure of the amount. King IV™ disclosure requires a clear justi cation for the
amounts awarded (Principle 14 paragraphs 26–39).6
e JSE Listings Requirements (section 8.63), further, requires extensive disclosure of directors’
emoluments paid by every listed company, including disclosure of each individual director’s remuneration
and bene ts, as well as those of any director who has resigned during the reporting period.
REFLECTION
Look up the requirements of the JSE Listings Requirements in relation to the disclosure of directors’
emoluments. Then select a listed company, nd its nancial statements and see if you can nd out
whether it complies with these requirements.
9.1.6.3.2 Labour legislation

When employing staff, employers must comply with the following labour legislation:
1. e Basic Conditions of Employment Act 75 of 1997

is Act permits the Minister of Labour to set minimum terms and conditions of employment, including
minimum wages. In South Africa, minimum wages are set per sector. e minimum wage is the lowest
hourly, daily or monthly wage that employers may legally pay employees or workers.7
2. Labour Relations Act 66 of 1995

is Act governs disputes relating to unfair dismissal and unfair practices in employment, and regulates the
resolution of disputes between employers and employees, as well as the relationship between employers and
trade unions.8
e Commission for Conciliation, Mediation and Arbitration (CCMA) was created in terms of the Labour
Relations Act to resolve disputes between employers and employees. e CCMA is a dispute resolution body.
It is an independent body and does not belong to and is not controlled by any political party, trade union or
business.
e CCMA will:
• Conciliate workplace disputes;
• Arbitrate disputes that remain unresolved after conciliation;
• Facilitate the establishment of workplace forums and statutory councils;
• Compile and publish information and statistics about its activities; and
• Consider applications for accreditation and subsidy from bargaining councils and private agencies.
e CCMA may:
• Supervise ballots for unions and employer organisations; and
• Give training and advice on:
• e establishment of collective bargaining structures;
• Workplace restructuring;
• Consultation processes;
• Termination of employment;
• Employment equity programmes; and
• Dispute prevention.9
9.1.7 Executive remuneration
IN THE NEWS
Executive remuneration
Executive remuneration remains a controversial topic, especially in South Africa where the wealth
gap between rich and poor is still on the increase (Wray, 2008).10 With the nancial crises it is not
surprising that executive remuneration attracted the attention of investors, the media, the public at
large, trade unions and researchers. The following extracts and headlines from recent media articles
provide examples:
• Executive pay remains one of the most discussed topics within remuneration. The relativity of
executive pay compared to other staff members is placed increasingly under the microscope as
the world is faced with more evidence that wealth inequality is continually on the rise. (10 April
2018)11
• Executive remuneration is under scrutiny in the UK as politicians, the public and investors
demand a clampdown after a wave of big pay-outs. (12 April 2018)12
• Why it is time to curb the madness of executive pay (9 May 2016)13
• Shareholders demand the right to limit executive pay (23 Feb 2018)14
• King IV™ tightens corporate remuneration (1 November 2016)15
• Can the grim reality of published pay ratio really curb executive pay? (6 September 2017)16
9.1.8 Deductions from employees’ remuneration17
DID YOU KNOW?

An employer may not make any deductions from an employee’s remuneration unless the employee
agrees in writing to the deduction in respect of a debt speci ed in an agreement or the deduction is
required or permitted in terms of law, a collective agreement, a court order or an arbitration award.

9.2.1 Description of the functional areas in the cycle
From the moment a transaction in the cycle is triggered (appointment of an employee) to the time that the
salary or wage and deductions are paid and recorded, many actions take place to ensure that the transaction
is executed properly and that it is properly recorded in the accounting records.
e salary and wages cycle can be split into the following functional areas:
1. Personnel;
2. Time keeping (wage-earning employees only – if the company has no wage-earning employees, this
functional area is omitted);
3. Calculation and recording of salaries and wages and deductions;
4. Payment preparation and payment of salaries and wages;
5. Payment of deductions; and
6. Recording of salary and wage transactions in the accounting records.
A brief summary of each functional area for a typical manufacturing company, such as Ntsimbi Piping,
follows:
1. Personnel
Purpose: To ensure that proper appointment and dismissal procedures are followed and appropriate
records are kept for all staff.
Main activities: Recruitment, appointments, dismissals, salary and wage negotiations, labour disputes,
maintenance of personnel records, issuing of employment contracts, wage rate and salary adjustments,
deductions, communicating any amendments of salaries or wages, de ning job descriptions, employee
development and performance appraisal procedures.
Persons involved in this area: Human resources clerk, human resources manager/director, appointments
committee, line managers.
WHY? Why is the responsibility for appointing wage-earning employees and setting new wage
rates assigned to the personnel division and not to the foreman who oversees the
employee?
The foreman can create ctitious (ghost) employees or be subjective when appointing
employees or changing wage rates, leading to employee dissatisfaction.
WHAT What if an employee is kept on the payroll after resignation? What might the nancial
implications for the business be?
IF? The salary and wage expense of the entity will be excessively high, resulting in loss of
pro ts to the entity.
2. Time keeping (wage-earning employees only – if the company has no wage-earning workers, this
functional area is omitted)
Purpose: To ensure that valid, accurate and complete time records are kept for wage-earning employees, in
order to ensure that wages are paid only for hours actually worked.
Main activities: Preparation and issuing of clock cards, supervision during the clocking in and out process,
collection of clock cards after a wage week, calculation and authorisation of hours worked.
Persons involved in this area: Time keeping clerks, line managers (such as factory foremen).
3. Calculation and recording of salaries and wages and deductions

Purpose: To calculate and record gross salaries and wages, deductions from salaries and wages, and the
resulting net salaries and wages.
Main activities: Receiving of clock cards (for wages), calculation of wages and salaries, and preparation of
salary and wage journals (payroll).
Persons involved in this area: Payroll clerks, payroll manager.
4. Payment preparation and payment of salaries and wages

Purpose: To ensure that accurate and complete payments are made to employees and to ensure that
payments have occurred and are authorised (valid).
Main activities: Requesting funds (cash or otherwise) for payment of wages and salaries, safe-keeping of
cash (for wages), preparation of payslips, making-up and checking of wage packets (applicable to wages paid
in cash only), payment of salaries and wages, safekeeping and payment of unclaimed wages (applicable to
wages paid in cash only).
Persons involved in this area: Payroll clerks, payroll manager, senior manager (to authorise payments),
division foreman (applicable to wages paid in cash only), and person responsible for unclaimed wages
(applicable to wages paid in cash only).
WHY? Why are the wage clerks responsible for the preparation of the payroll and not the wage-
earning employees’ supervisor (such as the divisional foreman)?
If the supervisor handles both functions, this will result in insuf cient segregation of
duties. The supervisor may be able to create ctitious employees and steal the wages of
those employees.
5. Payment of deductions
Purpose: To ensure deductions have occurred and are authorised, that the deductions to the relevant third
parties are calculated accurately and that all the deductions are paid over.
Main activities: Preparation of returns, paying over of deductions.
Persons involved in this area: Administrative assistant in payroll division or accounting department,
accountant, senior manager (to approve payments).
6. Recording of salary and wage transactions in the accounting records

Purpose: To ensure that transactions have occurred and are authorised, are recorded accurately and
completely and to ensure that the salary, wage and third-party transactions are classi ed correctly in the
general ledger.
Main activities: Posting of the salary, wage and third-party transactions to the relevant general ledger
accounts from, among other things, the wage and salary journals.
Persons involved in this area: General ledger clerk, payroll clerk, accountant/ nancial manager.

HUMAN
PAYROLL DIVISION
RESOURCES PAYROLL DIVISION ACCOUNTING DEPARTMENT
(ADMINISTRATIVE)
DIVISION
1. Personnel 2. Time keeping 3. Calculation and 5. Payment of deductions

recording of salaries and 6. Recording of salary and
wages wage transactions in the
4. Payment preparation accounting records
and payment of salaries
and wages

9.3.1 Accounting for salaries, wages and related transactions
Salaries and wage transactions form part of expenses in the Statement of Comprehensive Income.
Deductions from employees’ salaries that have not yet been paid over to the relevant third parties have to
be provided for in the Statement of Financial Position as liabilities. A provision for leave pay must also be
created at the end of the nancial reporting period.
CRITICAL THINKING
How will wages in a manufacturing concern be dealt with in the nancial statements?
Salaries and wages for a manufacturing concern include direct labour and indirect labour costs.
Direct labour costs are those amounts paid in respect of those employees who spend all their time
working directly on the product being manufactured. Indirect labour costs are the amounts paid in
respect of other factory employees involved in production.
The direct and indirect salaries and wages related to manufacturing (as part of overheads) in
respect of work-in-progress and nished goods on hand will form part of the cost of inventory. That
related to nished goods sold will be included as part of the entity’s cost of sales gure in the
Statement of Comprehensive Income.
Figure 9.2: Documents and records in the human resources cycle
Proper record keeping of new appointments, hours worked (on clock cards), payroll amendment forms,
deduction authorisation forms and termination of service forms in journals (such as the salaries and wages
journals) and in the general ledger is therefore critically important for reliable nancial reporting. Should the
information system (including the accounting system) fail to ensure proper record keeping, an entity’s salary
and wage expenses might be materially misstated (and for a manufacturing concern the value of inventory
may also be materially misstated).

A list of supporting documents, records, reports and reconciliations that may be found in the human
resources cycle is discussed below.
1. Request for new appointment form

A request for new appointment form is completed by the supervisor in charge of the division where a new
appointment is required; this is done to alert the human resources division that such appointment is
required for operational reasons. is form will, among other things, indicate the job title, proposed date of
appointment and reporting lines of the proposed appointment.
2. Employment contract
An employment contract is issued on the appointment of an employee and sets out the rights and
obligations of the employer and employee in respect of the employment.
3. Employee le
An employee le has to be kept for each employee. Copies of the employment contract and other relevant
personal documents relating to the employee, for example a copy of the ID document, have to be kept in
these les. ese les can be kept electronically.
4. Scale/tariff amendment form

A scale/tariff amendment form is completed each time an employee’s pay rate is adjusted.
5. Deduction authorisation form
A deduction authorisation form has to be completed and signed by the employee for all deductions that are
made from the employee’s salary, other than compulsory deductions such as employee tax and UIF. Copies
of these forms may be led in the employee le.
6. Termination of service form
If an employee resigns or his or her service is terminated for another reason, a termination of service form
needs to be completed and signed by the employee.
7. Master le amendment form (computerised systems only)
A master le amendment form is completed in a computerised system each time a new employee is
appointed, or an employee resigns and each time tariffs or deductions are changed on the employee master
le. For example, if a new employee is appointed, the appointment letter will be attached to the master le
amendment form as a supporting document for the amendment to the master le (i.e. the creation of the
new employee record on the master le).
8. Time sheets/clock cards (wage-earning employees only)
Time sheets/clock cards are distributed to wage-earning employees at the beginning of a wage week. e
employee details, such as employee name, employee number, division in which the employee works and
date are recorded on the time/clock card. ese cards are used to record the hours actually worked by the
wage-earning employee. Alternatively, a magnetic card system could be used, or a biometric reader, in which
case no clock or time card will be handed out, as the time worked will be recorded automatically by the
computer system based on the times at which the employee used the magnetic card or biometric system to
enter and leave the work area.
Example: Refer to document 4F in the appendix at the end of the book.
9. Returned paid cheque or deposit or payment records or EFT logs
e log generated by the bank’s EFT system or, in some cases, the returned paid cheque is proof of the
payment made to the employee.
10. Payslip (wage/salary record)

e payslip contains full details relating to each payment made to and deductions from the employee’s
salary or wage for the payment period, as well as the year-to-date totals for payments/deductions. It is
provided to the employee when the payment of the wage or salary is made.
Example: Refer to document 4G in the appendix at the end of the book.
11. Unclaimed wages register
Details of employees who did not collect their wages during a wage pay-out are recorded in the unclaimed
wages register.
12. Monthly/weekly returns for deductions
Returns must be completed for third parties (e.g. SARS for SITE, PAYE and UIF, medical aid fund and pension
fund) stipulating the details of the amounts paid over. ese details will correspond to the deductions made
in respect of the third party from employees’ salaries and wages. e details contained in these returns
typically include employee names, employee numbers and numbers relating to the returns (e.g. medical aid
number). Returns are done monthly, quarterly, biannually or annually as required by the third party.
1. Wages journal
e wages journal is used to record all the wage-earning employees’ names and details, and for each
employee the normal time and overtime hours worked, and the wage rates and deductions made from the
employee’s wage. e gross and net wages, as calculated, are also indicated here.
2. Salaries journal
e salaries journal is used to record all the salary-earning employees’ names and details, and for each
employee the salary rate and deductions made from the employee’s salary. e gross and net salary
amounts, as calculated, are also indicated here.
3. General ledger
transactions that occurred in the various business cycles of an entity. e general ledger facilitates the
compilation of a trial balance and the nancial statements. It further enables a double-entry bookkeeping
function, which controls the recording of transactions in an accounting system (e.g. a debit to the salary or
wage account will always be matched to a credit to the bank account). In addition to salaries and wages
ledger accounts, control accounts relating to the various deductions will have to be set up.

Employee master le
Manual system equivalent: List of employees
e employee master le is a database on an entity’s computer system containing all permanent (standing)
data relating to the entity’s employees. e standing data includes data elds such as the employee’s name,
employee number, pay rate and deductions. If, for example, a new employee is appointed, the employee
name and pay rate on the appointment letter will be entered into the computer system and stored in the
employee master le. is will be done by means of a master le change, supported by a master le
amendment form (refer above).
9.3.4 Reports
Employee listing (summary list of all employees)
e employee listing is generated from the employee master le for computerised systems. A computer
application will typically allow a user to choose which information (data elds) to include on the list (e.g.
employee’s number, employee’s name, remuneration details, and deductions). In a manual system, a
manual list could be set up in writing or typed out to include the employee’s name, employee number,
remuneration details, and deductions.
1. Salary/wage reconciliation
A salary/wage reconciliation takes place between the totals of the salary and wage journals for a speci c
period and the totals of the previous period’s salaries or wages journal respectively, and the total budgeted
salaries/wages. e total number of employees can also be reconciled to the previous period’s number.
2. Salary/wage bank account reconciliation

Salaries and wages should be paid from a separate bank account (i.e. not the company’s normal bank
account). Just enough funds are transferred to this separate bank account for the payment of the salaries or
wages in the particular payment period. e balance in the salary/wage bank account should be zero after
the payment of salaries and wages. A reconciliation between the salary and wage journal and the
salary/wage bank account should be performed after the transfer of salaries and wages has been done if the
balance is not zero to identify the reason(s) for the difference and then to rectify it.
WHY? Why is it necessary to have a separate salary/wage bank account?
It will facilitate effective control over the payment of salaries and wages. While there will be
timing differences between recording the transaction and payment, the amount transferred
and the cash out ows for salaries and wages should always net off to zero. If they do not
net off to zero, there is a problem somewhere and being able to identify the difference
timeously will help to rectify the problem promptly.
9.3.6 Illustration: Transaction ow in the human resources cycle

e following diagrams in Figure 9.3 show the typical ow of a wage or salary transaction through the cycle.
e entity illustrated has both wage-earning and salaried employees.
You should expect to encounter scenarios where the ow of the transactions, names, types and numbers
of copies of documents and application of internal controls differ from the one illustrated. Any salary and
wage system should, however, address the risks facing the cycle in order to achieve the control objectives of
validity, accuracy and completeness of nancial information relating to this cycle.
ere are various risks relating to the nancial information produced in the human resources cycle.

• Not all human resources transactions, expense transactions or accrual events are recorded or provided for
(i.e. expenses are incomplete and incomplete accruals are raised at year-end for third-party payments not
yet paid over). is risk will lead to:
• Inaccurate pro t gures, which will incorrectly portray a more favourable nancial performance for
the entity as reported in the Statement of Comprehensive Income;
• Incomplete liabilities will incorrectly result in a more favourable liquidity or solvency ratio as reported
in the Statement of Financial Position.
• Salary or wage expenses are invalid, resulting in a reduction of pro ts, and possibly the understatement of
the entity’s taxable income. Invalid expenses may include transactions that were never authorised (e.g.
paid to employees who resigned/were dismissed) or transactions that never took place (i.e. ctitious
transactions recorded by management to understate deliberately pro ts and taxable income).
• Invalid (i.e. ctitious or unauthorised) liabilities or assets (for wages allocated to inventory) are recorded,
resulting in potentially material misstatements in the entity’s nancial statements.
• Salary or wage transactions are not recorded accurately leading to expenditure and assets (inventory)
being inaccurate. Such misstatements may occur where hours worked by wage-earning employees are
inaccurately recorded in the wage journal from the clock card. For example, the clock card indicates that
the worker worked ve hours’ overtime. e wage clerk records the overtime as 50 hours. e result is that
the wages (or inventory if wages are allocated to inventory) are incorrectly recorded.

Misappropriation risks relate to misstatements in the nancial statements as a result of ctitious employees
being on the payroll. Such risks include, among other things:
• Fictitious employees appear on the payroll and:
• e cash amounts set out for the wages of wage-earning employees are stolen; or
• e electronic payments of the salaries or wages go to the bank account of an invalid party.
In addition to the loss of entity resources (cash) as a result of these misappropriations, the effect on the
nancial statements is that salaries and wages expenses are incorrect as the transactions did not occur.
In order to reduce or eliminate the above-mentioned nancial and misappropriation risks, management
must implement and maintain a system of internal controls to achieve the control objectives of validity,
accuracy and completeness of nancial information related to the human resources cycle.

Various computer technologies can be applied in the human resources cycle. Some examples of such
technologies follow.
9.5.1 Access control systems

ere are three types of authenticating information that could be used when an automated access control
system is used:
1. Something the user knows, for example a password, pass-phrase or PIN;
2. Something the user has, such as a smart card; and/or
3. A characteristic of the user, such as a ngerprint, which is veri ed by biometric measurement, for
example biometric authentication.
9.5.1.1 Keypad access control systems

Keypad access control systems require employees to have a PIN to gain entry to the company’s premises. If
the services of an employee are terminated or there is a need to change the security access code, the keypad
access control systems will allow the employer to change the secure PIN immediately.
9.5.1.2 Card access control systems

Card access security systems require employees to have a designated card to gain access to the company’s
premises. Card-connected access control technologies use employee smart cards to extend central access
control to standalone and mobile (e.g. padlock) locks.
In a card-connected access control system, standalone electronic locks and physical access control
systems communicate by reading and writing digitally signed data to and from smart cards. In this way,
cardholders become an extension of the physical access network, where the cards, instead of wires, carry
information to and from the standalone locks.18
9.5.1.3 Biometric authentication
Biometrics (or biometric authentication) refers to the identi cation of humans by their characteristics or
traits. Biometric access control and security systems scan the employee’s ngerprint or iris (eye) to ensure
that the employee has clearance to enter the company’s premises. A ngerprint or iris scanner is installed at
the entrance to the company’s premises.
If a ngerprint scanner is installed, employees must place their thumb on the ngerprint reader to gain
access. is ngerprint scanner will compare the ngerprint placed on the ngerprint scanner with the
ngerprint recorded on the master le of the company. If the ngerprint on the scanner matches the
ngerprint on the master le, access will be granted to the premises (the same applies for the iris scan). Note,
however, that biometric-controlled entry systems are expensive.
9.5.1.4 Bene ts of access control systems

e ngerprint scanner, access card and keypad systems record the entrance and exit times of the employee
and software can be installed to calculate the hours automatically, and allocate this between normal and
overtime hours. Reports can be viewed or printed. Examples of such reports are hours worked per employee,
total hours worked for a day or week, hours split between normal and overtime, late arrivals, employees
leaving early or absent employees.
9.5.2 Payroll software

ere are several payroll software programs available that can help businesses with calculating payroll (gross
remuneration, deductions and net remuneration). Payroll software can be integrated with time keeping
devices to record employee attendance more efficiently and effectively. Some payroll software has an
integrated attendance system where an employee will clock in and clock out using the software, to create an
attendance record.
e payroll software can also generate an in-depth analysis of staff costs across multiple departments and
for the business as a whole. With most payroll software, other employee information, such as pension and
medical aid subscriptions, sick leave, and other leave can easily be tracked. e payroll software can also be
interlinked with banks’ EFT systems to make payments to employees more efficiently and effectively.
IN THE NEWS
Payroll fraud - how to detect and ght it19
18 May 2016
One of the biggest tips for business owners is to become suspicious if a member of your payroll
department never goes on leave, arrives early and leaves late. This should raise a red ag, as this
person may be taking steps to ensure that nobody else does their job and cannot discover their
crime.
There are three types of payroll fraud to look out for:
1 Ghost employees
The hardest type of payroll fraud to orchestrate and detect, but also potentially the most lucrative, is
the engineering of a ghost employee. The employee that is created is either ctional or could be a
real person who doesn’t work for the company he or she is being paid by. The payroll administrator
will add the ghost employee to the payroll and then the monthly salary will be paid. If it’s a wage
employee, then this is more dif cult to prove, but with electronic payments a payment trail is left and
can be spotted.
2 False wage claims

Employees who want to increase their monthly income will le false wage claims. Incidentally, it is
also one of the types of payroll fraud where employees experience less guilt. They could be adding
extra hours to their timesheets for hours not worked, getting colleagues to clock in and out for them,
or if they are sales executives, to exaggerate their sales gures to get paid extra commission.
3 False expense claims

The most prevalent type of payroll fraud is the submission of false expense claims. This type of fraud
comes with an ‘everyone does it’ mindset, where employees see it is as being acceptable and not
fraudulent. These include personal expenses being submitted as business expenses, expenses
submitted for events or purchases that never happened, submitting duplicate claims and in ating
claims.
Fighting payroll fraud

The following controls can be put in place to ght payroll fraud:
1 Proper separation of duties

One effective way to mitigate the risk of payroll fraud in your business is to assign responsibility for
different payroll duties to different people.
2 Invest in automated solutions

A robust payroll solution will reduce the possibility of human error in, or tampering with, your payroll –
reducing opportunities for payroll fraud and enabling you to more easily provide accurate and timely
information to SARS.
3 Bank account and ID number veri cation

In order to identify ghost employees, you need to follow a few steps when you pay a person on your
payroll. Ensure that the person exists, that he or she is the person you wish to pay, that the bank
account you will credit exists, and nally, that the bank account belongs to the person you intend to
pay.

An EFT salary or wage transaction involves the transfer of money from the business bank account to an
employee’s bank account by means of a computer and a network linking those computers (such as a wide
area network or the internet). Refer to Chapter 5 for controls over EFT transactions.

also applies to the entity’s human resources cycle. Should an entity not be able to avoid these risks, the salary
and wage transactions recorded in its accounting records may be invalid, inaccurate or incomplete, leading
to eventual misstatements in its nancial statements.
that salary and wage transactions (including related transactions) are valid, and are completely and

Validity, accuracy and completeness of salary and wage information comprise the control objectives that
management strives to achieve to address the major risks present in the cycle.
To ensure that the salary and wage transactions are valid, salary and wage transactions should be
genuine. In other words, there is authorisation for the appointment of new employees, actual employees are
appointed (no ctitious employees), all deductions made from the salaries and wages are authorised by the
employee (other than deductions regulated by legislation, e.g. SITE, PAYE and UIF) and all bene ts awarded
to employees are properly authorised. To be valid, salary and wage and related transactions should also be
recorded in the nancial period to which they pertain. Lastly, the transactions should be supported by
sufficient documentation.
To ensure that salary and wage transactions are accurate, a transaction should be recorded at the
appropriate amount. An appropriate amount is an amount that has been calculated correctly and paid at
approved scale and tariff (e.g. for wage-earning employees, the correct hours worked and the correct wage
tariff should be used).
Salary and wage transactions should also be correctly classi ed in the journals, according to the policy of
the company (e.g. directors’ emoluments classi ed into its component parts). An appropriate amount
should be summarised (e.g. the total of the payroll) and posted correctly to the appropriate general ledger
account according to the policy of the business (e.g. direct wages that form part of the cost of inventory of the
company).
To ensure that salary and wage transactions are complete, all salary and wage and related transactions in
a given period should be recorded in the correct nancial period in a timely manner. No salary or wage
transaction should be omitted from the entity’s accounting records or recorded in the incorrect nancial
period.
Table 9.2 looks at the consequences if the control objectives are not achieved.
Table 9.2: Control objectives and consequences if not achieved
CONTROL
CONSEQUENCE IF CONTROL OBJECTIVE IS NOT ACHIEVED
OBJECTIVE
Validity Overstatement of expenses (inventory for a manufacturing concern) and

provisions
Accuracy Over or understatement of expenses (inventory for a manufacturing concern) or

provisions
Completeness Understatement of expenses (inventory for a manufacturing concern) or provisions

(This could be less of a risk as employees will complain if they do not receive the
correct amounts.)

e control objectives are achieved through the proper implementation and operation of an information
system, including an accounting system and related internal controls, in an entity. Note that the control
objectives can be achieved either manually (i.e. a person performs the internal control) and/or by computer
(i.e. a computer performs the control).
control objectives.
Validity of salary and wage transactions:

• e authorisation of a new appointment by the managing director or head of each section and the
authorisation of termination of employees (that will lead to valid employees being paid at valid rates and
valid terminations of employment having occurred);
• Obtaining the employee’s signature (employee’s approval) for any deductions (other than deductions
regulated by legislation, e.g. SITE, PAYE and UIF) made from the employee’s salary or wage;
• Segregating the duties of the appointment of employees from those of creating the employee records on
the employee master le to minimise the risk of ctitious employees or ctitious hours appearing in the
salaries and wages journals; and
• Ensuring that only deductions for which an authorised deduction form exists are deducted from
employees’ salaries and wages and paid over to third parties. is can be achieved by, for example,
requiring employees to sign a deduction form and using these as supporting documentation for master
le changes relating to the deductions.
Accuracy of salary and wage transactions:

• Recording correct hours from time sheets or clock cards by, for example, having an independent person
review the calculations and recording on the clock cards and in the wage journal;
• Recording correct and properly authorised authorised tariffs and fringe bene ts from the employment
letter or tariff adjustment form onto the wage or salary journal by, for example, having an independent
person review the tariffs and fringe bene ts in the wage and salary journals;
• Recording correct deductions from the deduction authorisation form or deduction tables by, for
example, implementing proper input controls around this area;
• Ensuring the mathematical correctness of calculations for hours, tariffs and bene ts as well as
deductions on supporting documentation and in the accounting records (e.g. journals and general
ledger) by, for example, having an independent person review or reperform the calculations;
• Classifying the deductions correctly as expenses or provisions according to the company’s chart of
accounts by, for example, having an independent person review the classi cations; and
• Ensuring that disclosures of directors’ remuneration and share-based payments are appropriate and
clear by, for example, having an independent person review the disclosures.
Completeness of salary and wage transactions:

• Ensuring that there is a salary or wage recorded for each employee of the business for the period under
review by, for example, regular reviewing of the employee les against the employee listing;
• Ensuring that all deductions are paid over to related third parties in a timely manner by, for example,
reconciling deductions from month to month and reviewing the balances on the deduction control
accounts in the general ledger;
• Recording the salaries and wages transactions in the correct week or month in which they occurred by,
for example, having the computer system record salaries and wages transactions automatically on
payment;
• Recording the deductions in the correct accounting period by, for example, having the computer system
record deductions simultaneously with the related salaries and wages transactions; and
• Recording the provision for deductions and leave pay in the correct accounting period by, for example,
management review of the relevant journals prior to processing.

achieved) will result in salaries and wages (and related account balances) being misstated in the accounting
records, which will in turn result in the nancial statements being misstated.
e process of recording a transaction in the nancial records, and thus for it to be included in the
During a transaction’s journey through an entity’s information system, it will be subject to numerous internal
controls that help it along the way to ensure that the control objectives are achieved. e transaction will
only reach its destination appropriately if it ends up in the nancial statements in a manner that achieves the
accounting system and related internal controls. In this way, the control objectives contribute to the
appropriateness of the assertions made by management in the nancial statements and will indirectly result
in the latter being free from material misstatement.
CYCLE CASE STUDY

Account balances
Note the line item ‘Trade and other payables’ with a balance of R13,381,893. Also refer to note 11
(Trade and other payables) (page 19). The amount of R1,191,473 for ‘other payables’ includes
liabilities accrued for any deductions from employees’ remuneration not yet paid over to third parties.
• In relation to existence, liabilities for deductions not yet paid over making up the balance exist
(i.e. the constituent liabilities are not ctitious).
• In relation to obligations, Ntsimbi Piping is the party liable to pay the amounts making up the
balance. The liability is not that of another entity.
• In relation to accuracy, valuation and allocation, the balance of the liabilities for deductions not
yet paid over is considered an appropriate amount (e.g. the balance re ects the appropriate
value of the underlying liabilities due to be paid in the future). Further, any adjustments as to the
value or allocation of the underlying liabilities have been recorded appropriately, and also any
related disclosures have been appropriately measured and described.
• In relation to completeness, all liabilities for deductions not yet paid over, and which are
liabilities of Ntsimbi Piping, have been recognised as such in the nancial statements
(notwithstanding the measurement thereof, which is dealt with separately under the accuracy,
valuation and allocation assertion), and all related disclosures have been included.
• In relation to classi cation: the liabilities not yet paid over and which are liabilities of Ntsimbi
Piping have been classi ed as liabilities (i.e. have been classi ed as liabilities of Ntsimbi Piping
in the Statement of Financial Position).
• Presentation: All the nancial information presented and described in the nancial statements
has been appropriately presented in terms of the nancial reporting framework and has been
clearly expressed to avoid ambiguity. For instance, vague descriptions have been avoided.
Transactions and events

Refer to the Notes to the Annual Financial Statements of Ntsimbi Piping – speci cally note 14
(Operating Pro t) (page 19). Note the item ‘Employee costs’ in the amount of R7,392,144. Also refer
to note 20 (Directors’ emoluments) (page 21).
• In relation to the occurrence assertion, salary and wage transactions amounting to R7,392,144
did in fact take place (they occurred and are not ctitious) and also pertain to Ntsimbi Piping.
• In relation to accuracy, the salary and wage transactions making up the total have been
recorded at correct amounts (e.g. in terms of the correct salary and wage tariffs and, in the case
of wages, the correct number of hours worked) and related disclosures have been appropriately
measured and described.
• In relation to completeness, all salary and wage transactions that took place during the nancial
year and which pertain to Ntsimbi Piping have been recorded and included in employee costs and
all related disclosures have been included.
• In relation to cut-off, all the salaries and wages included in the total relate to transactions that
took place within the nancial year (i.e. the transactions concerned relate only to hours worked
between the rst and last day of the nancial year (inclusive of both days)).
• Classi cation implies that all transactions constituting the total of R7,392,144 should indeed
have been classi ed as employee costs and should not have been reclassi ed to, for example,
inventory.
• In relation to the presentation assertion, all the nancial information presented and described in
the nancial statements has been appropriately presented in terms of the nancial reporting
framework and has been clearly expressed to avoid ambiguity. For instance, vague descriptions
have been avoided.
• All the nancial information presented and described in the nancial statements has been
appropriately presented in terms of the nancial reporting framework and has been clearly
expressed to avoid ambiguity. For instance, vague descriptions have been avoided.
e assertions for the classes of transactions and account balances impacted by the human resources cycle
are linked to the control objectives in the cycle as shown in Table 9.3.

computerised)?
major control activities particular to the human resources cycle, performed either manually or
programmatically (by a computer system), are summarised below.

• Used in conjunction with a proper chart of accounts for transactions related to the human resources
cycle.
Table 9.3: Assertions for salaries and wages and the related account balances
CONTROL MANAGEMENT ASSERTIONS

OBJECTIVE
CONTROL Classes of transactions andMANAGEMENT
events ASSERTIONS
Account balances Deductions accrued
OBJECTIVE Salaries and wages (Assertions are (Assertions are indicated in bold)
Classes ofintransactions
indicated bold) and events Account balances Deductions accrued
Salaries and wages (Assertions are (Assertions are indicated in bold)
indicated in bold)
Validity Occurrence and Cut-off Existence and Obligation
Controls achieving the validity objective Transactions for the accrual of
for appointment and payment of deductions that pertain to the entity
employees will ensure that the recorded were authorised and actually took
transactions pertain to the entity, were place, will result in the raising of a
authorised, actually took place (i.e. are liability that is approved, is genuine and
not ctitious) and are supported by is the obligation of the entity (existence
suf cient documentation (occurrence) and obligation).
and further ensure that they have been
recorded in the nancial period to which
the transactions relate (cut-off).
Accuracy Accuracy and Classi cation Accuracy, valuation and allocation and
A control achieving the accuracy Classi cation
objective for salaries and wages will A control achieving the accuracy
ensure that the transaction is recorded objective for transactions for the
at the correct amount (including accrual of deductions making up a
employee, rates and deductions and liability will ensure that the gross
correct calculations) (accuracy). It will valuation of the liability is appropriate.
further ensure the transaction has been Furthermore, a control achieving the
correctly classi ed, summarised and accuracy objective for any transaction
posted to the correct account in the resulting in a valuation or allocation
nancial records in accordance with its adjustment to the gross amount of the
nature (classi cation). liability will ensure that the net amount
of the liability is accurately valued,
allocated and classi ed (accuracy,
valuation and allocation and
classi cation).

A control achieving the completeness A control that ensures that all
objective for salaries and wages will deductions that were deducted from
ensure that all transactions that employees’ salaries and wages are
occurred during the period are recorded recorded in a timely manner will ensure
in a timely manner. that all deductions not yet paid over are
raised as liabilities and included in the
nancial records in a timely manner
(completeness).
to management being able to properly present both classes of transactions and events and related disclosures,
and account balances and related disclosures in the nancial statements. Consequently, the Presentation
assertion is not included explicitly in the table above.
9.7.1.2 Authorisation and approval
One of the most effective ways to ensure the validity of the human resources cycle is to have the new
appointment of employees authorised (before they have taken place) or changes approved (ideally before
they are implemented). In most cases, authorisation and approval is a duty carried out by management.

e general principle of sound segregation of duties applies to the cycle. Segregation of duties should make it
as difficult as possible for a single employee to commit fraud without being found out by another employee,
or without collusion between two or more employees.
e following activities will be performed by different staff members:

• Initiation of transaction;
• Authorisation of transaction;
• Execution of transaction;
• Recording of transaction; and
• Payments relating to the human resources cycle.
e person who initiates the transactions (e.g. requests the appointment of an employee, which will
normally be the line manager), should not be the person who executes the transaction (e.g. should not be
solely responsible for making the nal recommendation for appointment – normally the section head) and
should not be the person who authorises the transaction (e.g. the personnel manager normally signs the
appointment letter and appointment documentation). ese persons should also not be allowed to record
the transaction in the salary or wage journal (recording should take place in the payroll department).
In a computerised system, segregation of duties can be achieved through the implementation of user
pro les whereby an employee is only granted access to that part of the accounting system that is necessary
for the performance of the employee’s duties.

e function of checking differs from the review and authorisation/approval function, which is usually
carried out by senior staff. In the human resources cycle, the casting and calculations in the salary and wage
journal (if manually prepared) will be checked by another salary or wage clerk. e making up of the wage
envelopes will be checked by another payroll clerk. In a computerised system, many of the checking
functions are obviated by the processing and calculating power of the computer if the design of the
underlying software application code is error-free.
ere are two major reconciliations in the cycle that were previously described in section 9.3.5 of this
chapter: the reconciliation of the totals of the salary and wage journals to those of the previous periods and
the salary or wage bank account reconciliation. Both reconciliations are carried out by clerks, but will be
reviewed by senior staff in both manual and computerised environments.

e following tables include the most common activities and related internal controls for the human
resources cycle to address the risks associated with each activity.
Have a look at the control table two pages on from this page. You will notice that each ‘what could go
wrong/risk’ is related to a control objective in the column to its right. e control objective is numbered (e.g.
‘A’). e assertion(s) affected by the ‘what could go wrong/risk’ (and impacted by the related control
objective) is indicated in the next column. In the next two columns, you will nd the control(s) that address
the control objective (linked to the control objective by means of a letter (e.g. ‘A’)). (It follows that these
controls then address the related ‘what could go wrong/risk’.) e additional numbering that you will see in
the controls columns (e.g. ‘1.1’) relates each control to the activity where it belongs.
Note that the controls in a manual system are described in full, whereas only controls in addition to the
objectives were discussed in section 4.4.3.2 of Chapter 4. Note that where a control is indicated in the control
underlying risk.
e tables are for a manufacturing business, such as Ntsimbi Piping, which prepares and pays salaries
and wages using its own staff (i.e. it does not use an external company performing the payroll function). e
speci c activities performed, and hence the internal controls, will vary from entity to entity, but the overall
control objectives remain the same for all entities.
Table 9.4: Personnel
1 PERSONNEL
| PERSONNEL DEPARTMENT |
Activity Responsible party Documents What could go Control objective Account/assertion M

and records; wrong/risks affected
master les
1.1 Line manager Request for Unauthorised A Occurrence of 1

Appointment making the appointment appointments Appointments salary and wage m
of new request (e.g. Appointment could occur. are authorised. transactions. re
employees. supervisor) letter Fictitious (Validity) Occurrence of a
Management employees B Employees salary and wage a
Master le
approves may be on the salary transactions. a
amendment m
Human form included in and wage
resources (HR) the salary or system are th
manager, Log of wage journal. actual s
committee master le employees of a
conducting amendments the business. re
interviews (Validity) p
1
M
th
p
a
a
a
c
h
to
s
re
1
a
p
re
in
1 PERSONNEL

master les
c
p
o
th
d
li
w
th
a
a
m
1
p
s
c
id
th
th
d
•
•
1 PERSONNEL

master les
1
e
c
is
e
a
s
a
c
b
te
a
O
s
e
c
b
a
c
b
d
a
c
th
ID
q
a
a
b
d
1
e
o
fo
e
a
in
e
n
a
d
c
1 PERSONNEL

master les
b
o
a
fo
a
fo
e
te
s
k
1.2 Adding HR Deduction Unauthorised C Changes to Existence/obligation 1

or amending manager/director authorisation deductions or salaries and of accruals for d
tariffs or HR clerk forms bene ts. wages are deductions not yet a
deductions. Tariff Unauthorised properly paid over. fo
amendment or incorrect authorised Accuracy of m
forms changes to according to salaries, wages and d
List of salaries and the company’s deductions. s
employee wages. authorisation Accuracy, valuation w
names, Not all policy. (Validity) and allocation of th
employee changes to D Changes to deductions not yet g
numbers, salaries, the salaries paid over. le
tariffs and wages and and wages are m
deductions deductions recorded a
are recorded. correctly. th
(Accuracy)
1
a
fo
c
a
a
s
T
a
fo
a
th
H
a
s
1 PERSONNEL

master les
E All changes Cut-off – salaries,

to salaries, wages and
wages and deductions have
deductions are been recorded in
recorded. the correct
(Completeness) accounting period.
Classi cation –
salaries, wages and
deductions.
Completeness of
salaries, wages and
liabilities created
for deductions not
yet paid over.
1.3 Line manager Resignation Unauthorised F Dismissals Occurrence of 1

Dismissal or making the letter dismissals. are authorised. salaries and wage te
resignation request (e.g. Request for Employees (Validity) transactions. s
of supervisor) dismissal who are G Employees s
employees. Management Master le dismissed or who resign are c
approves. amendment who resigned removed from th
form remain on wage or salary re
the wage or journal. d
Log of
salary (Validity) s
master le
journal. a
amendments
th
H
a
s
a
u
th
fr
o
Table 9.5: Time keeping
2 TIME KEEPING (WAGE-EARNING EMPLOYEES ONLY)

| PAYROLL AND WAREHOUSE |
Activity Responsible Documents What could Control objective Account/assertion Manual Alte
party and go affected controls addi
records; wrong/risks in a
master envi
les
2.1 Issue Admin clerk Clock Employees A Payment of Occurrence of 2.1A 2.1A
of clock A from cards may be wages relates wage Admin read
cards to payroll Register paid for to services transactions. clerk A inst
wage- department of clock hours not rendered should entr
earning cards worked. during the prepare a war
employees. issued period. clock card 2.1A
and (Validity) for each biom
returned wage- (suc
earning or
employee, prin
inputting eye
details stor
such as emp
employee le.
name, resp
employee the
number the
and date. data
2.1AB The ass
wage HR
workers Prog
should acc
collect and
clock cards cha
from admin (as
clerk A at Cha
the prev
beginning biom
of the from
wage alte
week.
There
should be
a register,
which the
employee
signs when
the clock
card is
collected.
Employees
should
show their
employee
cards with
photo
when
collecting
Clock B Clock cards Occurrence of
clock cards
cards issued and wage
to verify
could exist collected are transactions.
that they
for for actual
are valid
ctitious employees only
employees.
employees. and only for
actual hours
worked.
(Validity)
2.2 Supervisor 2.2BC The 2.1

Supervising clock syst
the machine for t
clocking in should be thum
and out situated at or ir
process. the stor
entrance to emp
the factory. le.
The the
supervisor only
of the ther
division
should
supervise
the
clocking in
and out
process.
2.3 Return Admin clerk 2.3ABD As a
of clock B from The clock to b
cards by payroll cards read
wage- division should be acc
earning returned to card
employees. admin be s
clerk B. acc
Admin will
clerk B info
should the
reconcile strip
the clock 2.2,
cards entr
returned to info
the register eith
of clock biom
cards or c
issued to will
ensure aga
that all spe
clock cards emp
handed out on a
at the wor
beginning tran
of the
week have
been
returned
and that
there is
only one
clock card
per
employee.
2.4 Admin The normal C Normal and Accuracy of 2.3, 2.4 2.4C
Calculation, clerks A and overtime hours wage ABCD The tran
review and and B from overtime are calculated transactions. admin cou
approval of payroll hours correctly. clerks in a prin
the hours division could be (Accuracy) division the
worked. calculated should spli
Supervisor incorrectly. agree the norm
number of ove
clock cards repo
with the prin
register, and
calculate by t
the normal sup
and cha
overtime sho
hours, and adju
record it on syst
the clock adm
cards. man
pay
dep
Employees D All wage- Completeness of 2.3, 2.4C
sho
may not be earning wage-earning The
any
paid for employees are transactions. supervisor
mad
hours paid for all should
hou
worked. services review and
rendered. authorise
(Completeness) the clock
cards for
normal and
overtime
hours
worked.
Table 9.6: Calculation and recording of salaries, wages and deductions
3 CALCULATION AND RECORDING OF SALARIES, WAGES AND DEDUCTIONS

| PAYROLL DEPARTMENT |
Activity Responsible Documents and What could go Control objective Account/assertion Manual
party records; master wrong/risks affected controls
les
3.1 Payroll Clock cards Employees A Payment of Occurrence, of For wage

Receiving of clerks (wage dismissed wages is only salary and wage earning
clock cards Payroll employee) continue to made for hours expenses. employee
with time clerks be paid. actually only:
worked Updated list of worked. Completeness of 3.1A The
Payroll
recorded employee Fictitious (wages) or salary and wage admin cle
manager
(wage names, tariffs employees services expenses. should ta
employee) and deductions are included actually the
and updated (from in the salary
3 CALCULATION AND RECORDING OF SALARIES, WAGES AND DEDUCTIONS Accuracy of
| PAYROLL DEPARTMENT | salary and wage
expenses.
list of personnel and wage rendered complete
employee function) journals. (salaries). Existence of clock car
information. (Validity) accruals for to the pa
Deduction Employees deductions. clerk. Pay
3.2 tables paid for B All clerk sho
Preparing of services not employees who compare
salary and Salary and rendered. worked are clock car
wage wage paid. received
journals. journals/payroll Employees (Completeness) the regis
not paid for and sign
3.3 Verifying services C Payment of register a
the details in rendered. salaries and proof tha
the salary wages takes or she ha
and wage Employees place at received
journals. paid at authorised clock car
unauthorised rates.
3.4 Review scale or (Accuracy) Salaries
and tariff. wages:
authorisation
3.1, 3.2A
of the salary
An updat
and wage
list of
journals.
employee
names,
approved
normal a
overtime
tariffs an
deductio
supplied
the HR
departme
should b
used by t
payroll cl
to set up
and
calculate
wage and
salary
journals.
additiona
informati
such as
loans to
employee
or bonus
received
should a
be added
from an
approved
list.
Unauthorised Occurence of 3.2BE Pa
deductions D Deductions salaries and clerk B
or bene ts and bene ts wage expenses should
for added to reconcile
employees. salaries and Existence of number o
wages are accruals for employee
Inaccurate properly deductions with the
deductions authorised. period.
made from (Validity) Accuracy of
and bene ts E Deductions salary and wage 3.2BEF
added to from and expenses and Payroll cl
salaries and bene ts added deduction A should
wages. to salaries and liabilities. sign the
wages are salary or
Inaccurate done Accuracy of wage jou
calculation of accurately. salary and wage as eviden
salaries and (Accuracy) expenses. of having
wages (hours F Calculations prepared
and wages). of salaries and journal.
wages are
done
accurately.
(Accuracy)
3.3ACDF
Payroll cl
B should
verify the
hours (fo
wages on
against c
cards),
tariffs an
deductio
against t
amendm
forms an
deductio
authorisa
forms,
employee
listing an
deductio
tables
respectiv
3.3BE Pa
clerk B
should
reperform
the
calculatio
on the
journals
salary an
wage
reconcilia
and sign
salary an
wage
journals
reconcilia
as eviden
that this
been don
3.4BEF T
payroll
manager
should
select a
sample o
the
transacti
recorded
the salar
and wage
journals
reperform
some of
transacti
and
calculatio
and
elements
the
reconcilia
and sign
salary or
wage jou
as proof
this.
Table 9.7: Payment preparation and payment of salaries and wages
4 PAYMENT PREPARATION AND PAYMENT OF SALARIES AND WAGES

Activity Responsible Documents What could go Control objective Account/assertion Manual controls
party and wrong/risks affected
records;
master
les
Wages Payroll Wage Incorrect or A The correct Accuracy of 4.1AB The

4.1 Payment manager journal unauthorised wage amount wage expenses. wage journal
as cheque wage amount is requested. along with the
requisition Occurrence of
and signatory requested. (Accuracy) reconciliation
B and wage expenses. should go to
authorisation. B The wage
nancial the payroll
manager amount manager as
as cheque requested is cheque
signatory properly signatory B. H
A authorised in or she should
terms of review the
company wage journal
policy. (Validity) for unusual
items, ensure
that the wage
journal and th
reconciliation
has been
signed,
prepare the
cash cheque,
sign the
cheque as
cheque
signatory B
and also sign
the wage
journal and
reconciliation
as evidence o
review.
4.1AB The
nancial
manager
(cheque
signatory A)
should also
review the
wage journal
and
reconciliation
and sign it. H
or she should
stamp the
wage journal
‘paid’ and sig
the cheque.
4.2 Safe- Payroll Cash could C Cash is kept Existence of 4.2C The cash
keeping of clerks be stolen. in safe custody cash. should be
cash. and not stolen. locked away in
(Validity) the safe when
it arrives from
the bank, as
well as after
the wage
envelopes
have been
made up
(before pay-ou
of the wages)
4.3 Payroll Payslips Incorrect D Payslips are N/A Operational 4.3D Payslips
Preparation clerks payslip correct in control, no should be
of payslips prepared. terms of all nancial prepared by
for wage- information reporting payroll clerk B
earning contained implications. for each wage
employees. therein. (No earning
control employee,
objective containing the
applicable as computation o
this is an the net wage.
operational
control.)
4.4 Making- Payroll Wage Cash placed E The correct Accuracy of 4.4E Two
up and clerks envelopes in the wage wages are wage expenses. independent
checking of envelopes is placed in the payroll clerks
wage the incorrect wage (not
envelopes. amount. envelopes for responsible fo
each the wage
employee. journal) shoul
(Accuracy) make up the
wage
envelopes
referring to th
amount and
employee
name and
number in the
wage journal
and compare
to the payslip
4.4E The
payroll clerks
should check
one another’s
work by
performing
spot checks o
wage
envelopes
made up and
comparing thi
to the wage
journal.
4.5 Payment Supervisor Wage Not all A All wage- Completeness of 4.5AB The
of wages. journal employees earning wage expenses. wage
Line who should employees envelopes
manager Payslips be paid are entitled to Occurrence of should be
paid. payment wage expenses. locked away
Wage receive until the pay-
envelopes Wages are payment. out.
paid to non- (Completeness)
employees of 4.5AB The
the company. B Payment of supervisor of
wages is made division
to actual should, when
employees of the wage
the company. envelopes are
(Validity) handed to him
or her by the
payroll clerks,
count the
number of
wage
envelopes,
compare it to
the list of
employees to
be paid and
sign the wage
journal if he o
she is satis e
that there is a
wage envelop
for each
employee. At
least two
employees (i.e
the superviso
of the division
as well as
another
independent
person) shoul
conduct the
wage pay-out.
4.5AB When
collecting the
wage envelop
the employee
• Identi es
him/herse
• Counts the
money and
compares
to the
payslip; an
• Signs the
list of
employees
4.5B Wages
should only be
paid to the
employee in
person and no
to anyone els
4.5AB
Employees no
present during
the wage pay-
out should be
indicated as
‘unclaimed’ o
the list of
employees.
4.5AB The two

employees
conducting th
wage pay-out
should sign th
list of
employees
after they hav
completed the
wage pay-out.
4.6 Safe- Payroll Wage Unpaid A Cash from Existence of 4.6A The wag
keeping and secretary journal wages are unclaimed cash. journal along
payment of Supervisor Unpaid stolen. wages is Occurrence of with the wage
unclaimed adequately envelopes not
Line wages are Unclaimed wages
wages. stolen. wages are safeguarded. expenses. claimed durin
manager (Validity) the wage pay-
Wage paid to the
wrong B Unclaimed out should be
envelopes taken to an
person. wages paid are
paid to actual independent
person (e.g.
correct
employees of the payroll
the company. secretary).
(Validity) 4.6A The
secretary
should count
the number of
envelopes and
compare it to
the list of
employees an
sign if he or
she is satis e
as evidence o
receipt of the
unclaimed
wages.
4.6A The line
manager and
supervisor
present at the
wage pay-out
should record
employees wh
did not attend
the wage pay-
out and have
not collected
wages in an
unclaimed
wage register.
This should b
checked by th
payroll
secretary.
4.6A The wag
envelope
should be
locked away
until it is
collected by
the employee
4.6B When
collecting the
unclaimed
wage, the
employee
should:
• Identify
him/herse
• Count the
money and
compare it
to the
unclaimed
wage
register;
and
• Sign the
unclaimed
wage
register.
4.6A
Unclaimed
wages not
collected
within a
reasonable
time should b
deposited bac
into the bank
account of the
business.
4.6A The
unclaimed
wage register
should be
referenced to
the deposit
slip for
unclaimed
wages
deposited.
4.6A Regular
monitoring of
unclaimed
wages should
be done by an
independent
manager
following up o
long-
outstanding
unclaimed
wages and
employees wh
regularly
appear on the
unclaimed
wage register.
Salaries Payroll Salary Incorrect A Salary Accuracy of 4.7ABCD The

clerks journal salary amounts salary rst reviewer
4.7 Payment
amounts requested are expenses. should review
requisition
Payroll Payslips requested. accurate. the salary
and
manager (Accuracy) (Accuracy) Occurrence of journal for any
authorisation.
salary unusual items
Senior Unauthorised B Salary expenses. ensure that th
manager salary amounts salary journal
amounts requested are and the
requested. properly reconciliation
(Validity) authorised have been
according to signed,
the company’s prepare a list
authorisation of payments
policy. (Validity) that need to b
made to
salaried
employees (o
in cases wher
cheques are
still used,
complete a
cheque for
each employe
and sign the
cheque as
cheque
signatory B)
and sign the
salary journal
and
reconciliation
as evidence o
review.
4.7ABC The
second
reviewer
should also
review the
salary journal
EFT list and
reconciliation
and sign them
as evidence o
review. He or
she should
stamp the
salary journal
‘paid’ (and, in
cases where
cheques are
still used, sig
the cheque as
cheque
signatory A).
4.7D The
salary should
only be paid
into the
employee’s
own bank
account. In
cases where
cheques are
still used,
cheques
should be
made out in
employees’
names and
crossed ‘not
transferable’.
4.8 Payroll Not all C Salaries are Completeness of 4.8ACD A

Preparation clerks employees paid to all salary payslip should
of payslips. that should employees expenses. be prepared b
be paid are entitled to the salary
paid. payment. clerks for eac
(Completeness) salary-earning
employee
containing
gross and net
salary and
deductions pe
employee for
the month as
well as for
year-to-date.
4.9 Payment Payroll Salaries are D Payment of Occurrence of 4.9D The

of salaries. manager not paid to salaries is salary salary should
Senior the correct made only to expenses. only be paid
employees. actual into the
manager
employees of employee’s
the company. own bank
(Validity) account. (In
cases where
cheques are
still used, the
employee
should identif
him – or
herself and
should sign th
list of
employees to
be paid when
the cheque is
handed over t
him or her.)
4.9C A
separate
salary bank
account shou
be used and
reconciled to
the salary
journal after
payments hav
been made.
Table 9.8: Payment of deductions
5 PAYMENT OF DEDUCTIONS
Activity Responsible Documents What could Control objective Account/assertion Manual

party and go affected controls
master
les
5.1 Administration Third- Deductions A Deductions Accuracy, 5.1ABC The

Preparation assistant in party and and liabilities valuation and
admin
and payroll or returns liabilities are calculated allocation of
assistant
reconciliation accounting are correctly and liabilities.
should
of third-party department calculated paid over to complete a
payment and paid the correct Completeness of monthly or
Financial
returns. over third party.deductions paid annual
manager
incorrectly. (Accuracy) or raised as return for
Senior liabilities. third-party
All B All amounts
manager deductions
liabilities for deductions
that should not paid over made from
employees’
have been before year-end
salaries
raised are are raised as
and wages
not raised. liabilities.
(Completeness) in respect
of third
parties
(e.g.
medical
paid, PAYE,
UIF,
pension
fund
payments).
5.1AC The
third-party
return
should be
reconciled
with the
deductions
in the
salary and
wage
journals by
the
accountant.
5.2 Payment All C All Completeness of 5.2AC The

of third deductions deductions liabilities. payroll
parties that should made from manager
have been employees’ (reviewer 1)
paid over human should
are not resources review the
paid over, cycle are paid returns for
or not paid over to third any
over parties unusual
timeously. timeously. items,
(Completeness) ensure that
the totals
on the
returns and
the salary
and wage
journals
agree,
complete
and sign
the request
for
payment
and the
salary and
wage
journals
and returns
as
evidence of
review.
5.2AC The
nancial
manager
(reviewer 2)
should also
review the
salary and
wage
journals
and returns
and sign
them. He
or she
should
stamp the
returns
‘paid’ and
sign the
request for
payment as
second
reviewer.
5.2B The
nancial
manager
must
ensure that
all
payments
that are
due, but
have not
been paid
before year-
end, are
raised as a
liability in
the general
ledger.
Table 9.9: Recording of salary and wage transactions
6 RECORDING OF SALARY AND WAGE TRANSACTIONS IN THE ACCOUNTING RECORDS

Activity Responsible Documents What could Control objective Account/assertion Manual Al

party and go affected controls ad
records; wrong/risks in
master les en
6.1 Salary General General Recording A Human Occurrence of 6.1ABCDE Po

and wage ledger ledger: of items resources salary and wage The head of sa
journals clerk relating to cycle expenses expenses. the jo
Human
are posted human relate to accounting ac
resources
to the cycle resources compensation department sy
salary and cycle in the for services should review w
control
wage general rendered the journals, fr
accounts
(and/or ledger may during the compare ge
and
inventory) inventory be in the period. them to the ca
accounts wrong (Validity) salary and pr
accounts
in the accounting wage at
(if
general period. journals, ti
applicable)
ledger. reperform an
calculations th
regarding au
expenses u
allocated to th
inventory and or
authorise the pa
journal do
entries made
for these
allocations
and postings.
6 RECORDING OF SALARY AND WAGE TRANSACTIONS IN THE ACCOUNTING RECORDS
6.2 Payroll Salary and Recording B Salaries, Accuracy and 6.2ABCD 6

Recording clerk wage of items wages and classi cation of
Payroll clerk on
of expense relating to deductions are salary and wage
B should va
Financial
liabilities manager accounts human accurately expenses or reconcile the an
for resources recorded in the accuracy, number of co
Liabilities
deductions cycle may accounting valuation and employees, w
for third-
made from be records. allocation andgross salary tr
party
third payments inaccurate. (Accuracy) classi cation of
and wages pr
parties not inventory. and es
yet paid Recording C Salary and deductions to ba
over. of items wage expenses Completeness of the prior em
relating to include all salary and wage period and w
human such expenses expenses. sign as proof ra
resources incurred during
Completeness of of the de
cycle in the the accounting liabilities. reconciliation. st
general period. em
ledger may (Completeness) Classi cation of 6.2D The m
be salary and wage nancial th
incomplete. D All expenses. manager sy
deductions not
Classi cation of must ensure 6
Recording paid over by that all
liabilities and co
of items year-end are inventory. deduction
relating to accrued as sy
payments
human liabilities. a
that are due,
resources pr
but have not
cycle in the E Human been paid sa
general resources jo
before year-
ledger may cycle expenses lis
end, are
be and deductions an
raised as a
classi ed are properly liability in the tr
incorrectly. identi ed and w
general
classi ed in re
ledger.
the accounting n
records. m
(Accuracy) co
ge
ac
id
en
en
th
pa
ye
be
lia
9.8 Cycle illustration: The human resources cycle at Ntsimbi

Piping
9.8.1 Background to the human resources cycle of Ntsimbi Piping
Ntsimbi Piping currently employs approximately 250 staff members. e administrative personnel, as well as
all managers, including the warehouse and factory foremen and supervisors, are salaried employees. All
factory and warehouse employees are wage-earning employees.
Ntsimbi Piping uses an off-the shelf computerised payroll package that has a biometric reader linked to
it. It maintains all employee data stored on the system. Hourly rates for wage-earning employees are set per
job description. Wage rates are adjusted annually. Wage payments are done on a weekly basis by way of EFT.
Salary payments are done monthly by way of EFT.
9.8.2 Appointment of employees and personnel records

• Function performed by the human resources division.
• Herman Heunis (human resources manager)
• Rose Metsetswe (human resources clerk)
• Louis Lynwood (warehouse supervisor)
• Marguerite Malan (legal advisor) to ensure that all legal aspects of the employment contracts are met
• Lee-Ann Losper ( nancial director)
• Bongani Arnott (managing director).
9.8.2.1 Appointment of new personnel

If there is a vacancy for a warehouse assistant in the raw materials warehouse, Louis Lynwood, the
warehouse supervisor, completes a request for new appointment form. is form includes a description of
the duties of the raw material warehouse assistant (the warehouse assistant sorts and places raw material on
the shelves), as well as a motivation for the vacancy to be lled. Appropriate line managers have also been
identi ed for the appointment of other employees (depending on the division/department requiring the
appointment), and the same procedures are followed.
e request for new appointment form is sent to the nancial director, Lee-Ann Losper. Lee-Ann reviews
the available budget and approves the application form if the position is to be lled. e request for new
employment form is sent to the human resources manager (Herman Heunis). CVs are received from
candidates who apply for the position. e CVs are screened by Herman and sent through to Louis Lynwood
for review. Interviews are set up with the candidates. e interviews are conducted by an interviewing panel
consisting of Herman Heunis, Louis Lynwood, selected employees of the human resources department and
another manager. A shortlist of suitable candidates is produced.
If a potentially suitable candidate is identi ed from the interviews, the next steps are:
• Following up with the candidate’s references (to con rm whether the candidate is indeed a suitable
candidate to appoint);
• Querying whether the candidate has a criminal record (from an online database);
• Checking the candidate’s quali cations (e.g. if minimum quali cation for this position is Grade 12, it is
con rmed that the candidate is indeed in possession of a valid Grade 12 certi cate); and
• Performing competency testing on the candidate.
Should the candidate be appointed, an employment contract is drawn up by Marguerite Malan, setting out
the employment conditions and terms of appointment, as well as the hourly rate as agreed for the particular
position. e employment contract is signed by Herman Heunis and Louis Lynwood. Rose Metsetswe sends
two copies of the employment contract to the candidate to sign. One signed copy is kept by the candidate
and the other copy is sent back to Rose along with a certi ed copy of the appointee’s ID document,
quali cations, proof of address, bank account name and bank account number. Deduction authorisation
forms are also completed by the new employee for all deductions from his or her salary or wage (excluding
regulatory deductions for taxation and UIF).
Rose opens an employee le for the new employee. e copy of the employment contract that is returned
by the employee is led in the permanent le. e employee comes in and provides two ngerprints (one as
a backup) for access control purposes. e biometric system electronically scans hundreds of data points (on
the nger) and processes them as a data string through two proprietary systems. e result is a series of
random numbers used to identify the employee for check in/out purposes.
9.8.2.1.1 Addition to employee master le

If the candidate is appointed, Rose Metsetswe accesses the employee master le module on the PVCACC
payroll module with her unique username and password in order to generate an on-screen, sequentially
numbered master le amendment form. Sound input controls are in place (refer to Chapter 5 in this regard).
She enters all the particulars of the new employee as they appear on the employment contract, including the
hourly rate as set by Herman Heunis, the right thumb ngerprint data (which is used for the biometric
reader), and the employee’s banking details (which is obtained from a form which has to be completed and
signed by the employee). e system automatically allocates a unique sequential employee number to each
new employee. e computer system does not allow Rose to change the employee number. e system
requires Herman Heunis and Louis Lynwood to authorise the master le amendment.
Rose attaches a copy of the employment letter to a printed copy of the completed master le amendment
form and she les the documentation in sequential order by amendment form number in the HR office and
a copy in the permanent le of the employee.
e computer automatically logs each master le amendment and assigns Rose’s and Herman’s
usernames to each master le amendment she has generated and he has approved respectively on the
system to x responsibility. e log is printed regularly to ensure an audit trail and to keep for future
reference.
Typical changes to the employee master le that require a master le amendment form include:
• Additions and deletions of employees;
• Setting of and changes to tariffs; and
• Changes to deductions
Dismissals and resignations

When an employee is dismissed or resigns, a termination of service form is completed by the employee and
signed by the relevant supervisor and by Herman Heunis. is document is captured by Rose Metsetswe and
approved by Herman Heunis on the employee master le. e same master le change controls as described
above apply.
Changes to wage rates

e wage rates are adjusted on an annual basis. e percentage increase is determined in negotiations with
the employee representatives, labour unions, warehouse supervisors and the nancial director (Lee-Ann
Losper). A tariff amendment form is created for increases for the different levels. Rose Metsetswe captures
the tariff amendment form to the master le by way of a master le amendment in a similar manner as
described above. e system requires Herman Heunis to approve these amendments on the system.
Changes to salary tariffs

e annual salary adjustments start with performance appraisals once a year. A rating is awarded to each
salaried employee. e rating for each employee name and number is listed on a tariff amendment form. e
nancial director (Lee-Ann Losper) and the managing director (Bongani Arnott) decide on the salary
increases annually and record them on the tariff amendment form. e tariff amendment form is signed off
by Lee-Ann and Bongani. e approved tariff amendment form is then sent to Rose Metsetswe. Rose uses
this tariff amendment form to update the master le. e master le amendment is done in a similar manner
to that described above. e system requires Herman Heunis to approve these amendments on the system.
Review of modi cations to human resources master le

e master le amendment log is handed to Lee-Ann Losper ( nancial director) on a monthly basis. She
scrutinises the log for any unusual modi cations, such as possible duplications and exorbitant tariffs. Lee-
Ann signs the log after review as evidence of having performed these supervisory functions.
9.8.3 Time keeping – wage-earning employees
• Function performed by administrative division of the payroll division.
• Sunè Cloete (administrative clerk from payroll department responsible for the warehouse staff )
• Louis Lynwood (raw materials warehouse supervisor).
9.8.3.1 Time keeping process

Ntsimbi Piping has a biometric ngerprint reader at the entrance of the raw materials warehouse. Louis
Lynwood is present during the process of clocking in and out to ensure that employees do not just clock in
and then leave the premises.
When an employee arrives at the warehouse, he or she places his or her thumb on the reader and the
system searches for the thumbprint on the employee master le. Access to the warehouse is only granted if
there is a match.
e system automatically keeps a log of normal and overtime hours worked on the ‘hours worked’
transaction le. Sunè Cloete prints a report of the details of all warehouse employees who worked and their
hours worked split between normal time and overtime and takes it to Louis Lynwood to check and authorise
the hours.
e same process is followed by line managers of wage-earning employees in the other divisions.
9.8.4 Calculation and recording of salaries and wages

• Function performed by the payroll division.
• Mabel Smith (wages clerk)
• Tandi Mnazana (salaries clerk)
• Ben Franco (payroll manager).
Mabel Smith creates the wage journal for each week in the PVCACC payroll module. e employee names
and numbers, approved wage tariffs and deductions are automatically retrieved from the master le. e
hours stored by the biometric reader on the ‘hours worked’ transaction le is imported into the payroll
software package automatically when the wage journal for a certain period is created. e system
automatically splits the hours between normal and overtime hours. e system calculates a batch total of
hours worked, as processed, and displays this on the screen. Mabel agrees this with the total hours worked
according to the ‘hours worked’ transaction le and then clicks on the ‘proceed’ button (refer to Chapter 5
for a description of batch controls).
Tandi Mnazana creates the salary journal for each month in the payroll package. e employee names
and numbers, approved salary tariffs and deductions are automatically retrieved from the master le when
the salary journal is created for a particular month.
Access to the salary and wage journals is restricted by the logical access controls as discussed in Chapter
5. Any additional employee deductions (such as loan instalments) or bene ts (such as bonuses) are loaded
by way of master le amendment forms. e master le amendments are loaded by Rose Metsetswe in a
similar manner to that described in section 9.8.2 above and authorised by Herman Heunis and the employee
(for non-statutory deductions). Mabel Smith and Tandi Mnazana have no write-access to the master le
data. Deductions and hours are included in the wage journal (for wages).
e processing of the salary and wage journals is automatically carried out by the system. e system
performs reasonability and limit checks on the results of the processing as discussed in Chapter 5.
e salary and wage journals and exception reports are then printed. Mabel Smith (for wages) and Tandi
Mnazana (for salaries) do reconciliations by comparing the number of employees, hours (for wages), tariffs
and deductions to the prior period and follow up on any differences. ey sign the reconciliations as proof
that they have performed these. If necessary, the wage journals and exception reports are then printed again
and handed to Ben Franco. Ben compares the number of employees to the number of employees on the
master le, compares salaries and wages among divisions, and compares the number of employees and the
expense to the budget and follows up on any exceptions included in the exception reports. If satis ed, Ben
signs the exception reports and les them. He then approves the salary or wage journal as the rst approval
on the system and has no other write-access to the le.
After performing the above checks and if he is satis ed with all payment information, Ben accesses the
‘Salary or wage payments module’ on PVCACC with his username and supervisor password and ags the
9.8.5 Payment preparation and payment of wages and salaries

• Function performed by payroll division.
• Ben Franco (payroll manager)
• Susan Mzwakali (payroll clerk)
• Herman Heunis (human resources manager)
• Lee-Ann Losper ( nancial director).
9.8.5.1 Payment by way of electronic funds transfer (EFT)

Payment to wage-earning workers takes place each Friday by means of a weekly payment run, using an EFT
payment facility.
Payment to salary-earning workers takes place on the last business day of each month by means of a
monthly payment run, using an EFT payment facility.
9.8.5.1.1 Payment signatories

9.8.5.1.2 EFT payment facility

bank accounts of its employees via the bank.
After Ben Franco has agged the payment schedule as ‘Ready for payment’ on PVCACC (refer to section
9.8.4), he submits the printed version of the payment schedule, the salary and wage journals and
reconciliations, and other supporting documents to the payment signatories.
9.8.5.1.3 Executing a payment run

By performing a review on the payment schedule and supporting documentation, James Khumalo ensures
the following are in effect before continuing with the payment run:
• e wage journal was signed by Mabel Smith, the salary journal was signed by Tandi Mnazana and the
payment schedule was approved by Ben Franco. e amounts on the payment schedule agree to the
amounts on the wage and salary journals and reconciliations.
• None of the salary or wage journals have been previously cancelled (i.e. there is no stamp on the
documentation indicating ‘Paid’ (to avoid duplicated salary/wages payments)).
• ere are no suspicious employee names, numbers or amounts on the payment schedule.
electronic version of the payment schedule (as prepared by Ben Franco in section 9.8.4 above), and banking
details from the employee master le, to the EFT application. e EFT application has been set up in such a
way that it can interface with the payments schedule on the accounting system, decreasing the risks of:
• Inaccurate payment details being furnished to the EFT application;
• Employees being inappropriately added to the payment run; and
• Employees being omitted from the payment run.
As an added control after the transfer of the payment data to the EFT facility, the computer automatically
reconciles the data transferred onto the EFT application with the data on the payment schedule to ensure all
payment data has been transferred to the EFT facility (this is done prior to the nal approval for the
payments to be made).
If James and Lee-Ann are both satis ed with the payment information, they each individually approve
the payments on the EFT application by selecting ‘Process payment’. (Any discrepancies would have been
referred back to Ben, Mabel or Tandi for correction prior to payment.)
to each employee. Should the report indicate that a payment could not be processed (e.g. employee has
closed his or her bank account or incorrect bank account details have been identi ed), the payment
documentation is handed to Ben Franco for resolution and resubmission. Ben downloads the bank
statements for the wage and salary bank accounts and compares them to the EFT report as printed. Any
discrepancies are followed up and resolved.
supporting documentation in the salary and wage pack as ‘Paid’ to avoid the documents from being
resubmitted for payment in the future.
Jason Naidoo performs a reconciliation between the change in the balance of the wage and salary bank
accounts before the transfer and after the transfer, and the totals of the wage and salary journals for the
period. e reconciliation is reviewed and approved by Lee-Ann Losper.
Susan Mzwakali prints a payslip from the system for each employee. is contains the total payments for
the month or week, deductions made and year-to-date payments. One copy is sent to the employee and
another copy is led in the payroll division.
9.8.6 Payment of deductions

• Function performed by human resources department.
• Ben Franco (payroll manager)
• Susan Mzwakali (payroll clerk)
9.8.6.1 Payment of deductions

e payroll module automatically generates a report with all the deductions grouped together.
Susan Mzwakali downloads these reports of deductions, agrees them with the salary and wage journals, and
signs them. She informs Ben Franco once she has nished. Ben calls up the deduction schedules and
approves payments to third parties. Ben clicks on the ‘approve’ button on the computer screen.
After performing the above checks and if he is satis ed with all payment information, Ben accesses the
‘Payment of deductions module’ on PVCACC with his username and supervisor password and ags the
9.8.6.2 Payment by way of electronic funds transfer (EFT)

Payment of deductions takes place on the last business day of each month by means of a monthly payment
run, using an EFT payment facility.
9.8.6.2.1 Payment signatories

9.8.6.2.2 EFT payment facility

bank accounts of its employees via the bank.
After Ben Franco has agged the payment schedule as ‘Ready for payment’ on PVCACC (refer above), he
submits the printed version of the payment schedule and the supporting documents to the payment
signatories.
9.8.6.2.3 Executing a payment run

By performing a review on the payment schedule and supporting documentation, James ensures the
following are in effect before continuing with the payment run:
• e payment schedule has been signed by Susan Mzwakali and approved by Ben Franco and the amounts
on the payment schedule agree with the amounts on the wage and salary journals and deduction
schedules.
• Deduction schedules have been previously cancelled (i.e. there is no stamp on the documentation
indicating ‘Paid’ (to avoid duplicated payments)).
• ere are no suspicious deductions, numbers or amounts on the payment schedule.
electronic version of the payment schedule (as prepared by Ben Franco above) to the EFT application. e
EFT application has been set up in such a way that it can interface with the payments schedule on the
accounting system. As an added control after the transfer of the payment data to the EFT facility, the
computer automatically reconciles the data transferred onto the EFT application with the data on the
payment schedule to ensure all payment data has been transferred to the EFT facility (this is done prior to
the nal approval for the payments to be made).
If James and Lee-Ann are both satis ed with the payment information, they each individually approve
the payments on the EFT application by selecting ‘Process payment’. (Any discrepancies would have been
referred back to Ben, Mabel or Tandi for correction prior to payment.)
for each deduction. Should the report indicate that a payment could not be processed (e.g. bank account has
been closed or incorrect bank account details have been recorded), the payment documentation is handed
to Ben Franco for resolution and resubmission.
supporting documentation in the salary and wage pack as ‘Paid’ to avoid the documents from being
resubmitted for payment in the future.
SITE, PAYE and UIF payments to SARS are made into the SARS bank account by making use of the web-
based e- ling system of SARS.
9.8.7 Recording the salary and wage transactions in the accounting

records
• Function performed by the accounting department.
9.8.7.1 Posting of transfers

With the payroll-run, the cash payments journal (cash book), deduction accounts and salary and wage
accounts are automatically updated.
9.8.7.2 Review of transactions

e computer allows James Khumalo to print the salary and wage journals. James reviews them and
compares them to the relevant general ledger accounts for unusual entries.
9.8.7.3 Reviewing of liabilities created at year-end
At the end of each year, PVCACC automatically creates journal entries to accrue for all deductions not paid
over at year-end. James Khumalo reviews the journals for any unusual items and for missing accruals and
then approves the journals for processing to the general ledger.
1. List the general ledger accounts that are affected by the human resources cycle. (LO 2)
2. List the functional areas in the human resources cycle. (LO 3)
3. Indicate which of the other cycles interface with the human resources cycle. (LO 1)
4. Which one of the following documents and reports relates to the human resources cycle? (LO 5)
a) Purchase order
b) Wage and salary journal
c) Production report
d) Inventory listing
5. What are the responsibilities of the payroll department in the processing of payroll transactions? (LO 3)
6. Explain what the difference is between a salary and a wage. (LO 1)
7. Explain why salaries and wages are susceptible to fraud. (LO 6)
8. Formulate the control objectives relating to the recording of wages. (LO 8)
9. Describe the internal controls that should be present during the time keeping for wages. (LO 11)
10. Describe the advantages if a company were to switch from a clock card system to a biometric reader
system. (LO 7)
11. Below are two columns. Column A contains information regarding the risks that could exist within a
human resources cycle. Column B contains a list of control objectives. Link the two columns with each
other by writing the letter in column B next to the appropriate number in column A. (LO 7 & 8)
COLUMN A COLUMN B
11.1 Recording of deductions takes place in the a) Validity

wrong accounting period
11.2 Fictitious employees may be included in the b) Accuracy

salary or wage journal
11.3 Using incorrect wage rate when completing c) Completeness

wage journal
12. Describe two controls that can be implemented in a business to ensure that no ctitious employees are
created in a computerised accounting system. (LO 11)
13. e following relates to GFT (Proprietary) Limited, a manufacturer of motor vehicle parts. Identify the
weaknesses in internal control, indicate what the risks would be for the business, and describe
recommendations to address each weakness: (LO 4, 10 & 11)
Blank clock cards are kept in a box close to the entrance of the factory. When a wage-earning employee
reports for work on a Monday morning, he or she takes a blank clock card from the box, enters his or her
details in pencil on the clock card and from Monday to Friday records his or her arrival and departure
times thereon. On the Friday afternoon the clock card is placed back into the box near the entrance to
the factory.
14. Describe which controls should be implemented over unclaimed wages. (LO 11)
15. Formulate control objectives for the payment of salaries. (LO 8)
16. e following weaknesses were identi ed in the salaries system of HTM Limited. Indicate for each
weakness what the risk would be to the business. Also suggest an improvement that will address the
weakness. (LO 10 & 11)
a) Only staff from the human resources division are involved in interviews to ll vacancies.
b) e line manager authorises appointment forms after the human resources official has completed
all relevant particulars.
c) Nobody checks the salary clerk’s calculations of the salaries in the salary journal.
d) Employees receive their salaries in the form of cheques by mail.
e) e accountant signs the request for payment and reconciles the salary bank account.

17. e following internal control was implemented in HJK Limited before the wages EFT payments are
authorised:
‘e nancial manager reviews the wage journal and authorises the EFT payments of wages’. e control
objective that will be achieved by the internal control is validity of wage payments and the management
assertion affected is existence of wages. (LO 8 & 9)
18. Deductions not yet paid over at year-end are classi ed as a current liability, as the company has to pay it
in the forthcoming year. (LO 2)
19. Direct wages are included as part of the cost of inventory of a product. (LO 2)
20. e following internal control was implemented in HJK Limited when the wage packets were made up:
‘e wage packets are compared to the wage journal to ensure that all employees receive a wage packet.’
e control objective that will be achieved by the above-mentioned control is completeness of wages
and the management assertion affected is completeness of wages. (LO 8 & 9)
21. Which of the following actions trigger a transaction in the human resources cycle? (LO 1)
a) e payment of the wage
b) e clocking in of the wage-earning employee
c) e appointment of the wage-earning employee
d) e dismissal of the wage-earning employee
22. Describe the three types of authenticating information that can be used when an automatic access
control system is used. (LO 7)
1 Dieter von Fintel & Marlies Piek. Stellenbosch University. [Online]. Available: e Conversation https://theconversation.com/amp/south-
africas-national-minimum-wage-could-hurt-small- rms-and-rural-workers-76474 [Accessed April 2018].
2 Source: Cape Argus, IOL. [Online]. Available: https://www.iol.co.za/capeargus/news/national-bus-strike-seems-to-be-inevitable-14347108
[Accessed April 2018].
3 Buthelezi, S. [Online]. Available: https://www.iol.co.za/sunday-tribune/news/four-officials-implicated-as-ghost-employees-loot-coffers-
14054739 [Accessed May 2018]. Reprinted with permission of e Sunday Tribune/Independent Media.
4 Deloitte IAS Plus. [Online]. Available: http://www.iasplus.com/en/standards/standard17 [Accessed 28 March 2013].
5 Deloitte IAS Plus. [Online]. Available: http://www.iasplus.com/en/publications/global/guides/pub1349 [Accessed 28 March 2013].
6 Erasmus, J. [Online]. Available: https://www.accountancysa.org.za/analysis-king-iv-and-remuneration-disclosure/
7 [Online]. Available: http://www.mywage.co.za/main/salary/minimum-wages [Accessed 18 September 2012].
8 [Online]. Available: http://www.ens.co.za/newsletter/briefs/Labour%20and%20Employee%20Bene ts_%20South%20Africa.pdf
9 [Online]. Available: http://www.ccma.org.za
10 Wray, Q. 2008. Business Report, 25 April. [Online]. Available: http://genderlinks.org.za/country-events/gender-and-media-diversity-
centre/deputy-president-warns-on-widening-wealth-gap-business-report-2008-04-25/ [Accessed May 2017].
11 Moneyweb. [Online]. Available: https://www.moneyweb.co.za/news/south-africa/executive-pay-under-the-microscope [Accessed April
2018].
12 Mooney, A, Financial Times. [Online]. Available: https://www.ft.com/content/30abb36c-3805-11e8-8b98-2f31af407cc8 [Accessed April 2018].
13 Financial Times. [Online]. Available://www.ft.com/content/b3cee000-15d1-11e6-9d98-00386a18e39d [Accessed April 2018].
14 Financial Times. [Online]. Available: https://www.ft.com/content/6df9902a-f8fc-11e6-9516-2d969e0d3b65 [Accessed April 2018].
15 Njobeni, S. Business report. [Online]. Available: https://www.iol.co.za/business-report/economy/king-iv-tightens-corporate-remuneration-
2085413 [Accessed April 2018].
16 e Conversation. [Online]. Available: https://theconversation.com/can-the-grim-reality-of-published-pay-ratios-really-curb-executive-pay-
83279 [Accessed April 2018].
17 [Online]. Available: http://www.legalnexus.co.za/news/news3.html
18 Security information watch. [Online]. Available: http://www.securityinfowatch.com /article/10498285/understanding-card-connected-
access-control-systems [Accessed 2 April 2013].
19 Source: [Online]. Available: http://www.sage.com/za/newsroom/sage-hr-and-payroll/2016/05/01/payroll-fraud-how-to- nd-it-and- ght-it
[Accessed August 2018]. Copy courtesy of Sage South Africa (Pty) Ltd.
Investment and CHAPTER 10
nancing cycle
Dana Nathan1
CHAPTER CONTENTS
Learning outcomes
Reference list
10.1 What are the nature, purpose and accounting implications of
the cycle?
10.5What computer technologies are used in the cycle?
10.6What are the control objectives in the cycle?
10.7What are the controls in the cycle (manual and computerised)?
10.8Cycle illustration: e investment and nancing cycle at
Ntsimbi Piping
LEARNING OUTCOMES
2. Identify and describe the major general ledger accounts affected
by the cycle.
3. Identify and describe the documents and records, both manual
and computerised, utilised in the cycle
4. Identify and describe the risks of misstatement affecting account
balances, classes of transactions and events in the nancial
statements.
5. Describe the computer technologies used in the cycle.
7. Describe how internal controls may assist in achieving the control
objectives in the cycle and how these control objectives relate to
management’s assertions in the nancial statements.
8. Critically analyse internal control systems in order to identify and
explain weaknesses in the control system and recommend
improvements by describing the required internal controls.
9. Design a system of internal controls, both manual and
computerised, that will achieve the cycle’s
control objectives.
REFERENCE LIST
While there are a number of accounting standards that apply to the

investment and nancing cycle (a list of these is provided in section
10.1.4 of this chapter), the following are considered to be fundamental
to understanding this chapter:
• International Accounting Standards Board (IASB) (Dec 2015) IAS 16
Property, Plant and Equipment.
• International Accounting Standards Board (IASB) (Dec 2017) IFRS 9
Financial Instruments.
IN THE NEWS
Eskom signs R20-billion credit facility with banks2
28 February 2018
Eskom has today signed a R20-billion short-term credit facility
with a consortium of local and international banks.
The government guaranteed facility will form part of the
nancing of Eskom’s current capital expenditure programme‚ the
utility said in a statement.
The terms of the facility are comparable to Eskom’s existing
facility agreements and pricing is aligned to market benchmarks
of similar structures‚ it added.
Eskom’s Interim Group Chief Executive Phakamani Hadebe
said: ‘We view the successful execution of this facility as a
demonstration of the nancial markets’ con dence in Eskom’s
turn-around strategy. We are cognisant of the challenges that are
still ahead for the business and we are committed to ensuring
that we expediently transition Eskom’s operational and nancial
pro le to adequate standards. Eskom remains a critical enabler
for South Africa’s economic growth and it is critical that we attain
maximum operational ef ciency for the business to avoid
negatively impacting the macro-environment’.
Acting Chief Financial Of cer Calib Cassim said: ‘Concluding
this facility with the suite of banks reiterates the renewed
willingness by nancial markets to engage with Eskom. The
funding provides Eskom with suf cient liquidity to allow the
company time to continue resolving its governance related
issues and enables Eskom to recommence with its normal
funding programme required to execute the FY2018/19 funding
plan’.
e news article typi es the investment and nancing cycle within a
company, displaying what is often a very direct link between obtaining
further nancing and an entity experiencing issues around short-term
liquidity and going concern (addressed in Chapter 15).
Eskom required funding for its ‘turnaround strategy’ and ‘sufficient
liquidity to allow the company time to continue resolving its
governance related issues.’ Ultimately the funding of 20 billion rand
($1.7 billion) obtained through a short-term credit facility with a group
of banks should have been used to assist in stabilising the company in
the short term. It should also have been utilised in funding the further
development of the company’s assets (i.e. its ‘capital expenditure
programme’) which should ultimately generate additional returns for
the company.
is additional nancing obtained ‘aligned to market benchmarks of
similar structures’ will result in signi cant nance charges and
repayments to be made, which will ultimately affect the cash ow of the
company.
10.1 What are the nature, purpose and

accounting implications of the cycle?
e investment and nancing cycle pertains to an entity’s acquisition of
capital assets and raising of funds (through owner’s equity and long-
term debt), the subsequent repayment thereof, as well as handling and
accounting for related investment and nancing income and
expenditure.
e overall transactions discussed below comprise subsystems of
the investment and nancing cycle.
10.1.1.1 Investment transactions

• e acquisition and disposal of tangible non-current assets, as well
as nancial instrument investments;
• e acquisition, internal generation and disposal of intangible
assets;
• e receipt and accrual of interest income and dividends received
on investments;
• Accounting for the use of and changes in value of tangible and
intangible assets through:
• Depreciation/amortisation over the asset’s useful life;
• Revaluations and other fair value adjustments;
• Impairments and write-downs; and
• Pro ts/losses on disposal (through sale, retirement or exchange).
10.1.1.2 Financing transactions

• e issue of shares and the repurchase or cancellation of issued
shares;
• e receipt of loan funding and the subsequent repayment thereof;
• e issue of debentures and subsequent repayments; and
• e handling of and accounting for the obligations that arise from
nancing, including:
• Dividends declared and paid in relation to shares in issue;
• Finance charges paid and accrued in relation to loans
outstanding; and
• Finance charges and accounting adjustments in relation to
debentures in issue.
CRITICAL THINKING
How does the investment and nancing cycle link to other
cycles?
Since investment transactions involve acquisitions and
payments, the cycle interfaces with the purchases and payments
cycle (Chapter 7) where the purchase of routine goods and
services transactions take place. Similarly, when cash is
disbursed for interest and dividend payments, redemption of
shares and repayments of borrowings, these interface with the
purchases and payments cycle, where payments are addressed.
Since the receipt and accrual of interest income and
dividends received on investments involve revenue and cash
receipts transactions, the cycle also interfaces with the revenue
and receipts cycle (Chapter 6) where receipt and accrual
transactions are addressed. Aspects of this cycle will also apply
to the receipt of a loan or equity funding of the entity.
Since these areas have been addressed in the relevant chapters

described above, reference should be made to these sections in regard
to these interfaces. e remainder of this chapter addresses only the
areas speci c to the investment and nancing cycle.
e nature of this cycle may differ substantially from entity to entity.
As a result, the source documents, records and controls in this cycle
may differ fairly substantially among entities. Each business has its own
unique methods and controls for initiating, recording, processing and
reporting transactions and balances relating to this cycle and included
in its annual nancial statements. is chapter therefore addresses the
risks in and necessary internal controls over accounting for investing
and nancing transactions in general terms.
e main purpose of the investment and nancing cycle is to ensure

that:
• An entity invests funds in non-current assets to commence and
operate a business and generate working capital that ultimately
provides pro ts for the entity, be it directly or indirectly. An entity
also invests funds in other investment assets to generate investment
returns; and
• An entity obtains sufficient nancing in order to be able to
commence and operate a business. Failure to acquire sufficient
funding will render an entity unable to operate effectively for a
sustained period of time.
10.1.1.3 Investment activities
e entity’s intentions are to invest funds in assets (tangible, intangible
and investment assets such as nancial instruments) to meet its
strategic business objectives and sustain the business, since these assets
should ultimately generate returns for the entity. Returns are therefore
directly or indirectly obtained through the use and sale of the assets in
the business.
REFLECTION
Think about how these aspects differ from the entity’s holding of
inventory (addressed in Chapter 8).
WHAT What if an entity does not invest suf ciently or

wisely?
IF? It may not be able to obtain adequate returns in order
to declare dividends to shareholders and pay interest
and repay capital to lenders, and may thus lead to the
withdrawal of funding from the entity.
Why would this be experienced in some entities?

• Consider poor corporate governance publicised in
many South African entities recently.
• Think about how senior management of some
entities have chosen to make investment decisions
that are not in the best interests of the company,
but rather in the best interests of themselves (for
self-gain).
Proper strategic management of cash and investments is crucial for an

entity in order to ensure that sufficient cash and returns are available to
meet the entity’s requirements.
10.1.1.4 Financing activities

Common types of funding that an entity will obtain for its operations
include (the issue of ) shares and debentures, and long-term loan
nancing.
e entity then provides returns to the funders through declaring
dividends on equity funds raised (from shareholders), or by paying
interest in relation to loan nancing (from banks and other third
parties).
10.1.1.5 Application of the cycle to Ntsimbi Piping

By reviewing the annual nancial statements of Ntsimbi Piping, we can
identify the investment and nancing activities during the 20X1
nancial year.
1. Activities related to the investment cycle

a) Acquisition of owned plant and machinery of R4,306,989,
right-of-use plant and machinery of R2,885,989, furniture and
ttings of R25,002 and computer equipment of R66,246.
Refer to note 2 to the nancial statements (page 15) and also to
the Statement of Cash Flows (page 10) showing the total
additions to property, plant and equipment as ‘cash ows from
investing activities’.
b) Disposal of plant and machinery of R64,985.
Refer to note 2 to the nancial statements (page 15) showing the
decrease in the carrying amount by this amount and also to the
Statement of Cash Flows (page 10) showing the net proceeds of
disposal of assets of R23,059. Ntsimbi Piping made a loss on this
sale (proceeds of R23,059 less carrying amount of R64,985 = loss
of R41,926) and this loss is disclosed on page 26 of the nancial
statements, which contains a breakdown of operating expenses.
c) Depreciation of property, plant and equipment of R2,144,373.
Refer to note 2 to the nancial statements (page 15).
d) Amortisation of the intangible asset (computer software) of
R20,160 in the current nancial year.
Refer to note 3 to the nancial statements (page 16) and also
note the capitalisation/acquisition of this intangible asset of
R60,478 in the previous nancial year.
2. Activities related to the nancing cycle
a) Additional long-term interest-bearing borrowings obtained
amounting to R1,582,214.
Refer to the increase in lease liabilities gure in note 9 to the
nancial statements (page 18) and also to the Statement of
Cash Flows (page 10) showing this movement as ‘cash ows
from nancing activities’.
b) Finance costs relating to the lease liabilities of R306,814.
Refer to note 16 to the nancial statements (page 20).
It is clear from the annual nancial statements that other than the
activities mentioned above, no additional investment of funds took
place, nor were there any other forms of nance (other than the day-to-
day bank overdraft) utilised during the nancial year.
You will have noticed how the Statement of Cash Flows presents a
tidy summary of investment and nancing activities during the
nancial year.
10.1.2 Forms of transactions and major

accounts affected by the cycle
Investing and nancing activities differ substantially from entity to
entity. Depending on the type of business and the nature of its activities,
transactions in this cycle may take a wide variety of forms.
With regard to nancing activities, variation arises since entities use
different forms of nancing. For example:
• In small owner-managed businesses, nancing is provided primarily
by long-term bank or owner loans.
• Partnerships utilise investments from owners, such as partner loan
accounts.
• Companies, in addition to loan nancing, will issue shares and then
declare and pay dividends as a return.
• Large, listed companies obtain signi cant long-term funding from
public share issues.
• Loan funding, (borrowings) may be obtained from, among others,
the entity’s owners, banks, other third parties, or related companies
in a group situation, and this funding may be secured or unsecured.
With regard to investing activities, while all entities invest in some

form of tangible non-current assets, intangible asset and nancial
instrument investments are not common to all entities. However, for
some entities it may be imperative to invest in these assets in order to
operate their business, for example the purchase of an intangible asset
such as a licence, trademark or patent.
erefore, taking cognisance of the above, the relevant accounts will
depend on the type and nature of business entity and the nature of its
investment and nancing decisions. In general terms, the major
accounts affected by the cycle can be summarised as discussed below.
e following accounts are affected by investment activities:

• Property, plant and equipment – vehicles, land and buildings,
plant and machinery, furniture and ttings;
• Intangible assets – licences, patents, copyrights, computer
software;
• Goodwill (purchased goodwill);
• Financial instrument investments (e.g. investments (shares) in
other companies); and
• Revaluation reserves.
• Depreciation expense;
• Amortisation expense;
• Impairment expense;
• Pro ts and losses on disposals;
• Revaluations;
• Finance revenue; and
• Gains and losses on nancial instruments.
e following accounts are affected by nancing activities:

• Share capital (and other relevant owner’s equity accounts in the
entity);
• Retained income;
• Long-term loans;
• Debenture nancing; and
• Financial instrument liabilities.

• Dividends declared/paid;
• Finance expense; and
• Gains and losses on nancial instruments.
10.1.3 Characteristics of the investment and

nancing cycle
is cycle is at risk of contributing to material misstatements in the
entity’s nancial statements owing to various characteristics of
transactions.
e following are characteristics of transactions in this cycle:

• e magnitude of many investment and nancing transactions that
occur is usually material in the nancial statements.
• e frequency with which transactions occur is lower than most
other cycles.
• As a result of the above two factors, transactions are often not subject
to routine, standard internal controls.
• Many transactions are subject to management estimates and
assumptions (e.g. in the calculation of depreciation and
impairments) and may involve complex calculations (e.g. the
valuation of nancial instruments).
• With regard to the above, since many transactions (e.g. depreciation
and impairment charges) are
handled internally, they are without any supporting external
documentation.
• Transactions that occur in the cycle are often governed by statutory
and governance requirements,
such as the Companies Act 71 of 2008 and the company’s
Memorandum of Incorporation.
For what types of transactions will this be relevant?

• Issuing of shares (sections 36–42; 44)
• Raising of funding by way of debt instruments (section 43)
• Share repurchases (sections 46, 48)
• Declaring of dividends to shareholders (section 46)
• Issuing loans to directors and prescribed of cers (section 45)
• Disposals of assets that represent the majority of non-current
assets of the company (section 112).
Directors’ personal nancial interests (section 75) may also need
to be considered in respect of some investment and nancing
transactions
With these characteristics in mind, it is quite clear that no standardised

set of internal controls can be introduced for all entities. Controls may
therefore vary substantially from entity to entity. Moreover, because of
the nature of the transactions (e.g. the small number of transactions),
most entities implement few standard, routine internal controls in their
investment and nancing cycles.
However, regardless of the nature of the entity, the industry in which
it operates, the type of funding it obtains or the non-current assets or
investments it acquires, the risks facing the entity are a determining
factor in the internal controls that are implemented by management.
erefore, besides the importance of having a thorough
understanding of the nature, purpose and characteristics of the cycle, it
is imperative to understand the typical risks an entity faces in the
investment and nancing cycle (addressed in detail later in section
10.4).
10.1.4 Relevant accounting standards

Management should comply with the requirements of the accounting
standards relevant to the investment and nancing cycle in the
preparation of the entity’s nancial statements. Non-compliance may
result in the relevant transactions, balances and disclosures being
materially misstated in the entity’s nancial statements.
What standards are to be considered in respect of investment

activities?
IAS 16: Property, Plant and Equipment
IAS 36: Impairment of Assets
IAS 38: Intangible Assets
IAS 40: Investment Property
IFRS 3: Business Combinations (i.r.o. goodwill)
IAS 32/IFRS 7/IFRS 9: Financial Instruments Recognition and
Measurement/Presentation/Disclosures
What standards are to be considered in respect of nancing

activities?
IAS 32/IFRS 7/IFRS 9: Financial Instruments Recognition and
Measurement/Presentation/Disclosures
e relevant statutory and governance requirements and legislation

(such as the Companies Act) as mentioned in section 10.1.3 must also
be considered and applied, where applicable, when accounting for the
underlying transactions.
10.1.5 How transactions in the cycle are

triggered (initiated)
10.1.5.1 Investment activities
For the more routine purchase and payment transactions, for example
the purchase of routine, less material tangible assets such as computer
equipment for a new staff member, the following steps will be followed:
• For a purchase transaction to commence, an internal asset purchase
requisition should be issued by the department in the entity that
requires the asset. is will in turn lead to an order being submitted
to a supplier.
• For a payments transaction to commence, an invoice should be due
and payable within the agreed payment terms.
e systems and controls to deal with such transactions are similar to
those covered in the purchases and payments cycle in Chapter 7.
For non-routine investment transactions, for example the purchase of

material, tangible, intangible and nancial instrument-related assets, a
management committee decision usually initiates or triggers the
transaction, such as a minuted decision of an executive management
meeting (e.g. board meeting) or of a speci c committee such as:
• A xed asset committee (to purchase material assets);
• A steering committee (to implement a speci c project or purchase);
and
• An investment committee (to invest surplus funds).
e acquisition should be authorised and approved based on the
entity’s needs and after the necessary investigation and budgeting have
taken place (e.g. capital budgets and cash ow forecasts have been
prepared and considered).
e same process may apply in regard to the initiation of
impairment and revaluation decisions in respect of tangible, intangible
and nancial instrument-related assets.

For nancing transactions, such as the issue of shares to potential or
current shareholders, the issue of debentures, the repurchase of shares
or the obtaining of loan nancing, a management committee decision,
for example a resolution by the board of directors, usually triggers the
transaction.
e same process may apply to initiation of the declaration of a
dividend to shareholders (by way of cash, shares or other means of
payment).
e above transactions should be authorised and approved after
considering all relevant requirements of the Companies Act and the
entity’s Memorandum of Incorporation.
10.2 What functional areas occur in the

cycle?
10.2.1 Financing
e following are examples of key functional areas that exist in the cycle
and the overall processes that are in place to ensure that transactions
are executed appropriately and properly recorded in the accounting
records:
1. Issue of shares;
2. Payment of dividends;
3. Raising a long-term loan; and
4. Finance charges and loan repayments
A brief overview of these functional areas for a typical company, such as

Ntsimbi Piping, follows.
1. Issue of shares
Purpose: To obtain cash in ows by allowing potential (or current)
shareholders to purchase an interest in the company.
CRITICAL THINKING
Ntsimbi Piping is 100% owned by Ntsimbi Piping Investments.
Why might Ntsimbi Piping want to issue additional shares?
1. The company needs nance to fund an expansion to its plant
and machinery, the holding company does not have the funds
to lend to the company and it is proving dif cult (or costly) to
secure further long-term borrowings. An external investor
could provide these funds.
2. The company wants to diversify its shareholder base. Perhaps
it wants to attract BBBEE investors to assist in gaining
tenders from the government. Creating a 25% black African
ownership structure might help secure work that the company
is currently unable to secure given the current composition of
its shareholding.
Main activities: If an entity does decide to proceed with the issue of

additional shares to a new investor, the process it will follow is:
• e board of directors formally approves the decision to offer shares
for purchase by the new shareholder(s). is decision will need to
have rst had the approval of the parent company. is resolution
has to be formally minuted. e issue of the new shares has to be in
accordance with section 38 (‘Issuing shares’), section 39
(‘Subscription of shares’) and section 40 (‘Consideration for shares’)
of the Companies Act. In Ntsimbi Piping’s case, the company has an
authorised share capital of 1 000 par value shares but has only issued
100 to date (refer to note 8 to the annual nancial statements (page
18)). A company is no longer permitted to issue new par value shares
and so, in terms of the Companies Regulations (regulation 31), will
have to convert its par value shares into no-par value shares prior to
proceeding with the new issue.
• A shareholders agreement is likely to be drawn up and entered into
between the new investor and the entity (e.g. Ntsimbi Piping). is
agreement sets out the consideration for the shares, the terms of
payment, and any other conditions or considerations relating to the
share issue.
• e investor pays for the shares in terms of the agreement.
• A share certi cate re ecting the ownership of the shares by the new
investor is issued to the new investor and the company’s securities
register is updated accordingly. ese shares are known as
certi cated securities. e certi cates issued have to comply with
sections 49 and 50 of the Companies Act.
• e transaction is recorded in the accounting records. Assuming a
cash deposit is received in respect of the shares, the entry would be:
Dr Bank
Cr Share capital
Note: Instead of a journal entry recorded in the general journal, this

receipt would more probably have been recorded in the entity’s cash
book, but the ledger accounts affected are the same.
Persons involved in this area: Board of directors, company secretary,
accountant.
CRITICAL THINKING
How would the process of issuing shares differ if Ntsimbi Piping
were a public company listed on the JSE and not a private
company?
Offerings to the general public (both initial and secondary) have
to comply with Chapter 4 of the Companies Act (‘Public offerings
of company securities’).
In addition to the Companies Act requirements that have to
be met, JSE Listings Requirements also have to be complied
with.
All buying and selling of shares in listed companies is
directed through stockbrokers. An individual will not contract
directly with the company when buying shares in the company.
Share certi cates are not issued. Shares are regarded as
being uncerti cated and details thereof are maintained typically
by a Central Securities Depository (CSD). In South Africa, Strate
is the licensed CSD. All trading in these shares is then recorded
by the CSD.
2. Payment of dividends
Purpose: To provide returns to shareholders for their investment in the
company by declaring and paying dividends to the shareholders for the
period for which shares remain in issue.
Main activities:
• A dividend is authorised by a resolution of the board of directors
during a meeting. is distribution has to comply with section 46 of
the Companies Act, which requires that the board, by resolution,
acknowledges that it has applied the required solvency and liquidity
test, and has reasonably concluded that the company would satisfy
this test immediately after completing the proposed distribution. e
resolution must be minuted.
• e settlement of the dividend takes place in accordance with the
board’s decision (amount of the distribution and the timing of the
payment thereof ). A similar process to that described in Chapter 7
for payments takes place.
• e dividend is then recorded in the accounting records. Assuming
the dividends are paid in cash, the journal entry would be:
Dr Dividends paid
Cr Bank
Note: Instead of a journal entry recorded in the general journal, this
payment will probably be recorded in the entity’s cash book, but the
ledger accounts affected are the same.
Persons involved in this area: Board of directors, company secretary,
accountant.
3. Raising a long-term loan

Purpose: To obtain cash in ows from a bank or other lender for
funding purposes.
Ntsimbi Piping obtained additional interest-bearing borrowings of
R1,582,214 during the nancial year.
CRITICAL THINKING
Can you determine why Ntsimbi Piping took out the additional
interest-bearing borrowings during the year? What did they use
this nance for?
A review of the Statement of Cash Flows shows that the loan
was used partly to nance the additions to plant and machinery
(the only major investment activity during the year).
The balance of the additions appears to have been funded
primarily through cash ows from operating activities. It therefore
appears that Ntsimbi Piping was unable to nance the additions
exclusively through operating activities and that they therefore
had to extend their borrowings to acquire the new plant and
machinery.
Main activities:
e decision to raise nance is most likely to be linked to a decision
• to acquire new plant and machinery. Having decided that the entity
has to invest in a new plant, the directors have to decide how best to
nance the acquisition.
In Ntsimbi Piping’s case, the board of directors would have asked
Lee-Ann Losper (the nancial director) to do the necessary research
and feasibility studies around the nancing decision. She would
then have presented her ndings to the board for them to consider
and make the nal decision. e board resolution approving the
nancing arrangement (e.g. bank loan) would have to be made in
terms of the company’s Memorandum of Incorporation and would
have to be formally minuted.
• Having obtained approval for the bank loan from the board,
agreement will have to be reached with the bank to nalise the
repayment terms, interest rates, and any other conditions of the loan
(the new plant as security for the loan, for example). is will be
documented in a formal loan agreement between the entity and the
bank.
• On signing the loan agreement, the funds are advanced by the bank
either directly to the supplier of the plant or to the entity, which then
has to pay the supplier. e general ledger accounts are then
updated to record the transaction as follows:
• If the monies are rst paid to the entity and then to the supplier:
Dr Bank
Cr Interest-bearing borrowings
(Receipt of loan monies from bank)
Dr Plant and Machinery

Cr Bank
(Payment to supplier for new plant)
• If the monies are paid directly to the supplier by the bank:
Dr Plant and Machinery
Cr Interest-bearing borrowings
(Acquisition of new plant using loan nance)
Persons involved in this area: Board of directors, speci cally the
nancial director, accountant.
4. Finance charges and loan repayments
• Over time while the loan amount remains outstanding:
• Finance charges are accrued and are paid to the lender/bank;
• Repayments of the loan amount (capital) are made to the
lender/bank.
Purpose: To account for nance charges (interest) and loan repayments

in terms of the loan agreement with the lender.
Main activities – nance charges:

• Interest is usually calculated by the lender and is automatically
added to the loan account. A statement is sent by the lender to the
entity (e.g. Ntsimbi Piping) on a monthly basis re ecting the interest
charge for the month.
• Payment of interest invariably takes place automatically via a debit
order set up against the entity’s current bank account in terms of the
loan agreement.
• At the end of each month, the accounting records will be updated to
re ect the payment of interest:
Dr Finance charges
Cr Bank
(Payment of interest on borrowings)
Main activities – loan repayments:

• Repayments have to be made in terms of the loan agreement. ese
repayments may take the form of a monthly amount, an annual
amount or even an amount payable only at the end of the loan term.
• Monthly repayments are likely to be automatically debited against
the entity’s current bank account, while less frequent repayments are
more likely to be initiated by the entity (by following the normal
payment process as described in Chapter 7).
• Having made the repayment, the following updates to the accounts
in the general ledger will then have to be processed:
Dr Interest-bearing borrowings
Cr Bank
(Repayment of interest-bearing borrowings)
Persons involved in this area: Accountant.
CRITICAL THINKING
How often do these transactions occur?
The frequency of nance charge payments and loan repayments
will vary depending on the nature of the loan. This will be in
terms of the loan agreement entered into with the lender/bank.
10.2.2 Investments
e following are examples of key areas that exist in the cycle and the
overall processes that are in place to ensure that related transactions are
executed appropriately and correctly recorded in the accounting
records.
Key functional areas:

1. Acquisition of property, plant and equipment;
2. Disposal of property, plant and equipment; and
3. Accounting for the use of assets and changes in asset values.
A brief overview of these functional areas for a typical company, such as

Ntsimbi Piping, follows.
1. Acquisition of property, plant and equipment

Purpose: To invest funds in non-current assets to commence and
operate the business and to generate working capital that provides
pro ts for the entity, be it directly or indirectly.
In Ntsimbi Piping’s case, as a manufacturer of PVC products, it is critical
that it invests in new plant and machinery. Over time the company will
have to replace old machinery with newer, more efficient models and
may also want to expand or extend its production capacity.
In the current nancial year, Ntsimbi Piping acquired a further
R4,306,989 of owned plant and machinery. Disposals were only R64,985
(see carrying amount of disposals per note 2 to the annual nancial
statements (page 15)), so it appears that the new plant is probably in
respect of an expansion to production capacity rather than a
replacement of older machinery (unless the items disposed of were almost
fully depreciated at the time of disposal).
Main activities:
• Signi cant acquisitions require approval by the board of directors
prior to commencing with the transaction. Feasibility studies are
generally conducted rst to corroborate the need for the new plant
and research is undertaken as to what best meets the needs of the
entity. A cost proposal for the purchase and the installation is
prepared and presented to the board for consideration. e
preparation of this proposal document is delegated to a
subcommittee of the board or to a suitably quali ed member of staff.
e board also takes into account the capital budget for the
particular nancial year in their consideration of the proposal. Cost
proposals must be supported by quotes from suppliers. Any decision
taken by the board with regard to signi cant acquisitions has to be
within the mandate granted to it in terms of the company’s
Memorandum of Incorporation.
• Once the board has approved the purchase, the acquisition process
then follows a similar series of activities to that described in Chapter
7 regarding purchases. An order is placed; the plant is received (and
signed for by the entity’s staff ); an invoice from the supplier is
processed by the entity’s accounting staff; and the plant acquisition
is then recorded in the nancial records.
• For less signi cant acquisitions (such as the R25,002 spent by Ntsimbi
Piping in 20X1 in respect of furniture and ttings – refer to note 2 on
page 15), board approval may not be required. In cases like this, an
asset requisition document is completed (much like a purchase
requisition) and the normal ordering/purchasing process as
described in Chapter 7 is followed.
• All new acquisitions of property, plant and equipment are also
recorded in the xed asset register, which is the subsidiary ledger to
the main general ledger accounts for property, plant and equipment.
Persons involved in this area: Board of directors, person requesting

the asset (usually a department head), and relevant accounting
personnel.
2. Disposal of property, plant and equipment

Main activities:
• Similar to acquisitions, signi cant disposals of property, plant and
equipment require approval by the board of directors prior to
proceeding with the transaction. Any decision taken by the board
with regard to signi cant disposals also has to be within the mandate
granted to it in terms of the company’s Memorandum of
Incorporation.
• Once the board has approved the disposal, the relevant item is
advertised for sale. Once a buyer is identi ed, an invoice for the sale
price is issued by the entity to the buyer. e buyer settles the invoice
and takes delivery of the asset.
• Having disposed of an item of property, plant and equipment, the
original cost and the accumulated depreciation up to the date of sale
must be removed from the general ledger account and from the xed
asset register. e difference between the sale proceeds and the net
of the cost and accumulated depreciation (the carrying amount at
date of sale) is the resultant pro t (if sales proceeds are greater than
the carrying amount) or loss (if sale proceeds are less than the
carrying amount). As you have read already, Ntsimbi Piping made a
loss of R41,926 on the sale of plant during the current nancial year
(page 26 of the nancial statements).
Persons involved in this area: Board of directors, accountant and other
relevant accounting personnel.
3. Accounting for the use of assets and changes in asset values
Over time while the property, plant and equipment is held by the entity,
accounting for its use and changes in its value (such as depreciation,
impairments and revaluations) have to be recorded.
Purpose: To account for the use of and changes in value of items of

property, plant and equipment over time. Ntsimbi Piping has to
depreciate its property, plant and equipment over its useful life in
accordance with the requirements of IAS 16. Refer to note 1.3 to the
nancial statements (page 12) for Ntsimbi Piping’s policies with regard
to property, plant and equipment. In reviewing the annual nancial
statements, there do not appear to have been any impairments to the
carrying value of assets other than through normal operating use.
CRITICAL THINKING
Under what circumstances is an item of property, plant and
equipment likely to require an impairment adjustment other
than that already re ected through normal use over time?
If the item becomes redundant. If Ntsimbi Piping found that a
certain type of PVC product was no longer saleable, and
accordingly a decision was taken to terminate production
thereof, then the plant that was solely used to manufacture that
product would potentially require an impairment adjustment to
its carrying value.
If the item is no longer able to achieve normal production

output levels due to it having
become damaged:
• In what instances could this damage possibly occur?
• How can this damage possibly be avoided? (Consider
controls that may be implemented.)
Main activities – depreciation:
• Depreciation is calculated according to the useful life of the category
of the class of property, plant and equipment concerned, taking the
residual values of items into account. Accordingly, the entity’s staff
have to estimate the useful lives and residual values of each item of
property, plant and equipment. e depreciation calculation can
then be performed. It is normally recorded in the xed asset register
and the resultant monthly gures are then captured into the general
ledger through a general journal entry:
Dr Depreciation expense
Cr Accumulated depreciation
Main activities – impairments and revaluations:

Although Ntsimbi Piping does not appear to have made any impairment
adjustments to its property, plant and equipment, this does not mean
that an impairment charge was not considered.
• Usually on an annual basis, a suitably quali ed member of staff in
the entity (at Ntsimbi Piping, someone like Raymond Harris or John
Buckley (both production managers)) considers whether any items of
plant are impaired in any way. e results of this exercise are then
presented to the board for their approval of any impairment
adjustments that may be necessary.
• If there is no one who is suitably quali ed in the entity’s staff
complement, an expert in the eld may be appointed by the board to
undertake the valuation exercise and report back to the board on his
or her ndings.
Persons involved in this area: Board of directors (for approval of

signi cant impairments), production managers/directors (or industry
experts if necessary), accountant and other relevant accounting
personnel.
10.3 What information system is used in
the cycle?
10.3.1 Accounting for investment and nancing
transactions
e information system and related documentation aims to achieve
management’s control objectives in the investment and nancing cycle
and this information eventually forms part of the entity’s nancial
statements. As discussed previously, due to the cycle’s nature and
characteristics and the fact that many transactions and processes are
non-routine and the relevant documentation is often non-standard,
there are often no routine internal controls, and record keeping and
nancial reporting may thus differ substantially from entity to entity.
10.3.2 Supporting documents and journals

With regard to routine purchases of and payments for non-current
assets, for example items of property, plant and equipment such as
computer equipment, the supporting documents, journals, ledgers,
reconciliations and reports that are relevant to the purchases and
payments cycle, as addressed in Chapter 7, apply. Any asset or
investment acquisition on credit leads to the creation of trade creditor
accounts in the nancial records and any purchases from foreign
suppliers requires the conversion of transactions and balances between
local and foreign currency.
Other transactions in the investment and nancing cycle may also
use the documents (and controls) relating to payments that were
discussed in Chapter 7. For example, when interest on loans is paid in
cash or when cash dividends are distributed to shareholders, the
transaction results in a cash out ow for the entity. Similarly, since
dividends received, interest received and proceeds from disposals of
assets involve cash receipts transactions, these may use documents and
controls relating to the revenue and receipts cycle (Chapter 6).
However, in addition to the above, speci c documentation and
records (some non-standard) is relevant to the investment and
nancing cycle. A list of speci c supporting documents, records, reports
and registers that may, among others, be found in the cycle is discussed
below. Note that given the widely varied nature of the transactions in
this cycle, the list is not exhaustive.
10.3.2.1.1 Investment activities
Ordering and acquisition of assets
1. Capital budget
A capital budget caters for items of a capital nature, such as property,
plant and equipment, to be acquired during the year. Capital budgets
should be approved by the board of directors prior to the
commencement of the nancial year to which the budget relates and
actual acquisitions should be monitored against the budget.
2. Memorandum of Incorporation
e Memorandum of Incorporation of a company may contain
stipulations in respect of investment activities that have to be adhered
to when investment transactions are considered for approval by the
board of directors.
3. Minutes of board meeting

ese minutes re ect the resolution of the board of directors to
authorise the acquisition of material items of property, plant and
equipment, intangible assets and other investments.
4. Asset requisition
An asset requisition is completed by an employee (usually
management), setting out the requirements of an asset and requesting
that it be purchased.
5. Speci c purchase agreements/contracts

ese are entered into between the entity and a third party on the
purchase of material assets, setting out all relevant purchase
information including the terms and conditions of purchase. is
purchase agreement may take varying forms depending on the nature
of the purchase transactions, for example:
• Title deeds in relation to property: A document setting out the legal
ownership of the property, stating the entity’s purchase and rights of
ownership;
• Licence in relation to the purchase of intangible assets: A
document setting out the legal ownership and usage rights of the
asset purchased; and
• Broker’s note – issued by a stock broker: A document setting out the
details of a purchase of listed securities (for nancial instrument
assets).
Receipt and custody of assets

6. Share certi cate for nancial instrument assets owned by the
entity
Certi cates are issued to the entity on the purchase or subscription of
shares for investment purposes in another company. Often shares
owned in listed companies are not evidenced by paper-based share
certi cates (i.e. they are uncerti cated). In such cases, ownership of the
shares is evidenced by statements from stockbrokers or the CSD.
7. Detailed xed asset register/listing

is is a register detailing all assets on hand.
CRITICAL THINKING
What key information may be included in a xed asset
register?
A detailed breakdown of each asset on hand including:
• Serial number of asset
• A description of the asset
• The location of the asset
• The date of acquisition
• The original cost price
• Useful life of the asset
• Accumulated depreciation to date
• Any impairment details
• Any revaluation details
• Any disposals during the period
• Carrying amount.
As is indicated above, the total of the carrying amounts at year-end

should agree with the balance on the corresponding general ledger
accounts. In computerised systems, this information may be stored on a
property, plant and equipment (PPE) master le.
8. Master le amendment forms (for computerised systems)

A form is completed in a computerised system each time a new asset is
purchased or disposed of or a change is made to a related accounting
policy (e.g. a change in method of depreciation or change in useful life
of an asset).
9. Schedules of calculations
Various non-standard schedules may be created and utilised by
management in the calculation of impairments, revaluations and pro ts
and losses on sale of assets, to be recorded in the nancial statements.
10.3.2.1.2 Financing activities

Receipt of debt/equity funds
1. Minutes of board meeting
e minutes re ect the resolution of the board of directors to authorise
the share issue or raise debt nancing.
2. Memorandum of Incorporation
e Memorandum of Incorporation details the authorised shares of a
company and any restrictions on borrowings or nancing transactions.
3. Speci c nancing agreement/contract

An agreement is entered into between the entity and the lender/bank
on the receipt of loan funding, setting out all relevant information,
including the terms and conditions of issue, such as interest charges,
repayments details and any security provided. is agreement may take
varying forms depending on the nature of the loan agreement, for
example whether it is a mortgage bond, a debenture issue or a loan
from a related party.
Holding of debt/equity funds

4. Securities register
is is a register held and maintained by the company (usually by the
company secretary) listing all holdings of securities (e.g. shares) in the
company, including names of the security holders, dates of issue and
number of securities/shares held.
5. Master le amendment forms (for computerised systems)

A form is completed in a computerised system each time a change in
shareholding occurs and a change to the computerised securities
register is required.
6. Schedules of nancing calculations

Various schedules may be created and utilised by management in the
calculation of, for example, debenture costs, dividends declared or
effective interest charges, to be recorded in the nancial statements. An
example is an amortisation table for a loan.
10.3.2.1.3 General journals

In addition to routine cash receipt/payment journals and general ledger
accounts utilised for the recording of receipt and payment transactions
relevant to the cycle (e.g. the payment of asset acquisitions and
dividends, or receipts of dividend revenue), various non-routine
transactions arise and have to be recorded. ese are not recorded on
standard documentation or in a speci c journal. In such instances, a
general journal voucher is used to record the transaction or event in the
entity’s general journal.
Examples of non-routine transactions in the cycle, which do not involve

a cash ow element, include the recording of:
• Depreciation expenses;
• Amortisation expenses;
• Impairments;
• Pro ts/losses on the sale of assets;
• Asset revaluations;
• Dividends declared;
• Debenture costs (not involving a cash payment); and
• Accrual of nance charges or dividend income.
10.3.3 Illustration: Transaction ow in the

investment and nancing cycle
e diagrams in Figure 10.1 show the typical ow of an investment or
nancing transaction through the cycle. You will encounter scenarios
and business entities where the ow of transactions, names, types of
documents and application of internal controls differ from the ones
illustrated. Any investment or nancing system should, however,
address the risks faced in order to achieve the control objectives of
validity, accuracy and completeness of transactions and nancial
information relating to this cycle.
10.4 What could go wrong (risks) in the
cycle?
As in the other cycles, there are various risks of misstatement relating to
the investment and nancing cycle. Should a misstatement occur,
through fraud or error, and be material and remain uncorrected, the
nancial statements will not be fairly presented.
e risks of misstatement described below apply to the cycle.
10.4.1 Financial statement level risks

Due to management’s active involvement in respect of the transactions
in the investment and nancing cycle, both at initial recording and
subsequent adjustment, it is possible that they may use this as an
opportunity to engage in fraudulent actions, including fraudulent
nancial reporting.
Although risks are entity speci c, generally in this cycle,
management may have an incentive to overstate assets/investment
balances (existence and valuation) and understate liabilities/ nancing
balances (completeness and valuation).
CRITICAL THINKING
Overstating assets falsely re ects a nancially stronger entity as
a result of the inclusion of ctitious assets or expenses that do
not qualify as assets in terms of the applicable nancial
reporting standards.
Understating liabilities, through exclusion of nancial
obligations and related expenses, re ects a nancially stronger
company, as it leads to more favourable liquidity or solvency
ratios being reported in the Statement of Financial Position.
But what if the entity wishes to minimise its tax liability?

It then may understate its revenues and assets and overstate its
expenses and liabilities.
How do you think management may go about understating its
revenue or its assets?
(Guidance: Consider the entity’s accounting policies per IFRS.)
Due to the signi cance of many investment and nancing transactions

(e.g. acquisition of a manufacturing plant), management may also
override controls to enter into related party transactions, which are
not at arm’s length. In this regard, relevant Companies Act requirements
may not be applied where applicable (for example where transactions
are with a subsidiary of the company or with a party related to a
director), the relevant disclosure required in the annual nancial
statements may not be provided and the tax effects may not be
appropriately accounted for.
e inappropriate adoption and application of accounting standards,

for instance those in respect of assets or nancial instruments through
IAS 16 or IAS 32, IFRS 7 and/or IFRS 9, may lead to material errors in
recognition, initial or subsequent measurement and disclosure in the
entity’s nancial statements. is may arise as a result of:
• e complexity of the standard/s; or
• Intentional management manipulation, as there is the opportunity
through the relevant accounting standards to make an entity appear
nancially stronger.
Note: e above may also be a risk at assertion level with regard to

speci c transactions and balances.
ere is a possibility of invalid transactions (occurrence assertion) in
terms of overall non-compliance with the Companies Act and/or the
company’s Memorandum of Incorporation and lack of adequate
disclosure required in relation to the transactions.
Note: is may also be a risk at assertion level with regard to speci c
transactions and balances.
10.4.2 Assertion level risks

10.4.2.1 Investing activities
In addition to the overall nancial statement level risks, the following,
among others, may arise due to unintentionally inaccurate or
fraudulent nancial reporting with regard to investing activities and
may result in material misstatement in the nancial statements:
• Non-existent ( ctitious) assets or obsolete assets that are no longer
used are recorded in the statement of nancial position (which may
also overstate pro ts because a possible loss on the disposal of the
asset is not recorded).
• Management may manipulate asset values as IFRS requires
estimates of useful lives, residual values of assets, impairments and
revaluations, all of which are subjective. Management can thus make
an entity appear more pro table by overstating the asset value and
understating the related expenses.
• Inappropriate capitalisation of costs may occur when the amounts
should actually have been expensed, for example:
• Capitalisation of repairs and maintenance costs in relation to
tangible assets; and
• Capitalisation of research costs in respect of internally generated
intangible assets, owing to the complexity of the standard/criteria
for recognition (IAS 38).
• e entity may not have the rights to an asset that it has recorded:
• Where the rights may have been ceded, for example to a bank, as
security against a loan, but were not correctly recorded in the
nancial statements; or
• In complex arrangements/contracts, such as a trademark, patent
or licence.
• An asset (tangible or intangible) may have lost value owing to
various internal or external factors and needs to be impaired.
However, the necessary write-down may not be recorded or may be
recorded at a lower value.
• Accounting for complex nancial instrument investments may be
incorrect – nancial instrument investments may be not be
accounted for and may not be valued at correct fair values.
• Misappropriation risks may arise as a result of:
• Assets purchased through the entity for the personal use of an
employee/management; or
• eft of tangible assets (e.g. a laptop).
CRITICAL THINKING
How can the risk of misappropriation be reduced?
• By segregation of duties – Personnel requesting the
acquisition of an asset should not be involved in authorising
the purchase (i.e. management approval should be required),
or in the payment for the purchase. (The concept of
segregation of duties was addressed in Chapter 4.)
• By physical access controls – which will reduce the
opportunity for employees and others to steal the entity’s
assets.
Besides keeping these assets under lock and key, what other
forms of security controls could management implement to
keep these items safe?

In addition to the overall nancial statement level risks, the following
key risks may arise with regard to nancing activities:
• Failing to recognise all nancing liabilities at the reporting date;
• Understating the value of loans/debentures at the reporting date;
• Accounting for complex nancial instrument liabilities incorrectly:
Incorrectly classifying debt and equity in terms of the
• requirements of IFRS (with gains and losses incorrectly
recorded); and
• Fair values of liabilities incorrectly accounted for at the reporting
date; and
• Failing to account for accruals in relation to nancing expenses, such
as interest expenses and dividends declared.
10.5 What computer technologies are used

in the cycle?
e various documents and records applicable to the cycle discussed in
section 10.3.2 may involve the use and application of computer
technologies.
Some examples of such include the following:

• Maintaining the xed asset register entirely in electronic format; and
CRITICAL THINKING
How does maintaining the xed asset register entirely in
electronic format affect the recording
of depreciation?
Depreciation is then calculated and processed electronically
based on the relevant criteria per the electronic register, which
includes the depreciation method, and each asset’s useful life
and residual value. The resulting carrying values of the assets
will also be computed automatically, thus minimising
the risk of calculation/clerical errors.
What weaknesses in the computer system controls could

increase the risk of depreciation being calculated incorrectly?
(Guidance: Think about what you learnt in Chapter 5 with respect
to sound general controls and application controls.)
• Barcoding of plant and equipment.
CRITICAL THINKING
How is the barcoding of plant and equipment used by an
entity?
Each item of plant and equipment (e.g. every machine and
computer) is marked with a unique barcode which is then
recorded in the entity’s electronic xed asset register. When the
entity performs xed asset veri cations/counts on a regular
basis, the barcode system can then be used by scanning each
item that is physically on hand, thereby facilitating the
identi cation of items recorded in the xed asset register that
are not on hand for further investigation (they may have been
misappropriated).
10.6 What are the control objectives in the

cycle?
An entity faces various risks, some more signi cant than others, in the
investment and nancing cycle. Should an entity not be able to avoid
these risks, the transactions recorded in its accounting records may be
invalid, inaccurate or incomplete, leading to eventual misstatements in
its nancial statements.
Accordingly, management implements internal controls to ensure
that investment and nancing transactions are valid, and are
completely and accurately recorded and processed.
Validity, accuracy and completeness of investment information
comprise the control objectives that management strives to achieve to
address the major risks present in the cycle.
10.6.1.1 Investments
In respect of the movements in the non-current, intangible and
nancial instrument investment asset accounts:
• To ensure that investment transactions are valid, all assets and other
investment transactions should be genuine. In other words,
acquisitions, disposals and other fair value adjustments were
authorised in accordance with management’s policy. Moreover, all
the investment transactions that were recorded should have
occurred during the period (thus not be ctitious) and be supported
by sufficient documentation.
• To ensure that investment transactions are accurate, a transaction
should be recorded at the appropriate amount. An appropriate
amount implies that all transactions have been appropriately
measured in accordance with the relevant IFRS requirements (e.g.
depreciation, impairments and revaluations). e transaction
should also be correctly classi ed in terms of the entity’s chart of
accounts and correctly summarised and posted to the accounting
records.
• To ensure that investment transactions are complete, all investment
transactions that took place in a given period should have been
recorded in the accounting records in a timely manner. In other
words,
no authorised transaction that occurred should be omitted from the
entity’s accounting records.
CRITICAL THINKING
What do movements refer to?
Additions, disposals and revaluations, as well as related
investment revenues and expenditures (re ected in the
Statement of Comprehensive Income), such as investment
income, depreciation, amortisation, impairments, pro ts and
losses on disposal.
10.6.1.2 Financing
In respect of movements in the shareholders’ equity, reserve, loan and
debenture accounts:
• To ensure that nancing transactions are valid, all equity and
liability transactions should be genuine. In other words share issues,
dividends and loans received were authorised in accordance with
management’s policy and, if applicable, the requirements of the
Companies Act. Moreover, all nancing transactions that were
recorded should have occurred during the period (thus not be
ctitious) and be supported by sufficient documentation.
• To ensure that nancing transactions are accurate, a transaction
should be recorded at the appropriate amount. An appropriate
amount implies that all transactions (recorded issues and
repayments of equity and borrowings, related dividends and nance
charges) have been measured correctly in accordance with IFRS.
Recorded issues and repayments of equity and borrowings, related
dividends and nance charges should also have been correctly
classi ed in terms of the entity’s chart of accounts and correctly
summarised and posted to the accounting records.
• To ensure that nancing transactions are complete, all transactions
that took place in a given period should have been recorded in the
accounting records in a timely manner. In other words, no
authorised transaction that occurred should be omitted. Equity and
borrowing issues, repayments of capital amounts, and dividends
declared and nance charges during the reporting period should all
have been recorded.
CRITICAL THINKING
What do movements refer to?
Share issues and repurchases, loan advances and repayments,
as well as related expenditure such as nance costs (including
debenture costs) and dividends.
10.6.1.3 Consequences if the control objectives in the cycle

are not achieved
Table 10.1 describes the consequences if the control objectives are not
achieved.
Table 10.1: Consequences if the control objectives in the cycle are not
achieved
CONSEQUENCE IF CONTROL OBJECTIVE IS

CONTROL NOT ACHIEVED
OBJECTIVE
Investments Financing
OBJECTIVE
Validity Invalid purchases or Unauthorised

capitalisation of assets: nancing
overstatement of assets obtained:
(and accounts payable) overstatement of
due to ctitious or owner’s equity and
unauthorised asset liabilities.
purchases or invalid Invalid recording
development costs being of nancing-
capitalised (intangibles). related
Invalid recording of expenditure:
investment-related overstatement of
revenue and expenditure: expenditure and
overstatement of revenue liabilities.
and expenditure accounts.
OBJECTIVE
Accuracy Purchases or Inaccurate

capitalisation of assets recording of equity
recorded inaccurately: over and loan receipts
or understatement of or repayments:
assets. over or
Inaccurate recording of understatement of
related investment owner’s equity and
revenue and expenditure: liabilities (and
over or understatement of bank and cash
revenue account
and expenditure accounts. depending on
nature of the
misstatement).
Inaccurate
recording of
nancing-related
expenditure: over
or understatement
of expenditure
and/ or liabilities.
OBJECTIVE
Completeness Asset purchases or Incomplete equity

capitalised costs are and loan receipts
omitted from recording: or invalid
understatement of assets recording of loan
(and accounts payable) repayments:
due to unrecorded understatement of
purchases/capitalisations. liabilities and
Incomplete recording of owner’s equity.
related investment Incomplete
revenue and expenditure: recording of
understatement of nancing related
revenue and expenditure expenditure:
accounts. understatement of
expenditure
and/or liabilities.
10.6.2 Achievement of the control objectives in

the cycle
e control objectives in the cycle are achieved through the proper
implementation and operation of an information system, including an
accounting system and related internal controls, in an entity. Note that
the control objectives can be achieved either manually (a person
performs the internal control) or by automated means (a computer
performs the control).
10.6.3 Link between the control objectives in

the cycle and management’s assertions
Transactions that are not valid, accurate and complete (caused by the
control objectives not having been achieved) will result in investment
and nancing transactions (and related account balances) being
misstated in the accounting records, which will in turn result in the
nancial statements being misstated.
During a transaction’s journey through an entity’s information
system, it will be subject to numerous internal controls that help it
along the way to ensure that the control objectives are achieved. e
transaction will only reach its destination appropriately if it ends up in
the nancial statements in a manner that achieves the control
objectives. So, if management wishes to ensure proper nancial
recording (and fairly presented nancial statements), they need to
implement and maintain a proper information system, including an
accounting system and related internal controls. In this way, the
control objectives contribute to the appropriateness of the assertions
made by management in the nancial statements and will indirectly
result in the latter being free from material misstatement.
CYCLE CASE STUDY
Application of the assertions to Ntsimbi

Piping
The following assertions are made by the management of Ntsimbi
Piping, either implicitly or explicitly, as communicated to users of
Account balances
Refer to the Statement of Financial Position in the nancial
statements of Ntsimbi Piping (page 7). Note the line items
‘Property, plant and equipment’ (R43,169,987) and ‘Intangible
assets’ (R28,608).
• In relation to existence, property, plant, equipment and
computer software (the intangible asset) making up the
balances exist (i.e. the constituent assets are not ctitious).
• In relation to rights, Ntsimbi Piping holds or controls the
rights to the underlying assets making up the balances. They
do not belong to another entity. Furthermore, Ntsimbi Piping
is entitled to use the computer software. Also, any assets
pledged as security for obligations are identi ed at the
reporting date (motor vehicles and machinery, as indicated in
note 2 on page 15).
• In relation to accuracy, valuation and allocation, the
balances of R43,169,987 and R28,608 respectively are
considered appropriate amounts (e.g. the balances re ect
the appropriate value of
the underlying assets). Further, any adjustments to the value
or allocation of the underlying assets
have been recorded appropriately, and related disclosures
measured and described appropriately
(this includes accumulated depreciation and amortisation).
• In relation to completeness, all assets deemed property,
plant and equipment, and intangible assets, that are assets
of Ntsimbi Piping, have been recognised as such in the
nancial statements (notwithstanding the measurement
thereof, which is dealt with separately under the valuation
assertion), and all necessary disclosures that should have
been provided (such as a breakdown of the property, plant
and equipment, and intangible assets balances in the notes
to the nancial statements) have been made.
• In relation to classi cation, all property, plant and
equipment, and intangible assets have been classi ed
correctly in the proper accounts.
Also note the line items ‘Share capital’ (R100), ‘Retained
earnings’ (R37,157,694) and ‘Lease Liabilities’ (R1,395,944 ) in
the Statement of Financial Position (page 7).
• In relation to existence, the shares in issue, retained
earnings and the lease liabilities making up the non-current
liabilities exist (i.e. the constituent liabilities are not
ctitious).
• In relation to obligations, Ntsimbi Piping is the party liable for
making payments under the lease liabilities. It is not the
liability of another entity.
• In relation to accuracy, valuation and allocation, the
balances of R100, R37,157,694 and R1,395,944
respectively are considered appropriate amounts (e.g. the
balances re ect the appropriate value of the underlying
equity and liabilities). Further, any adjustments as to the
value or allocation of the underlying liabilities have been
recorded appropriately (e.g. the allocation of the current
portion of the long-term lease liability from non-current
liabilities to current liabilities), and related disclosures
measured and described appropriately.
• In relation to completeness, all equity and interest-bearing
borrowings that are equity and liabilities respectively of
Ntsimbi Piping have been recognised as such in the nancial
statements (notwithstanding the measurement thereof, which
is dealt with separately under the valuation assertion). and
all necessary disclosures that should have been provided
(such as a breakdown of the equity and lease liabilities
balances in the notes to the nancial statements) have been
made.
• In relation to classi cation, all shares in issue, retained
earnings and lease liabilities have been classi ed correctly in
the proper accounts.
Transactions and events

Refer to the Statement of Comprehensive Income in the nancial
statements of Ntsimbi Piping (page 8). Note the item ‘Finance
costs’ in the amount of R505,737 and the related note 16 (page
20). Also refer to the Statement of Cash Flows on page 10 and
note the items ‘Additions to property, plant and equipment’ (R
4,398,237), ‘Proceeds on disposal of property, plant and
equipment’ (R23,059) and ‘Repayment of lease liabilities’
(R1,582,214). Lastly, turn to the analysis of operating expenses
on page 26 and note the expenditure items ‘Depreciation and
amortisation’ (R2,164,533) and ‘Loss on disposal of property,
plant and equipment’ (R41,926). Refer to the Notes to the Annual
Financial Statements of Ntsimbi Piping – speci cally notes 2
(Property, plant and equipment), 3 (Intangible assets), 8 (Share
capital), 9 (Lease Liabilities), 14 (Operating pro t) and 16
(Finance costs).
• In relation to occurrence, transactions accounted for or
disclosed, relating to nance costs and depreciation
expenses, acquisitions and disposals of property, plant and
equipment and receipt and repayment of instalment sale
agreements to the values indicated above did in fact take
place (they occurred and are not ctitious) and also pertain
to Ntsimbi Piping.
• In relation to accuracy, the transactions making up the
various totals have been recorded at correct amounts (e.g.
depreciation was calculated correctly and the amortisation
table underlying the repayments on the instalment sale
agreement was drawn up correctly), and related disclosures
appropriately measured and described.
• In relation to completeness, all transactions making up the
various totals that took place during the nancial year and
which pertain to Ntsimbi Piping have been recorded and
included in the respective line items, and all related
disclosures which should have been included, have been
included.
• In relation to cut-off, all the transactions making up the
various totals took place within the nancial year (i.e. the
transactions concerned relate only to the period between the
rst and last day of the nancial year (inclusive of both
days)).
• Classi cation implies that all transactions making up the
various totals should indeed have been classi ed as the
respective items.
• In relation to the presentation assertion, all the nancial
information presented and described in the nancial
statements is relevant, having been appropriately presented
in terms of the nancial reporting framework, and has been
clearly expressed to avoid ambiguity. For instance, the
current portion of the lease liability has been transferred
from non-current liabilities to current liabilities, and vague
descriptions have been avoided.
e assertions for investment and nancing transactions and account

balances are linked to the control objectives in the cycle as shown in
Table 10.2.
Table 10.2: Assertions for investment and nancing transactions
Classes of transactions and Account balances

CONTROL events Investing and nancing Investing and
OBJECTIVE (Assertions are indicated in nancing
bold) (Assertions are
indicated in bold)
Validity Occurrence and Cut-off Existence and
A control achieving the Rights and
validity objective for a non- Obligations
current asset purchase or Transactions that
disposal, raising of a loan or pertain to the
repayment thereof, share entity were
issue (or related revenue or authorised and
expense created) will ensure actually took
that the recorded transaction place
was authorised, pertains to (occurrence) will
the entity, and actually took result in the

indicated in bold)
place between the entity and raising of a valid
a bona de third party non-current asset
(supplier/bank/shareholder), (existence and
supported by suf cient rights), equity
documentation (occurrence) account or
and further ensure that it liability that is
has been recorded in the approved,
nancial period to which the genuine and the
transaction relates (cut-off). obligation of the
entity (existence
and obligations).
Balances relate
to share, dividend
and loan
transactions that
comply with
statutory,
regulatory and
entity-speci c
requirements and
have been
properly
authorised
(existence and
obligations).
Accuracy Accuracy and Classi cation Accuracy,

Valuation and

OBJECTIVE nancing
(Assertions are indicated in
indicated in bold)
A control achieving the Allocation
accuracy objective for a non- A control
current asset purchase or achieving the
disposal, raising of a loan or accuracy
repayment thereof, share objective for the
issue (or related revenue or transactions
expense) will ensure that the making up a non-
transaction is recorded at current asset,
the correct amount, for equity or liability
example, correct account will
depreciation rates, share ensure that the
values or interest rates gross valuation is
(accuracy). It will further appropriate.
ensure the transaction has Furthermore, a
been correctly classi ed, control achieving
summarised and posted to the accuracy
the correct accounts in the objective for any
nancial records in transaction
accordance with its nature resulting in a
(classi cation). valuation or
allocation
adjustment to the
gross amount will
ensure that the
carrying amount
of the
asset/equity
account/liability

indicated in bold)
is correctly
measured
(accuracy,
valuation and
allocation).

indicated in bold)
A control achieving the A control
completeness objective for a achieving the
non-current asset purchase completeness
or disposal, raising of a loan objective will
or the repayment thereof, ensure that all
share issue (or related non-current
revenue or expense created) asset, equity or
will ensure that all liability
transactions that took place transactions that
are recorded in a timely took place are
manner. recorded in a
timely manner
and will ensure
that all non-
current asset,
equity or liability
balances
incorporate the
effects of all
related
transactions that
took place during
the reporting
period.
Note: Controls that achieve the control objectives of validity, accuracy
and completeness collectively contribute to management being able to
properly present both classes of transactions and events and the related
disclosures, and account balances and the related disclosures in the
nancial statements. Consequently, the Presentation assertion is not
included explicitly in the table above.
10.7 What are the controls in the cycle

(manual and computerised)?
As explained in section 10.3.1, in this cycle there are often non-
standard, non-routine internal controls, and thus record keeping,
processes and nancial reporting may differ substantially from entity to
entity. However, as with other business cycles, proper control activities
have to be implemented in the cycle to ensure that the entity achieves
its control objectives of validity, accuracy and completeness of nancial
information. Examples of these control objectives and control activities
are provided in Table 10.3.
Note: is is not a complete list of all the risks, functional areas and
required controls, but rather examples of some overall key risks and
controls that management may implement in order to address the risks
and control objectives.
Table 10.3: Possible risks and their related controls
KEY RISKS EXAMPLES OF CONTROLS TO

BE IMPLEMENTED
Financing activities
Issue (or repurchase) of shares • Speci c high-level

Invalid issues (or repurchases) of authorisation and approval
shares may occur (i.e. that are not are required for all share
BE IMPLEMENTED
in line with the requirements of issue or repurchase
the Companies Act, the decisions. This should be
Companies Regulations or the by way of resolutions of the
company’s Memorandum of board of directors.
Incorporation). • Before the resolution is
passed, speci c
consideration must be
given to the requirements
of the:
• Applicable statutory
requirements, such the
Companies Act, with
regard to share issues
or repurchases; and
• Company’s policies and
the Memorandum of
Incorporation, such as
the number
of authorised shares in
issue.
• The company’s company
secretary or legal
compliance department
should be responsible for
con rming that the above
requirements are satis ed.
• All statutory and
governance requirements
that have to be met for a
BE IMPLEMENTED
decision must be
adequately minuted.
Payment of dividends • Speci c high-level

Invalid dividends (i.e. that are not authorisation and approval
in line with the requirements of are required for all
the Companies Act, the dividends declared –
Companies Regulations or the authorised by the board of
company’s Memorandum of directors after considering
Incorporation) may be declared the solvency and liquidity of
and invalid and/or inaccurate the company, other
payments may be made. statutory requirements (per
the Companies Act), and
the company’s
Memorandum of
Incorporation. The minutes
must re ect the board
resolution and the fact that
these requirements were
considered and satis ed.
• A detailed securities
register must be
maintained by the company
and updated timeously for
any changes to the shares
in issue. The information in
the securities register
should then be used by the
accounting department to
calculate and process the
dividend transactions.
BE IMPLEMENTED
The necessary controls
over payments, as
addressed in Chapter 7
(the purchases and
payments cycle), should be
• in place with regard to the
dividend payments.
Raising/obtaining of a long-term • Decisions to initiate and

loan obtain nancing are
Invalid loan nancing may be processed by speci c
obtained by the entity. control activities which may
include, among others, the
following:
• Speci c high-level
authorisation and approval
are required for all
nancing decisions. This
should be by way of
resolutions of
management/board of
directors and evidenced in
the minutes of these
meetings.
• Before the resolution is
passed, speci c
consideration must be
given to:
• Statutory requirements,
such the Companies Act;
BE IMPLEMENTED
• The company’s policies
and the Memorandum of
Incorporation; and
• The projected cash
requirements of the
entity, as evident from
entity budgets and
necessary cash ow
forecasts. (Effective
controls should be in
place for the preparation
of these budgets and
forecasts.)
• Legal advice should be
obtained to consider the
implications for the entity
before concluding any
material agreement.
• Transactions involving long-
term loan nancing should
be properly initiated by
authorised individuals in
the entity.
• Properly signed agreements
should be entered into and
should include all relevant
terms and conditions.
Accounting for nance charges, • All calculations of nance

loan repayments and other charges and capital
adjustments repayments must be made
BE IMPLEMENTED
Invalid, incomplete and/or based on properly signed
inaccurate nance charges loan agreements that
and/or repayment transactions include all relevant terms
may be recorded and paid. and conditions.
• Quali ed personnel should
perform these calculations.
• Detailed calculation
schedules/amortisation
tables (e.g. for debentures)
must be prepared and
updated on a regular basis.
• These nance charge
calculations should be
checked by a second (more
senior) employee and the
calculation schedule
initialled as evidence of the
check.
• The necessary controls
over payments, as
addressed in Chapter 7
(the purchases and
payments cycle), should be
in place with regard to the
nance charge payments
and loan repayments made.
• If applicable, an internal
audit department should
perform regular reviews of
adherence to the above
BE IMPLEMENTED
controls and report to
management in this regard.
Investment activities
Acquisition of tangible assets • Adequate segregation of

(property, plant and equipment): duties is necessary – one
• Asset purchases may be invalid individual should not be
(e.g. for personnel’s personal responsible for initiating
use) and thus result in and approving a capital
unnecessary asset purchases asset purchase
or even fraud as a result of transaction.
non-legitimate payments being • Control activities for the
made. occurrence, accuracy and
• Investment decisions and completeness of asset
purchases may place nancial purchases and payments
strain on the entity and not be (such as for computer
in line with the entity’s budgets. equipment) are part of the
• The entity may pay too much for purchasing process
an item – the cost may not be covered in Chapter 7.
in line with reasonable market- • Large capital asset
related prices. purchases may be subject
• Once a tangible asset is on to speci c control activities
hand, it may be lost, stolen, in addition to this and may
damaged and therefore include, among others, the
inappropriately recorded in following:
the entity’s nancial records. • Speci c high-level
authorisation and
approval should be
obtained for non-current
asset purchases. This
BE IMPLEMENTED
could be by way of
resolutions of a xed
asset committee, a
steering committee, an
investment committee or
the board of directors.
These resolutions
should be minuted.
• Before these resolutions
are passed, due
consideration should be
given to the entity’s
policies (if applicable)
and the entity’s budgets
and cash ow forecasts
(e.g. is adequate funding
available to settle the
purchase
consideration?).
(Note: Effective controls
should be in place for the
preparation of these
budgets and forecasts.)
• Adequate controls over
the purchasing of items
should be in place, such
as obtaining multiple
quotes from preapproved
suppliers before entering
into a purchase
transaction.
BE IMPLEMENTED
All material tangible assets
should be physically
secured by security guards,
cameras and locks to avoid
theft of assets and loss to
•
the entity.
• A detailed xed asset
register should be kept (as
per section 10.5). On a
regular basis (possibly
monthly or semi-annually)
and at least once a year, a
physical count should be
performed and each
material asset in the
register should be
inspected and its condition
assessed for any indication
of impairment.
• Any items in the xed asset
register that were not
physically veri ed should be
investigated by
management and the
reasons thereof
ascertained.
• Plant, machinery and
vehicles should be serviced
on a regular basis in order
to maintain their
functionality.
BE IMPLEMENTED
Accounting for the use and change A detailed xed asset

in asset values master le should be kept
Assets may be incorrectly valued and continuously updated
through the invalid, inaccurate or (master le controls, as
incomplete recording of • addressed in Chapter 5,
depreciation, amortisation, will therefore apply). The
impairments and revaluations. master le should contain
depreciation methods,
rates, useful lives and
residual values so that
depreciation calculations
can be computerised
(calculated electronically
without human intervention
if possible). For this
purpose, sound general
controls and application
controls in respect of the
depreciation calculations,
as explained in Chapter 5,
are essential.
• Quali ed personnel (who
understand the
requirements of the
applicable accounting
standards and the asset
types) should calculate all
relevant estimates (e.g.
useful lives and residual
values).
BE IMPLEMENTED
Detailed
depreciation/amortisation
calculation schedules must
be prepared and kept up to
date.
• Material decisions with
regard to these
impairments or
revaluations should be
made by the relevant high-
level management
committee responsible,
based on all available
information.
• Where necessary, experts
should be contracted to
assist with the
determination of the
appropriate asset values
(i.e. for the revaluation and
impairment of assets).
• If applicable, an internal
audit department should
perform regular reviews in
the cycle, such as physical
asset
inspections/veri cations to
the xed asset register, and
report to management in
this regard.
10.8 Cycle illustration: The investment and
nancing cycle
at Ntsimbi Piping
You would have noticed that each of the preceding chapters that deals
with business cycles (Chapters 6–9) includes a section that illustrates
how the cycle is applied in Ntsimbi Piping. Due to the widely varied
nature of the investment and nancing cycle among different entities,
this chapter does not include such a section. Instead, the principles of
the cycle have been demonstrated throughout the preceding sections in
this chapter by using Ntsimbi Piping as an example.
For questions 1 to 3, question 5 and question 9, select the most
appropriate answer(s) from the options provided:
1. Which of the following transactions would not be classi ed as an
investing activity? (LO 1)
a) e disposal of a motor vehicle
b) e amortisation of a trademark
c) e receipt of interest revenue
d) e payment of nance charges
e) e receipt of dividend revenue
2. Which of the following transactions would be classi ed as a

nancing activity? (More than one answer
is possible.) (LO 1)
a) e purchase of raw materials
b) e repayment of an interest-bearing loan
c) e payment of a dividend to shareholders
d) e purchase of a motor vehicle
e) Issuing debentures
3. Which of the following account balances/totals would typically be

associated with nancing?
(More than one answer is possible.) (LO 2)
a) Share capital
b) Interest received
c) Intangible assets
d) Interest-free borrowings
e) Bank overdraft
f) Dividends expense
4. Brie y explain, using examples, why a thorough understanding of

the Companies Act is important when it comes to transactions
relating to the investment and nancing cycle. (LO 1, 3 & 4)
5. Which of the following source documents/records would typically

be associated with the acquisition of property, plant and
equipment? (More than one answer is possible.) (LO 3)
a) Signed loan agreement
b) Signed delivery note
c) Signed contract/purchase agreement
d) Fixed asset register
e) Minutes of directors’ meetings
f) Asset requisition
g) Supplier invoice
h) Bank deposit slip
6. List the potential risks of material misstatement in accounts

pertaining to the investment and nancing cycle for a company
that you believe wishes intentionally to minimise its income tax
liability. (LO 4)
7. What would be the advantages of having a xed asset register that is

computerised as opposed to one that is manually maintained? (LO
5)
8. State the control objectives that should be met when accounting for
the payment of nance charges on interest-bearing borrowings.
(LO 6)
9. Which control objective(s) is/are met through the following control

activity?
‘On a monthly basis the current period additions per the xed asset
register are compared to the property, plant and equipment budget
for the year by the nancial director, who then investigates any
signi cant differences.’ (More than one answer is possible.) (LO 7)
a) Disposals are complete
b) Additions are accurate
c) Additions are valid
d) Additions are complete
e) Depreciation is accurate
10. Describe a control activity that an entity could implement to
prevent the inaccurate recording of depreciation. (LO 8 & 9)
11. Describe a control activity that an entity could implement to detect

the incomplete recording of nance charges on interest-bearing
borrowings. (LO 8 & 9)
1 e contributions offered by Graeme O’Reilly to this chapter are gratefully acknowledged,

speci cally in relation to case study integration, and the contribution of certain features,
ow charts, and question content.
2 Times Live [Online]. Available: https://www.therep.co.za/2018/02/28/eskom-signs-r20-
billion-credit-facility-banks/
THE EXTERNAL AUDIT PART
PROCESS C
CHAPTER 11 Overview of the audit process

CHAPTER 12 Pre-engagement and planning
activities
CHAPTER 13 Audit procedures: Essential
concepts
CHAPTER 14 Audit procedures: Speci c
considerations
CHAPTER 15 Completion of the audit
CHAPTER 16 The independent review
Overview of the CHAPTER 11
audit process
Vincent Motholo
CHAPTER CONTENTS
Learning outcomes
Reference list
11.1 Introduction
11.2 What terminology is used by the auditor when performing an
audit?
11.4 What are the International Standards on Auditing (ISAs)?
11.5 How is the audit and audit evidence documented?
11.6 What are the stages in the audit process?
11.7 How do computerised environments impact on the audit
process?
11.8 Is there a link between the stages of the audit process and the
ISAs?
LEARNING OUTCOMES
1. De ne and explain the terms used in the audit of nancial

statements environment.
2. Describe the objectives of an audit of nancial statements.
3. Explain the importance of the International Standards on
Auditing.
4. Explain why it is necessary to keep audit documentation.
5. Describe the two characteristics that audit evidence should
possess.
6. Describe the factors that should be considered to determine if
audit evidence is sufficient and appropriate.
7. Explain what a risk-based audit approach means.
8. Name and describe the components of audit risk.
9. Describe the interrelationship between the components of audit
risk.
10. Identify and broadly describe the four stages in the audit process.
11. Explain the purpose of each of the stages in the audit process.
11. Explain why and how the auditor uses assertions in the audit
process.
12. Explain how nancial information processed by a computer
affects the auditor in obtaining audit evidence.
13. Brie y explain what computer-assisted audit techniques are.
REFERENCE LIST
International Federation of Accountants (IFAC). (Dec 2016). Handbook
of International Quality Control, Auditing, Review, Other Assurance, and
Related Services Pronouncements. Glossary of Terms. New York: IFAC.
2009) International Standard on Auditing (ISA) 200 Overall Objective of
the Independent Auditor and the Conduct of an Audit in Accordance
with International Standards on Auditing.
2009) International Standard on Auditing (ISA) 230 Audit
Documentation.
11.1 Introduction
is chapter brie y revises the objectives of an audit that were
introduced in Chapter 1 and then provides an overview of the audit
process, in other words the steps that the external auditor follows from
commencement until the completion of the audit engagement. e next
four chapters address each phase of the audit process individually and
in much greater detail.
11.2 What terminology is used by the

auditor when performing an audit?
e language or terminology used by the auditor includes terms that
are not necessarily used in everyday life. In order to gain an
understanding of auditing as a subject you will need to be familiar with
the auditor’s language. Certain important auditing terms, used in this
chapter and in the rest of the text, are listed below. e de nitions of
these terms are included in the IAASB Glossary of Terms contained in
the SAICA Handbook:
• Applicable nancial reporting framework;
• Accounting records;
• Appropriateness (of audit evidence);
• Auditor;
• Audit documentation;
• Audit evidence;
• Audit le;
• Audit risk;
• Detection risk;
• Experienced auditor;
• Financial statements;
• Historical nancial information;
• Management;
• Misstatements;
• Professional judgement;
• Professional scepticism;
• Reasonable assurance;
• Risk of material misstatement;
• Sufficiency (of audit evidence); and
• ose charged with governance.
Before reading further, study the meanings of the above terms in the
IAASB Glossary of Terms.

Shareholders of large public companies are ordinarily not involved in
the day-to-day operating activities of the company. Rather,
shareholders invest in the shares of a company and appoint full-time
managers to manage the company (invested capital) on their behalf. In
order to account for their stewardship of the shareholders’ capital
invested, the company’s management (directors), among other things,
prepare nancial statements in accordance with an applicable nancial
reporting framework.
Management have a vested interest when preparing the nancial
statements to make their performance appear as favourable as possible
to shareholders. Shareholders recognise this and therefore appoint an
independent auditor to ascertain and report on the fair presentation of
the nancial statements prepared by management. e purpose of an
audit is therefore to enhance the degree of con dence of intended users
in the nancial statements of an entity. In addition to shareholders, the
users of the nancial statements may include suppliers, banks,
government, customers, employees and trade unions.
e auditor conducts the audit of the nancial statements with the
following objectives in mind:
• To obtain reasonable assurance about whether the nancial
statements as a whole are free from material misstatement, whether
through fraud or error, thereby enabling the auditor to express an
opinion on whether the nancial statements are prepared in all
material respects in accordance with an applicable nancial
reporting framework; and
• To report on the nancial statements and communicate as required
by the ISAs in accordance with the auditor’s ndings. is reporting
includes:
• e expression of the auditor’s opinion about the nancial
statements in the form of a written auditor’s report (ISA 700); and
• e communication of signi cant ndings identi ed during an
audit (ISA 260) and signi cant de ciencies identi ed in the
internal controls (ISA 265) in a timely manner to management
and/or those charged with governance.
e auditor expresses the audit opinion with reasonable assurance,

which is a high level of assurance, but not with absolute assurance. e
auditor cannot obtain absolute assurance about fair presentation in the
nancial statements owing to the inherent limitations of an audit.
For further information on the objectives of the audit and the
inherent limitations thereof, refer to Chapter 1.
e speci c requirements that Registered Auditors (RAs) in South
Africa have to follow when conducting the audit are prescribed in the
International Standards on Auditing (ISAs).
11.4 What are the International Standards

on Auditing (ISAs)?
IFAC recognises that to facilitate an environment where credible
information can be provided to investors and other stakeholders,
internationally recognised standards, including auditing standards, are
essential. Accordingly, ISAs have been developed to enhance
consistency in auditing internationally.
e ISAs set the standards for the auditor as to how he or she should
conduct an audit, and are used in more than 130 countries. e
Independent Regulatory Board for Auditors (the IRBA), the regulator of
external auditing in South Africa, has adopted these standards as the
auditing standards that RAs must apply. Accordingly, all audits of
nancial statements of South African companies have to be conducted
in accordance with the ISAs.
Generally, each ISA contains the following:

• Introduction
e introduction provides the context for when the ISA should be
applied and the date the ISA becomes applicable (referred to as the
effective date).
• Objective
e objective of the ISA is explained and this provides guidance to
the auditor as to what the intention of the particular ISA is. If the
standard is applicable to the audit, the auditor must ensure that the
objective of the standard is achieved in the audit process.
• De nitions
e auditing terms used in the particular ISA are de ned. ese
terms can generally also be found in the IAASB Glossary of Terms
contained in the SAICA Handbook.
• Requirements
e requirements that the auditor has to meet when conducting an
audit in accordance with the ISAs are explained in the requirements
paragraphs. ese paragraphs set out the minimum procedures that
must be performed for an audit to be considered as having been
performed with due professional competence and care (as opposed
to negligently).
• Application and other explanatory material
e application material is denoted with the letter ‘A’ before the
paragraph number. It provides further information about the content
covered in the requirements paragraphs, and explains further the
more complex requirements or provides examples of how the
requirements can be satis ed during the audit.
Other explanatory material, such as guidance, examples and
diagrams, is provided in the form of appendices to the ISAs.
A proper understanding of how each ISA is constructed will facilitate

the reader’s understanding of the requirements of each of these
standards.
11.5 How is the audit and audit evidence

documented?
In order to demonstrate compliance with the ISAs when conducting an
audit, the auditor is required to prepare and retain sufficient and
appropriate audit documentation. Audit documentation is presented in
the form of working papers (sometimes called work papers) and is kept
in an audit le (in either hard copy or electronic format).
Audit documentation should never be viewed as a substitute for the
client entity’s accounting records. e entity’s accounting records have
to be the primary source of information about the entity’s transactions
and resulting account balances.
e auditor must prepare the audit documentation in a timely manner

as this:
• Enhances the quality of the audit (as it serves as evidence of the
manner in which the audit was conducted and the work can be
checked independently to determine whether it satis es the
requirements of the ISAs); and
• Facilitates the effective review and evaluation of the audit evidence
gathered and the conclusions reached. e auditor will consider all
this documented information in determining the appropriate audit
opinion to be expressed on the nancial statements.
e audit documentation should be presented in such a way that an
experienced auditor, having no previous connection with the audit,
understands the reason behind the audit procedures performed, the
results of the audit procedures performed and audit evidence obtained,
any signi cant matters arising from the audit and the conclusion
reached. It is important to note that oral explanation by the auditor does
not provide reasonable support of audit evidence obtained and
conclusions reached. Accordingly, all audit work performed, and the
ndings thereof, must be documented.
e audit le has to be assembled within 60 days after the date of the
auditor’s report. e auditing rm then has to retain the audit le for a
period of at least ve years after the date of the auditor’s report.
e audit le (whether in hard copy or electronic format) contains
various sections, each dealing with a particular aspect of the audit
process and audit work performed.
Let’s look at the section of the audit le that contains the working
papers relating to Ntsimbi Piping’s property, plant and equipment
(PPE). As is the case with all sections that contain working papers that
relate to a speci c item in the Statement of Comprehensive Income,
Statements of Financial Position or Notes to the Annual Financial
Statements, the rst working paper in the section is the PPE lead
schedule. e purpose of this schedule is to provide the link between
the audit work performed on PPE and the PPE-related totals and
balances in the nancial statements (see pages lxi–lvii of the Ntsimbi
Piping case study at the beginning of the text).
Turn back to the extracts from the trial balance of Ntsimbi Piping on
pages lviii–lxii. You will notice that the general ledger account numbers
on the lead schedule are the same as those in the trial balance. Also
look at note 2 on page 15 of the nancial statements of Ntsimbi Piping
and note how the various items in the note tie up to the lead schedule.
e detailed audit working papers that document the audit
procedures performed on PPE are led behind the lead schedule in the
audit le. Each working paper must contain at least the name of the
person who prepared it, the date on which it was prepared, the name of
the person who reviewed it and the date of the review.
An example of how the auditor documents in a working paper the
audit work performed to con rm the accuracy of the depreciation on
the machinery purchased is below.
11.5.1 Characteristics of audit evidence

e audit documentation contains audit evidence. e audit evidence
contained in the audit documentation has to be sufficient and
appropriate. Sufficiency is the measure of quantity (i.e. ‘how much’),
whereas appropriateness is the measure of quality (i.e. relevance and
reliability).
11.5.1.1 Sufficiency
is aspect focuses on the amount of audit evidence that has to be
obtained about a particular assertion.
Using the example contained in the working paper above on the
accuracy of depreciation, if the auditor only recalculated the
depreciation amount without con rming the underlying elements used
in the depreciation calculation (i.e. cost of machinery and depreciation
rate), this will not be considered sufficient audit evidence. In order for
the auditor to obtain sufficient audit evidence about the accuracy of
depreciation, the auditor will have to obtain evidence about all the
components used in the depreciation calculation as demonstrated in
the example of a working paper shown above.
11.5.1.2 Appropriateness
is aspect focuses on the relevance and reliability of the audit evidence
gathered.
Say, for instance, the auditor wants to obtain audit evidence about
the existence of debtors. e auditor will rst obtain permission from
the audit client’s management to send a request for con rmation to the
debtors (in auditing terminology, this is called circularising the
debtors). Once permission has been obtained, the auditor will send
con rmation letters to debtors requesting that they con rm the balance
owing.
e con rmations returned by the debtors will provide audit
evidence that the debtors exist. However, it will provide no evidence
that the debtors balance is complete. e con rmations are therefore
considered to be relevant audit evidence for the existence assertion as
it relates to debtors, but not for the completeness assertion.
e con rmations returned by the debtors will provide evidence
from parties external to the entity (the debtors themselves) that the
debtors exist. e con rmations will be considered more reliable audit
evidence than the internally prepared invoices and statements issued to
debtors by the entity, or a statement by management regarding the
existence of debtors (called a written representation and discussed in
Chapter 14), which could be manipulated or even fraudulently issued
by management.
Once sufficient appropriate audit evidence has been obtained and
documented to reduce audit risk to an acceptably low level, the auditor
will be able to conclude the audit and issue the audit opinion.
11.6 What are the stages in the audit

process?
e audit process has four stages, namely (1) pre-engagement activities;
(2) planning; (3) obtaining audit evidence; and (4) evaluation,
conclusion and reporting. Each of these phases will be introduced to
you in this part of the chapter.
11.6.1 What are pre-engagement activities?

As the name suggests, these activities are performed before the
engagement commences. ere is little point commencing with the
audit unless the auditor is satis ed that it is appropriate to do so. Pre-
engagement activities essentially require the auditor to consider the
following four questions before starting with the audit:
1. Does he or she want to do the audit? (Or, if he or she has done the
audit previously: Does he or she still want to do the audit?)
2. Can he or she (still) do the audit?
3. Are there any ethical reasons why he or she should not (still)
perform the audit?
4. Are there any statutory reasons why he or she should not (still)
perform the audit?
Having considered these questions, and should the auditor wish to
accept the audit engagement, he or she will have to agree on the terms
of the engagement with the entity’s management, and document these
(in writing) in an engagement letter. is letter becomes the contract
between these two parties.
ree ISAs that prescribe requirements relating to pre-engagement
activities are ISA 210 Agreeing the terms of audit engagements, ISA 220
Quality control for an audit of nancial statements, speci cally
paragraphs 12 to 13 and A8 to A9, and ISA 300 Planning an audit of
nancial statements, speci cally paragraph 6. (Refer to Chapter 12 for a
detailed discussion.)
11.6.2 What are planning activities?

Once the auditor has completed his or her pre-engagement activities
and has decided to proceed with the audit, the auditor will have to start
preparing for the audit. Decisions have to be made around many things
pertaining to the audit (e.g. what procedures have to be performed and
who will perform them).
ere is very little that we do as human beings (let alone as
accountants and auditors) that is unplanned. If you were to take a
holiday, would you simply get into your car and drive off into the sunset
for two weeks without any predeliberation? Wouldn’t you plan your trip
rst? A few of the considerations you are likely to work through would
• Where are you going?
• How are you going to get there?
• How much will it cost you and how will you pay for it?
• What are you going to do when you get there?
• What do you have to do before you leave?
e audit process is no different. e auditor has an end objective in

mind – the expression of an opinion regarding the fair presentation of
the annual nancial statements – and he or she has to decide how to get
to the point where he or she is able to express that opinion with
sufficient con dence that it is true. Audit planning activities provide the
auditor with this direction.
ere are many bene ts associated with planning an audit instead of

diving straight into the audit evidence-gathering phase. ese bene ts
include helping the auditor to:
1. Make decisions regarding what audit work has to be done;
2. Focus on important/risky elements;
3. Identify potential problems in advance so that appropriate
solutions can be sought in time;
4. Manage the engagement in such a way that it represents an
efficient use of time and resources;
5. Select the appropriate team (with appropriate levels of experience
and expertise); and
6. Establish time frames within which work has to be completed and
reviewed so that reporting or communication deadlines can be
met.
11.6.2.1 A high level overview of pre-engagement and

planning activities
Typically, the planning activities of an audit can be broken down into a
series of phases or stages. ese are summarised in Figure 11.1.
Figure 11.1: The pre-engagement and planning activities
ese phases are interlinked and are completed in a set order.
Step 1: Make the decision whether the auditor is going to conduct

the audit or not
ere is no point doing anything else until this decision is made. Should
the auditor choose not to take on the audit (or continue with the audit,
assuming that he or she had been the auditor in the previous year), then
no further time should be spent. However, should the auditor choose to
take on (or continue with) the audit for the current year, the auditor
must agree on the terms of the engagement with the client’s
management in writing, after which he or she can start with the process
of preparing to do the audit and move on to step 2.
Step 2: Fully understand the entity about to be audited

An auditor who does not fully understand the entity he or she is going to
audit will not be capable of designing appropriate or efficient audit
procedures to obtain the evidence necessary to support his or her
opinion on the nancial statements. is is a critical starting point to
the rest of the planning process and the remaining steps cannot be
properly completed if the auditor does not fully understand the entity.
e auditor will need to obtain information about the following aspects

of the entity:
• e industry in which the entity operates and what laws or
regulations govern or regulate it;
• What the entity actually does:
• What does it provide or sell?
• To whom does it provide its services or sell its products?
• For what purpose does it purchase its inventory?
• How does it nance its operations?
• How is it staffed and what are the reporting hierarchies?
• How does it process its nancial information?
• What are the signi cant account balances in its general ledger?
• What accounting policies the entity adopted and follows;
• What the entity’s business strategies are and whether there are
related business risks; and
• How the entity measures its nancial performance.
CRITICAL THINKING
Would an auditor be able to design ef cient audit procedures
necessary to audit an entity’s inventory balance at the end of
the reporting period if he or she did not understand the nature
of the inventory – where it is stored, how it is stored, who is
responsible for it, what control activities are in place around it
and the potential for misstatement.
The auditor would not!
Step 3: Having obtained the required understanding of the entity,
assess the degree to which the nancial statements may
contain material misstatements
ere will always be a risk that the auditor expresses an opinion that is
inappropriate. One possibility is that the auditor concludes that the
nancial statements are not fairly presented when in fact they are. is
risk is not a major concern as discussions between the client and the
auditor prior to nalising the auditor’s report will normally resolve the
wrong opinion being expressed.
e other possibility is that the auditor concludes that the nancial
statements are fairly presented when in fact they are not (i.e. when they
contain material misstatements). is is known as audit risk, and is a
major concern to the auditor. erefore, the auditor has to focus on the
management of this risk by reducing it to acceptable levels.
To reduce audit risk to acceptable levels, the auditor rst has to
evaluate the potential for there to be material misstatements in the
nancial statements. e bigger the potential for material
misstatements is, the more the auditor needs to do to reduce to
acceptably low levels the risk that he or she fails to detect these
misstatements. However, should the auditor evaluate the potential for
misstatement to be low, then this will result in the auditor needing to do
relatively less audit work to be satis ed that there are no material
misstatements in the nancial statements.
In determining the risk (potential) that the nancial statements
contain material misstatements, the auditor has to draw on his or her
understanding of the entity (including its internal controls) and the
environment in which it operates. is illustrates the vital importance of
the auditor understanding the entity, and the vital importance of the
auditor assessing the degree to which its nancial statements contain
material misstatements. It has a fundamental impact on the manner in
which the audit is approached.
WHAT What if the auditor believes there is a greater

IF? possibility than normal that the nancial statements
contain material misstatements? How do you think he
or she should respond to this? Would he or she want:
• To obtain more audit evidence than usual?
• More experienced staff on the audit?
• The audit team to be more sceptical than normal
when evaluating evidence presented by
management of the entity?
• Have experienced audit staff more involved in the
planning, supervision and review of the audit work?
Your answer to all these questions should have been a

resounding ‘Yes!’ because all four responses would
result in a greater likelihood of the auditor detecting
material misstatements in the nancial statements if
they exist.
e auditor therefore does not afford an equal measure of focus to all

components of the nancial statements when planning and conducting
the audit. Rather, he or she follows a risk-based approach to auditing.
is implies that the auditor’s assessment of the level of risk of
misstatements (based on the auditor’s understanding of the entity)
directs his or her audit focus. Risk assessment, including the concept of
audit risk, is discussed in detail in Chapter 12 and accordingly only a
brief introduction is presented in this section.
In summary:
• Audit risk is the risk that the auditor expresses an inappropriate
audit opinion when the nancial statements are materially
misstated. Audit risk is the function of (1) the risks of material
misstatement, and (2) detection risk.
• Risks of material misstatement are the risks that the nancial
statements contain material misstatements prior to the audit. is
consists of two components, described as follows at the assertion
level:
• Inherent risk is the susceptibility of an assertion about a class of
transaction, account balance or disclosure to a misstatement that
could be material, either individually or when aggregated with
other misstatements, before consideration of any related controls.
• Control risk is the risk that a misstatement that could occur in an
assertion about a class of transaction, account balance or
disclosure and that could be material, either individually or when
aggregated with other misstatements, will not be prevented, or
detected and corrected, on a timely basis by the entity’s internal
control.
• e auditor is required to identify and assess the risks of material
misstatement in the nancial statements during the planning phase
of an audit, using the understanding of the entity and its
environment, including the entity’s internal control, that the auditor
has gained.
• Detection risk is the risk that speci c audit procedures1 performed
by the auditor will not detect a material misstatement.
• Having assessed the risks of material misstatement (inherent and
control risks), the auditor is required to conduct (substantive) audit
procedures to reduce detection risk to a level that results in an
acceptably low level of audit risk.
Step 4: Develop a response to reduce the identi ed risks to

acceptable levels
Having understood the entity and identi ed and assessed the risks of
material misstatement in the nancial statements, it is time for the
auditor to decide on his or her responses to the risks in order to reduce
audit risk to an acceptably low level.
ese responses essentially become the manner in which the audit
will be conducted and the detailed set of audit procedures that the
auditor will perform.
Step 5: Determine the levels of misstatement acceptable to the
auditor
Once the responses to risks have been determined, the next step is to
quantify a level of misstatement that the auditor believes would be
acceptable to the users of the nancial statement information.
erefore, it becomes necessary to quantify a level of misstatement
below which the auditor believes it would be unlikely to in uence any
decisions taken by users of the nancial statements. e audit can then
be planned and conducted in a manner that ensures that misstatements
above this level are detected.
is level of acceptable misstatement (referred to as materiality in
this text) has a direct impact on how much audit work the auditor has to
perform. e lower the materiality gure is, the more audit work an
auditor is likely to have to perform before he or she is satis ed that
misstatements do not exceed the materiality gure. Conversely, the
higher the materiality gure is, the less audit work is required for the
auditor to be satis ed that there are no misstatements that exceed the
materiality gure.
Attending to the logistics

Although not a separate ‘step’ as such, the auditor also has to attend to
the logistical arrangements related to the execution of the planned
responses to risk of material misstatement, as well as to other matters
pertaining to the overall administration of the audit.
ese arrangements form part of the planning phase of the audit and
would ordinarily include considerations such as:
• Determining staffing requirements;
• Determining time frames within which, and by when, work needs to
be completed and reviewed;
• Setting deadlines for reporting deliverables; and
• Setting time budgets for the work involved and negotiating the
resultant fees with the entity’s management.
11.6.3 Obtaining audit evidence
Once the audit has been planned appropriately, the auditor has to
obtain sufficient appropriate audit evidence by performing audit
procedures in order to maintain audit risk at an acceptably low level.
Obtaining audit evidence is the third stage of the audit process.
e audit procedures performed by the auditor would have been
initially formulated as part of the planning stage when determining the
appropriate responses to the assessed risks to reduce audit risk to a low
level. ese involve tests of controls and substantive procedures.
However, as audit evidence is gathered, a revision of the risk assessment
may become necessary, and accordingly the audit procedures may have
to be performed in response thereto. (Refer to Chapters 13 and 14 for a
detailed discussion.)
11.6.3.1 Tests of controls

Controls for each of the business cycles are designed and implemented
by management to ensure that their control objectives are achieved. If
these control objectives are indeed achieved, management are well
placed to make assertions in the nancial statements (refer to section
4.4.2.4 in Chapter 4 for details of the relationship between control
objectives and assertions).
As a result of this relationship between control objectives and the
assertions in the nancial statements, testing the internal controls
implemented by management will assist the auditor (albeit indirectly)
to express an audit opinion on the assertions that management makes
in the nancial statement.
Tests of controls are audit procedures performed to test the
operating effectiveness of controls in the control environment and
business cycles. e objective of a test of controls is to determine
whether the particular control worked properly throughout the period
under review or not.
An example of a test of controls is as follows: if an entity performs bank

reconciliations on a monthly basis, the control in which the auditor will
be interested is the review of the reconciliation by a senior manager
(evidenced by his or her signature). e test of controls that will be
performed by the auditor in this regard would be:
• Inspecting a randomly selected sample of bank reconciliations for
the signature of the senior manager as proof of his or her review; and
• Reperforming a sample of the bank reconciliations signed by the
senior manager – to obtain evidence on whether his or her signature
means anything (i.e. did the manager review the reconciliations
before signing?).
11.6.3.2 Substantive procedures

Substantive procedures are performed by the auditor to verify directly
management’s assertions about the classes of transactions, account
balances and disclosures in the nancial statements. e objective of a
substantive procedure is to determine whether the amount and/or
disclosure of a class of transactions or events, or account balances, is
correct or not.
An example of a substantive procedure is as follows: the auditor
selects monthly transactions of water and electricity expenses
(amounts) from the general ledger account and traces the amounts to
the actual invoices to con rm the accuracy of the entries in the account
(which is later used to derive the expense amount included in the
nancial statements).
e difference between tests of controls and substantive procedures can

be summarised as follows:
• Tests of controls: Audit evidence is obtained to evaluate whether the
internal control implemented by management has achieved its control
objective (i.e. has the control worked as intended or not), in order to
provide indirect evidence about the assertions in the nancial
statements.
• Substantive procedures: Audit evidence is obtained to verify
directly that the amount or disclosure in the nancial statements is
free from material misstatement (ignoring internal controls).
11.6.4 Evaluating, concluding and reporting
Once the auditor has obtained audit evidence, the auditor has to
evaluate the audit evidence, conclude thereon and report. Evaluation of
audit evidence includes evaluating the sufficiency and appropriateness
of the evidence gathered, any misstatements identi ed, subsequent
events and the applicability of the going concern assumption used in
the preparation of the nancial statements. Evaluating, concluding and
reporting is the fourth and nal stage of the audit process. (Refer to
Chapter 15 for a detailed discussion.)
During this stage of the audit process, the auditor achieves his or her
primary objective, which is to report on whether the auditee’s nancial
statements are presented fairly in accordance with the applicable
nancial reporting framework. e process followed by the auditor
during this nal stage of the audit process is demonstrated in Figure
11.2.
Figure 11.2: Final stage of audit process
In summary: e stages of the audit process described in this section

are summarised and demonstrated in Figure 11.3. e diagram is used
throughout Chapters 12 to 15 as a roadmap to indicate where in the
audit process each chapter ts in.
Figure 11.3: Overview of the audit process
11.7 How do computerised environments

impact on the audit process?
Most client entities today prepare their nancial statements using
accounting software packages. e auditee’s accounting process
typically involves transactions initially being captured (either manually
or electronically) onto the accounting package and then the package
processes the data input by generating relevant journal entries, the
general ledger, subsidiary ledgers, the trial balance and ultimately the
nancial statements. e accounting software packages are designed in
such a way that they are pre-programmed to process journals based on
the source document captured, using a pre-set-up chart of accounts.
As a result of the use of accounting software packages for generating
the nancial statements that are subject to audit, the auditor has to
consider the impact of the computerised environment on the audit
process. However, the objectives of an audit and the four stages of the
audit process, as discussed above, are the same in manual and
computerised environments.
e existence of the computer environment does have a potentially

signi cant in uence on the details of the stages of the audit process as
follows:
• Pre-engagement activities
Prior to accepting the audit engagement, the auditor has to consider
the existence of a computerised environment and the complexity
thereof. is will in uence the auditor’s consideration of his or her
professional competence to conduct the audit with proper care, and
speci cally the need for an information technology (IT) specialist
(expert), and the availability thereof. If the auditor concludes that the
IT specialist is required, but he or she is not available when the audit
has to be conducted, the audit should not be accepted.
• Planning
During the planning stage of the audit process, the auditor has to
consider the in uence of the computerised environment when
identifying and assessing the risk of material misstatement (i.e.
inherent and control risks). Suitable audit procedures should be
formulated to respond to the assessed risks, which may include
testing the computer controls implemented by the management of
the auditee. Refer to Chapter 5 for details on IT controls.
• Obtaining audit evidence
In obtaining sufficient appropriate audit evidence, the auditor may
consider the use of computer-assisted audit techniques (CAATs)
when the auditee maintains nancial information electronically.
CAATs are audit procedures performed by using software to gather
audit evidence in a computerised environment when it is impractical
or inefficient to obtain audit evidence manually. CAATs can be used
to perform both tests of controls and substantive procedures. In
order to obtain evidence about the effectiveness of the computerised
control environment and control activities, the auditor uses system-
orientated CAATs. Data-orientated CAATs are used to perform
mainly substantive procedures. Say, for instance, the auditor wants
to identify whether each employee uses a unique username and
password to access the accounting system (in order to test the
effectiveness of access controls – i.e. a test of controls), the auditor
will use system-orientated CAATs. However, if the auditor wants to
compare the total sales from month to month to identify signi cant
movements that may result in misstatements (a substantive
procedure), the auditor will use data-orientated CAATs. Refer to
Chapter 14 for further information on CAATs.
• Evaluation, conclusion and reporting
As a result of the nature of this stage of the audit process, the
existence of the computer environment does not affect the
evaluation, conclusion and reporting stage to a signi cant extent.
11.8 Is there a link between the stages of
the audit process and the ISAs?
Table 11.1 below provides details of the audit process, the ISAs
applicable to each stage and the chapter number where each stage is
covered in detail.
Table 11.1: Link between the audit process and ISAs
STAGES AND STEPS OF CHAPTER

ISA REFERENCES
THE AUDIT PROCESS REFERENCE
1. Pre-engagement activities
1.1 Consider whether ISQC 1, ISA 210, ISA Chapter 12

there are any ethical 220, ISA 300
or statutory reasons
not to accept the
audit engagement
1.2 Determine ISA 220, ISA 300 Chapter 12

requirements for
skills, competence
and resources
1.3 Determine terms of ISA 210, ISA 300 Chapter 12

engagement and
prepare engagement
letter
2. Planning activities
ISA REFERENCES
2.1 Understanding the ISA 250, ISA 300, ISA Chapter 12

entity 315
Understand the
entity and its
environment,
including the entity’s
internal control
2.2 Risk assessment ISA 240, ISA 250, ISA Chapter 12

Identify and assess 300, ISA 315
the risks of material
misstatement
2.3 Response to risk ISA 300, ISA 330, ISA Chapter 12

Determine the 240, ISA 250
responses to
assessed risks to
reduce the risks
identi ed to an
acceptable level
2.4 Setting materiality ISA 300, ISA 320 Chapter 12

Determine
materiality and
performance
materiality
3. Performing further audit procedures
3.1 Tests of controls ISA 330, ISA 500, ISA Chapter 13

530
ISA REFERENCES
3.2 Substantive ISA 330, ISA 500, ISA Chapter 13

procedures 501, ISA 505, ISA 510, and 14
ISA 520, ISA 530, ISA
540, ISA 550, ISA 580,
ISA 600, ISA 610, ISA
620, SAAPS 4, SAAPS 6
4. Evaluating, concluding and reporting
4.1 Evaluate nancial ISA 450, ISA 550, ISA Chapter 15

information and 560, ISA 570, ISA 700
audit evidence
obtained
4.2 Conclude and ISA 700, ISA 705 Chapter 15

formulate audit opinion
4.3 Prepare and issue ISA 700, ISA 701, ISA Chapter 15
the auditor’s report 705, ISA 706, ISA 710,
ISA 720, SAAPS 2,
SAAPS 3
1. Risk of material misstatement comprises which of the following
components of risk? (Only one answer
is possible.) (LO 1 & 8)
a) Inherent, control and detection risk
b) Inherent, control and signi cant risk
c) Inherent, detection and signi cant risk
d) Inherent and control risk
2. Audit risk comprises which of the following components of risk?

(Only one answer is possible.) (LO 1 & 8)
a) Inherent, control and detection risk
b) Inherent, control and signi cant risk
c) Inherent, detection and signi cant risk
d) Inherent and control risk
3. What is the importance of the ISAs? (LO 3)

a) To allow the auditor to obtain sufficient appropriate audit
evidence in determining whether or not the nancial
statements are fairly presented
b) To allow the auditor to evaluate the misstatements identi ed
during an audit and to conclude and report to the members of
an entity
c) To facilitate an environment where credible information can
be provided to investors and other stakeholders in order to
enhance consistency in auditing internationally
d) To ensure that the nancial statements are prepared using the
applicable nancial reporting framework
4. System-orientated CAATS can be used by the auditor in obtaining

audit evidence in which of the following circumstances? (More
than one answer is possible.) (Linked to LO 14)
a) To con rm the debtors balance at year-end with the debtors
i.e. to perform a debtors circularisation
b) To test the computer controls surrounding the preparation of
the nancial statements
c) To verify physically the existence of assets at year-end
d) All of the above
5. If the client maintains its nancial records on a computer, which
one of the following will be the most appropriate audit procedure
to identify trade debtors who have made purchases in excess of
their credit limit? (More than one answer is possible.) (LO 13)
a) Data-oriented CAATS
b) Enquiry of management
c) System-orientated CAATS
d) a) and c)

6. One of the objectives of an audit is to obtain absolute assurance on
whether the nancial statements are free from material
misstatements owing to fraud or error. (LO 2)
7. Audit documentation may be in physical or electronic format. (LO

5)
8. Sufficient appropriate audit evidence enables the auditor to reach a

conclusion on whether the nancial statements are fairly
presented. (LO 5)
9. Risk-based audit approach refers to the auditor not focusing on all

components of the nancial statements, but only on those that the
auditor considers to contain risks that may cause the nancial
statements to be materially misstated. (LO 7)
10. e audit process comprises four stages, namely: Performing risk

assessment procedures, Planning, Obtaining audit evidence and
evaluation, Conclusion and reporting. (LO 10)
11. e auditor will perform pre-engagement activities only on new

audit engagements. (LO 10)
12. State, and brie y explain, each of the stages of the audit process.
(LO 11)
13. What does ‘sufficient appropriate audit evidence’ mean? (LO 6)
14. Why is it necessary for the auditor to document the evidence

obtained during an audit? (LO 4)
15. De ne inherent risk, control risk and detection risk and describe
the relationship between them in
the context of an audit of nancial statements. (LO 9)
16. State, with reasons, which assertion(s) will be applicable when the
auditor sends out an external con rmation to debtors to con rm
their balances at year-end. (LO 12)
1 ese are called ‘substantive procedures’ and are discussed in detail in Chapters 13 and 14.
Pre-engagement and CHAPTER 12
planning activities
Graeme O’Reilly
CHAPTER CONTENTS
Learning outcomes
Reference list
12.1 Introduction
12.2 How does the auditor perform pre-engagement activities?
12.3 How are the terms of the engagement documented?
12.4 How does the auditor obtain an understanding of the entity?
12.5 How does the auditor assess the risk of material misstatement?
12.6 How can the auditor respond to identified risks of material misstatement?
LEARNING OUTCOMES
1. Explain the terms ‘overall audit strategy’, ‘audit approach’ and ‘audit plan’ and describe
the differences between them.
2. Describe the quality control requirements pertaining to the engagement acceptance
process.
3. Describe and apply the matters that an auditor considers in deciding on whether or not to
accept or retain an audit engagement.
4. Describe the contents of a basic engagement letter.
5. Describe the importance of obtaining a thorough understanding of the entity, including
an understanding of its internal control, when planning an audit.
6. Describe the information that has to be obtained when understanding an entity, and how
to obtain it.
7. Explain the primary difference between audit risk and business risk.
8. Explain and apply the audit risk model (inherent, control and detection risk).
9. Identify and assess risk of material misstatement at both financial statement level and
account balance/class of transactions level.
10. Explain what a significant risk is and describe how the auditor should respond to such a
risk.
11. Explain the need to consider going concern as part of the audit planning process, and
how to identify risks of material misstatement relating to the going concern basis of
accounting being inappropriately applied.
12. Explain the need to consider the risk of material misstatement arising from fraud, and
how to identify such risks.
13. Explain when risks of material misstatement are such that substantive procedures alone
would not provide sufficient appropriate audit evidence to address them, and how the
auditor should respond to such risks.
14. Explain how to respond to risk of material misstatement at financial statement level.
15. Explain how to respond to risk of material misstatement at account balance/class of
transactions level by assertion.
16. Explain and apply the concepts of ‘nature, timing and extent’ of planned responses to
risk of material misstatement.
17. Explain what the difference is between a combined and a substantive audit approach.
18. Explain what materiality, performance materiality, and clearly trivial levels are, and how
these are used in an audit.
19. Calculate, with reasons, materiality and performance materiality.
20. Explain the administrative/logistical aspects associated with conducting an audit.
REFERENCE LIST
International Auditing and Assurance Standards Board (IAASB) (Dec 2009) International
Standard on Quality Control 1 Quality Control for Firms that Perform Audits and Reviews of
Financial Statements, and Other Assurance and Related Services Engagements.
Standard on Auditing (ISA) 210 Agreeing the Terms of Audit Engagements.
Standard on Auditing (ISA) 220 Quality Control for an Audit of Financial Statements.
Standard on Auditing (ISA) 240 The Auditor’s Responsibilities Relating to Fraud in an Audit
of Financial Statements (Specifically Paragraphs 1 to 30 and Related Application and Other
Explanatory Material).
Standard on Auditing (ISA) 300 Planning an Audit of Financial Statements.
Standard on Auditing (ISA) 315 (Revised) Identifying and Assessing the Risks of Material
Misstatement through Understanding the Entity and its Environment.
Standard on Auditing (ISA) 320 Materiality in Planning and Performing an Audit.
Standard on Auditing (ISA) 330 The Auditor’s Responses to Assessed Risks.
Standard on Auditing (ISA) 570 (Revised) Going Concern.
IN THE NEWS
Steinhoff International Holdings NV (Steinhoff)
In December 2017, Steinhoff triggered the biggest corporate scandal that South African
has ever seen. On 6 December, shortly before they were due to release their 2017 audited
financial statements, Steinhoff issued a press release admitting to ‘accounting
irregularities’ and delaying the release of these financial statements. This was followed by
the immediate resignation of Marcus Jooste, the company’s CEO. Steinhoff appointed
PwC to head up an internal investigation into the irregularities.
Shortly after this, Steinhoff issued a further press release warning shareholders that
they should not rely on the 2016 audited financial statements and also that the 2015 (and
possibly even the years before that) annual financial statements might need to be re-stated.
Steinhoff is one of the best-known companies in South Africa, and, prior to the
scandal, was one of the top ten companies on the JSE by market capitalisation. In the
month following the 6 December 2017 announcement, Steinhoff’s share price fell by 90%,
wiping out R180 billion in market capitalisation.
Steinhoff is a complex organisation. It has its headquarters in South Africa; its parent
company is registered in the Netherlands; and it is listed on the Frankfurt stock exchange.
It also has a secondary listing on the JSE. Steinhoff was Europe’s second-largest furniture
retailer after IKEA. It employed over 130 000 staff and operated almost 12 000 outlets
across over 30 different countries. The Steinhoff stable has over 40 different brands
including in South Africa the likes of Pep, Tekkie Town, Russells, HiFi Corp, Incredible
Connection, and Hertz car rental. In the first 9 months of 2017 (unaudited results), the
group generated R242 billion in revenue, mostly from Europe (52%) but then also from
Africa (27%), the United States (15%) and Australasia (6%). More than 50% of its assets
are reported to be intangible.
It is not completely clear at the time of writing what the exact nature of the
irregularities are but there are reports that suggest the use of undisclosed off-balance sheet
vehicles (that are controlled by associates and former Steinhoff executives) to inflate
profits and conceal losses.
REFLECTION
The external auditors of Steinhoff had apparently already red-flagged the irregularities in
the Steinhoff group. Can you imagine the depth of knowledge that would have been
required to fully understand the Steinhoff group structures?
The group auditors would need to have considered:
• The intricacies involving the over 40 different brands (12 000 different outlets!) and
their corporate structure in relation to the group;
• The impact of the differing tax and business legislation from over 30 different
countries on the trading operations of this group; and
• The structures and complexities around the acquisition and financing of the spate of
acquisitions that took place between 2014 and 2016.
It would have been important for the group auditors to understand fully these aspects of
the company and its subsidiaries so that they could properly assess any risk of material
misstatement arising therefrom and design audit responses that were appropriate to reduce
the risk of their expressing an inappropriate audit opinion on the company’s consolidated
annual financial statements.
This chapter focuses on the processes that all Registered Auditors in South Africa are
required to follow, when performing the pre-engagement and planning activities for
entities that they audit.
12.1 Introduction
With reference to the Steinhoff example provided above, it should be clear that with a
company like Steinhoff, the auditor would need to have spent considerable time and effort
preparing to audit this entity.
The registered auditor first, however, needs to give serious consideration to whether or not
he or she is willing to conduct this audit (or continue to conduct it), prior to accepting it for the
current year. An auditor is under no obligation to perform, or to continue to perform, an audit
for an entity – agreeing to perform the audit is a conscious choice that the auditor makes.
Having decided that he or she is willing (and able) to conduct the audit, the auditor then
needs to apply his or her mind to how he or she intends to do this. The auditor needs to
understand sufficiently the entity he or she is about to audit so that he or she can identify and
assess potential risks of material misstatement. The auditor can then design appropriate audit
procedures to gather the necessary evidence to mitigate these assessed risks. This then enables
the auditor to support his or her conclusions regarding the fair presentation of the entity’s
annual financial statements.
This chapter provides an in-depth look at the pre-engagement and planning activities that
an auditor has to perform. In Chapter 11, you were introduced to the diagram shown in Figure
12.1 below. The two areas highlighted are the areas covered in this chapter.
Figure 12.1: The audit process
12.1.1 The concepts of overall audit strategy, audit plan and audit
approach
As with any aspect of the auditor’s work, it is important that the decisions and findings of the
auditor are suitably documented. Planning any audit engagement requires the creation of two
main documents to record the planning process. Both of these documents are explained in
more detail in ISA 300, the standard dealing with planning an audit of financial statements.
Firstly, the overall audit strategy needs to be decided on and properly formulated. This
typically establishes and documents in broad and general terms (the big picture):
1. The scope of the audit (what has to be done);
2. The timing of the audit (by when it needs to be done); and
3. The direction of the audit (how it is going to be done).
These high-level considerations set out in the overall audit strategy then guide the development
of the second document, the audit plan, which establishes the nature (what), timing (when) and
the extent (how much) of the audit procedures necessary to:
• Assess the risk in the audit engagement (risk assessment procedures);
• Respond to the identified and assessed risk (sometimes also referred to as the audit
approach); and
• Comply with any other requirements of the ISA.
CRITICAL THINKING
Can you think of any specific planning considerations that might arise out of other
requirements arising from the ISA? Here are a few examples, but perhaps you can think
of more.
• ISA 600 – the use of component auditors. This would require upfront planning in
terms of their identification and appointment, as well as correspondence that would be
necessary to clarify the scope of their engagement.
• ISA 620 – the use of an auditor’s expert. Like for component auditors, choices would
need to be made upfront regarding their selection, appointment, and the scope of work
to be undertaken.
• ISA 501 – specific considerations for selected items. Decisions regarding the physical
counting of inventory, or dealing with consignment inventory, would need to be made
upfront during the planning process.
The audit plan is therefore the detailed execution of the overall audit strategy and consists of a
list of detailed procedures to be performed by the audit team.
The overall audit strategy can be combined with the audit plan to create one planning
document that records the auditor’s understanding of the entity, identification of risks of
material misstatement, planned responses to identified risks, setting of materiality and
performance materiality levels, and the logistical arrangements pertaining to the audit, all of
which are discussed in detail in this chapter.
REFLECTION
The audit planning process can be likened to any major decision we might take in our
lives. Say, for example, you wanted to go on an overseas holiday. It is very unlikely that
you would just arrive at the airport one day and take it from there. Wouldn’t you plan your
holiday first?
You would need to first determine the ‘scope’ of your holiday: Where do you want to
go? What do you want to do there? For how long will be staying?
You would then need to start considering the ‘timing’ of the activities that will need to
be performed to enable this holiday to happen: By when do you need to arrange your
flights and accommodation? When do you need to apply for your visa to ensure you get it
issued in time?
You would be likely to have a very detailed list of things that needed to be done for the
holiday to be a success.
These three aspects could be likened to the audit strategy – establishing the big picture
in terms of what we need to do, by when it needs to be done, and how we aim to tackle it.
From there, we would move into the more detailed planning process for our overseas
holiday. Included in these activities would be our ‘risk assessment procedures’ which
might include things like the weather conditions (might influence when we travel?),
medical considerations (do we need vaccinations or do we need to organise certain
medication to take with us?), language issues (how are we going to communicate if we
can’t speak the local language?), obtaining currency (are we able to readily access cash in
our planned destination?), and many others.
From there we would develop detailed responses address these risks (i.e. to reduce
them to acceptable levels) and ensure that we have an amazing holiday – our ‘audit
approach’.
Before we get too wrapped up in the planning process, it is important that we first turn our
attention to the initial decision that the auditor has to make regarding the audit engagement
(made well before having to perform the planning activities) – is the auditor prepared to accept
(if a first-time engagement), or continue with (if a continuing engagement), the engagement?
Only once the auditor decides to perform the audit, would he or she then start to perform the
planning activities.
12.2 How does the auditor perform pre-engagement

activities?
In this section, we focus on the highlighted area in Figure 12.2.
Prior to considering activities to be undertaken by the auditor during this phase, it is important
to ensure that the:
1. Auditor is eligible to act as the registered auditor of the entity; and
2. Relevant statutory requirements surrounding the appointment (or reappointment) of the
auditor have been complied with.
These statutory aspects concerning the appointment of the auditor are prescribed by the
Companies Act 71 of 2008 and the Auditing Profession Act 26 of 2005 and have been covered
in depth in Chapter 3.
If you cannot remember these, it may be a good idea to revise them before continuing with
this chapter.
Once the statutory aspects relating to the appointment have been complied with, there are
several auditing standards, a standard on quality control, and even the SAICA/IRBA Codes of
Professional Conduct (COPCs), that all then provide guidance as to what the auditor should do
when performing pre-engagement activities.
12.2.1 Requirements
Let us now explore the various requirements pertaining to the pre-engagement phase of the
audit set out in the ISAs as well as in ISQC 1 (the International Standard on Quality Control 1)
and the COPCs.
12.2.1.1 ISA 210 (Agreeing the terms of audit engagements)

This Standard prohibits an auditor from accepting an audit engagement (unless required to by
law) where:
• Management impose a limitation on the scope of the auditor’s work such that the auditor
believes he or she will be unable to express an opinion on the annual financial statements;
or
• The preconditions for an audit as set out in paragraph 6(b) of the Standard are not present.
CRITICAL THINKING
What are these preconditions for an audit?
• The financial reporting framework to be applied in the preparation of the financial
statements must be acceptable. Without an acceptable framework, management does
not have an appropriate basis for the preparation of the financial statements, nor does
the auditor have suitable criteria for auditing the financial statements.
• Management must agree that it acknowledges and understands its responsibility with
regard to the following:
• The preparation of the financial statements in accordance with the relevant financial
reporting framework;
• The implementation of such internal control as they deem necessary to enable them
to prepare financial statements that are free from material misstatement; and
• That they will provide the auditor with access to all information relevant to the
preparation of the financial statements, any additional information that the auditor
may request for purposes of the audit, and unrestricted access to persons in the
entity from whom the auditor may determine it to be necessary to obtain audit
evidence.
CRITICAL THINKING
What is an acceptable financial reporting framework?
• In South Africa, legislation or regulation often prescribes the financial reporting
framework to be used by an entity in preparing its financial statements. In such cases,
the prescribed framework will ordinarily constitute an acceptable framework.
• The Companies Regulations 2011, and more specifically, regulation 27, prescribes the
financial reporting standards that companies must use when preparing financial
statements. Public companies are required to prepare their financial statements using
International Financial Reporting Standards (IFRS), while private companies have to
use either IFRS or IFRS for SMEs. In the public sector, the use of Generally
Recognised Accounting Practice (GRAP) is frequently prescribed.
• For more information on what constitutes an acceptable financial reporting framework,
read SAAPS 2 (Revised) on financial reporting frameworks and the auditor’s report.
Once the auditor is satisfied that he or she is not prohibited from conducting the audit in terms
of the ISA 210 requirements, he or she is then guided by ISQC 1 and ISA 220 (Quality control
for an audit of financial statements) on the appropriateness and sufficiency of procedures that
need to be performed regarding the acceptance (or continuance, in cases of existing audit
engagements) of the engagement.
CRITICAL THINKING
What is the difference between ISQC 1 and ISA 220 – they both deal with quality
control? Why have both standards?
ISQC 1 provides guidance in terms of firm-wide quality control considerations. These
requirements would therefore apply to, or affect, all engagements (i.e. audit as well as
other non-audit engagements, such as independent reviews and compilations) conducted
by the auditing firm.
ISA 220 provides guidance with regard to the conducting of an individual audit
engagement.
Both standards are therefore equally important when it comes to quality control, as the
auditing firm in general needs to comply with ISQC1 and then individual audit
engagement partners in that firm also need to comply with ISA 220 for the specific
engagements for which they are responsible.
12.2.1.2 ISQC 1
This standard requires that the auditing firm must establish policies and procedures regarding
engagement acceptance that provide reasonable assurance that it will only undertake
engagements where the auditing firm:
1. Is competent to perform the engagement and has the capability to do so (including time
and resources);
2. Can comply with relevant ethical requirements; and
3. Has considered the integrity of the client and does not have reason to doubt this integrity.
12.2.1.3 ISA 220

ISA 220 then specifically refers to the client acceptance procedures that need to be followed in
respect of specific engagements and that must be in accordance with those set out by ISQC 1.
It reiterates the importance of the audit engagement partner considering the following:
• The integrity of owners and key management;
• Whether the engagement team is competent to perform the engagement (has the necessary
capabilities); and
• Whether the firm can comply with the relevant ethical requirements.
ISA 220 further suggests that significant matters that have arisen during the current or past
engagements should be considered in terms of their implications for the acceptance or
continuance of the current engagement.
CRITICAL THINKING
ISQC 1 and ISA 220 both refer to the auditor having to ensure that the auditing firm can
comply with relevant ethical requirements. What are these requirements?
The ethical responsibilities of the auditor were explored in depth in Chapter 2. You should
recall the need for an almost continuous consideration of whether there are any significant
threats to any of the fundamental principles in the Code of Professional Conduct and, if
so, the need to safeguard them adequately.
Do you remember the five fundamental principles? If not, it may be a good idea to
revisit briefly Chapter 2 at this point.
Obviously, when considering whether an auditor should accept an audit engagement,
the auditor must consider whether or not this engagement will present any significant
threat to any of the fundamental principles, because if it does and he or she is unable to
safeguard adequately against those threats, then the auditor should not accept the
engagement.
12.2.1.4 ISA 300 (Planning an audit of financial statements)

This standard includes a requirement to conduct preliminary engagement activities as part of
the planning process and requires the auditor to undertake the following activities prior to the
acceptance of any engagement:
• Performing the procedures set out by ISA 220 regarding engagement acceptance (as set out
above);
• Evaluating compliance with ethical requirements (including independence specifically) as
required by ISA 220; and
• Establishing the terms of the engagement.
In addition to these activities, ISA 300 also requires that for initial engagements only (where
the auditor has not been involved in the previous audit of that entity), the auditor needs to
communicate with the previous (outgoing) auditor to establish whether or not there are any
ethical reasons why the new auditor should not accept the engagement. This communication
process is governed by the Codes of Professional Conduct and is discussed in detail in section
2.6.3.2. of Chapter 2.
CRITICAL THINKING
What are some reasons that a previous auditor may give to an incoming auditor as to why
he or she should possibly not accept the engagement?
• The outgoing auditor has been dismissed for not supporting the management of the
entity in its desire to manipulate the entity’s financial statements.
• There are unresolved uncertainties regarding management integrity.
• There are unresolved uncertainties regarding identified or possible fraud at the entity.
12.2.2 Application in practice

When considering the ISA and other requirements regarding pre-engagement activities in the
previous section, while they certainly provide high-level direction as to what the auditor has to
do during pre-engagement activities, they are not presented in a practical, easy-to-follow
format.
These preceding requirements can be reduced to four basic questions concerning an
auditor’s acceptance of an engagement. Each question in turn has several factors that play a
role in determining the answer to that question.
At the outset it is important to remember that the auditor is under no obligation to accept
the engagement.
Question 1: Is the auditor legally able to do the audit?

This first question is fairly fundamental to the decision to take on the audit and needs to be
answered as a ‘Yes’ before proceeding to the remaining questions. When answering this
question, the auditor should consider the following:
1. Have the statutory requirements concerning the auditor’s appointment been complied
with?
Is the auditor eligible to conduct audits in terms of the Auditing Profession Act and the
Companies Act; and has the entity (and the auditor) fully complied with all the
Companies Act requirements regarding the removal of the outgoing auditor (if
appropriate) and the appointment of the auditor as the incoming auditor? These statutory
aspects are discussed in detail in Chapter 3.
2. Is the auditor satisfied that he or she is not prohibited from doing the audit in terms of the
ISA 210 requirements?
You will have seen from the requirements above that the auditor is prohibited from
accepting the audit engagement if the preconditions for an audit have not been met or if
there is a significant scope limitation (that may result in the auditor disclaiming their
opinion on the financial statements). Clearly, should either of these situations be present,
the auditor should not accept the engagement.
Question 2: Does the auditor want to do the audit?

Assuming that the auditor is not prohibited from accepting the engagement, or continuing with
the engagement, the auditor will then need to consider whether they actually want to be the
auditor of this particular entity:
1. Does the auditor want to be associated with this industry?

Is the auditor happy to be known as an auditor of companies in this particular industry?
There are several industries that an auditing firm may think twice about before being
linked to, such as the gambling, tobacco, or pornography/sex industries. What about
entities with strong political or religious affiliations? Assuming a company in one of these
industries requires an audit, does the auditor really want to be associated with this audit?
What about his or her other audit clients and how these clients may react should they
discover that their auditor is involved in auditing this particular industry?
2. Does the auditor want to be associated with the owners or management of the entity?
Is the auditor happy to be linked to the senior individuals associated with that entity?
Individuals who have previously been in the spotlight for potential infringements of
legislation or fraud may not be the kind of people with whom the auditor wishes to be
seen to be associating. The last thing the auditor wants is to be drawn into litigation or the
press as ‘the auditor of Mr X’ when Mr X has just been arrested for tax evasion.
REFLECTION
KPMG South Africa resigned as auditors and advisors in April 2016 to the Oakbay Group
of entities. Their last sign-off as auditors was in respect of the February 2015 year-end.
The Oakbay Group is owned by the infamous Gupta family. With the amount of negative
press associated with the Gupta family, is it any surprise that KPMG chose to end their
association with this group of companies?
Interestingly, the banking industry did likewise, with the major South African banks all
closing any Gupta-linked bank accounts, also in order to avoid any negative press
associated with these individuals.
3. What is the nature of the client-auditor relationship likely to be?

How supportive is the client of the audit process and how helpful are they likely to be
when it comes to providing assistance or information to the audit team? Clients who do
not want the auditor there or who are not willing to assist the auditor where necessary are
not clients that any auditor may wish to become involved with. Difficult relationships like
this will cost time (and therefore money) and may also compromise the quality and scope
of the evidence to be obtained by the auditor. It may be better not to accept the
engagement in the first place.
4. Are there any significant risks of material misstatement that the auditor may be aware of
at this early stage?
Recognising that the auditor has not yet performed any detailed procedures to understand
fully the entity and its industry, it is important for the auditor to perform at least a
preliminary review of the entity’s financial position and obtain at least a high-level
understanding of the company and its industry before making the decision whether to
accept the engagement. ISQC 1 refers to the auditing firm needing to obtain ‘such
information as it considers necessary in the circumstances’ before accepting an
engagement. ISA 220 requires that the auditor consider any ‘significant matters that have
arisen during the current or previous audit engagement’. If the auditor identifies a
situation where there may be significant risk of material misstatement, it may be
appropriate not to accept the engagement, particularly where he or she feels that he or she
may not be able to reduce the risk of material misstatement to acceptably low levels. An
example of this is a situation where the auditor identifies that the company may not be a
viable going concern and the resultant risk of expressing an inappropriate opinion (and the
related potential for litigation against him or her) is perhaps too high.
5. Would taking on the engagement be a sound business decision?
Like any business, the auditor seeks to make a reasonable profit out of the audit
engagement. He or she has staff to pay and operating expenses to cover. The auditor
would therefore want to consider the extent to which the client is likely to reimburse the
audit firm for their time (will the audit fee be sufficient to cover the amount of time it
would take to complete the audit and does the audit fee meet or exceed the audit budget?),
is able to settle the audit fee, and also is able to settle the amounts due to the firm on a
timely basis. He or she would also want to consider whether there would be any
associated costs of taking on the engagement (such as any specific additional training
needs for his or her staff, or the appropriateness of his or her audit software in relation to
the possible interrogation of client databases). This decision becomes particularly relevant
where a potential new engagement is in an industry with which the auditor is unfamiliar,
or where the engagement entity utilises accounting software that the auditor has not
worked with before.
Question 3: Can the auditor perform the audit?

Having considered question 2, the auditor has now made a decision about whether he or she
wants to take on the engagement or not. Should he or she want to take on the engagement, then
he or she will need to consider the third question: Is he or she capable of performing the audit?
Answering this question requires consideration of the following aspects:

1. Does the auditor have the necessary expertise?
The auditor needs to consider whether his or her auditing firm employs staff (or has
access to other people, such as experts) with the necessary technical knowledge to be able
to perform the required audit procedures. This technical knowledge could include:
a) Knowledge about the industry;
b) Knowledge about regulations or legislation governing the entity that is likely to have
an effect on the entity’s financial statements; and
c) Knowledge about the information systems that the entity uses to process its
transactions.
CRITICAL THINKING
Can any auditor conduct the audit of a listed financial institution?
The audit of a listed financial institution (a bank, for example) requires specialist
knowledge, including:
• Knowledge of the JSE Listing Requirements;
• Knowledge of the Banks Act; and
• Knowledge of sophisticated information systems (a bank’s systems are highly
computerised and very complex).
Accordingly, the ability to audit such an entity is restricted, for example, to RAs
accredited by the JSE in terms of the JSE Listings Requirements (refer to Chapter 3 for
more information around the requirements to audit entities listed on the JSE).
2. Does the auditor have staff members available when they will be required?
The time frame during which the audit needs to be conducted and by when the final
opinion of the financial statements is required are important considerations for the auditor.
Will he or she have the required number of staff (at the required levels of expertise) to be
able to assign appropriate staff to the engagement when they will be required? It would be
inappropriate to accept an engagement that has to be performed during the busiest period
for that auditing firm if all staff are likely to be already allocated to other engagements.
3. Does the auditor have resources other than staff available to conduct the audit?
The auditor needs to consider the availability of any specific resources other than staff
that may be required (such as audit software to interrogate entity databases or industry-
specific experts). If the auditor requires these additional resources and they are not
available, he or she should not accept the engagement.
Question 4: Are there any ethical reasons why the auditor should not accept the engagement?
Having established that the auditor wants to do the audit (question 2) and that he or she is
capable of doing it (questions 1 and 3), the fourth question now requires that the auditor
consider whether there are any ethical reasons why he or she should not accept the
engagement.
The IRBA and SAICA Codes of Professional Conduct require auditors to consider whether
there may be any significant threats to any of the five fundamental principles contained in the
Codes when making their decisions regarding the acceptance of an audit.
WHAT What if the financial director of the potential audit client is the cousin of one of
the members of the audit team?
IF?
ISA 300 requires that the auditor give specific consideration to independence
when considering the ethical requirements surrounding the acceptance of an
audit engagement. Would these circumstances present a threat to the objectivity
of the audit team? Have a look at Chapter 2 again if you are not sure.
To be able to answer this question, the auditor thus needs to consider the engagement in the
light of any potential threats to these principles. Should the auditor identify a potential threat to
any of the fundamental principles, he or she needs to consider whether this threat is significant,
and if so, whether or not it can be adequately safeguarded before accepting the engagement.
Remember that ISA 300 also requires that where the engagement is a new engagement, the
incoming auditor must contact the outgoing auditor to enquire as to whether or not there are
any professional (including ethical) reasons why he or she should possibly not take on the
engagement. If, during this phase, a significant threat to any of the five fundamental principles
is identified that cannot be adequately safeguarded by the auditor, then the engagement should
not be accepted.
Working paper A1 below demonstrates how the pre-engagement considerations are

documented in the audit file of the 20X1 Ntsimbi Piping audit.
AUDIT WORKING PAPER
Client:
Ntsimbi
Ref: A1
Piping (Pty)
Ltd
Financial
year-end: 31 Reviewed
December by:_______________________________________
20X1
Prepared by:
Date
Audit
reviewed:______________________________________
manager
Date: 20 April
20X1
Subject: Pre-
engagement
considerations
checklist prior
to re-
acceptance of
the audit
Objective of this working paper

To enable the auditing firm to reach a decision on whether or not this
engagement should be continued for the 20X1 financial year.
Consideration Finding Comments (if necessary)
Do we still want to perform the engagement?
Have the preconditions for an Yes The accounting framework is

audit been met? still appropriate and
management have
acknowledged their
responsibilities in the
engagement letter (Refer A35).
Is there a material and pervasive No None identified historically and

scope limitation that may result given the lack of major changes
in a disclaimer of opinion? within the company in the
current year, none are expected.
Are we still happy to be Yes No major changes expected in

associated with this industry current year.
(consider any new lines of
business entered into during the
current year)?
Are we still happy to be Yes Based on our prior dealings with

associated with the owners and this company, we have no
management of this entity reason to doubt the integrity of
(consider any changes in anyone in senior management.
composition)? A new MD (Mr B Arnott) was
appointed on 1 January 20X1.
Mr Arnott has been employed in
a senior capacity in the company
for many years and we have no
reason to doubt his integrity.
Do we believe that the client Yes Based on prior experience.

will support and assist us during
the performance of our
procedures?
Are there any significant risks No A preliminary planning meeting
of material misstatement that we was held with the client in April
are aware of that may cause us 20X1 (Refer A20). No
to reconsider our re-acceptance significant risks were identified
of the engagement (consider any from this meeting. Furthermore,
going concern problems in no significant concerns were
particular)? noted surrounding the going
concern ability of the company.
Will the engagement represent a Yes In the prior year, we recovered

sound business decision from 92% of our time spent and this is
our side (consider any necessary considered to be acceptable.
outlays from our side and There are no reasons to believe
consider the degree to which we that this recovery rate will
are likely to recover time spent worsen in the current year.
on this engagement)? Furthermore, Ntsimbi Piping
have always settled our invoices
promptly when presented for
payment.
Are we still able to perform this engagement?
Do we still have (or have access Yes No significant technology or

to) the necessary technical industry changes that we are
expertise to perform this aware of. Industry expertise is
engagement (consider stable from our side as the audit
significant changes in the partner and manager remain
business in the current year in unchanged.
particular)?
Do we have the necessary Yes Required staff at appropriate

numbers and levels of staff levels have already been
available (at the times they are identified and scheduled on the
needed) to complete this planning board in accordance
engagement within the required with the preliminary deadlines
client deadlines? indicated by Ntsimbi Piping at
our preliminary planning
meeting (Refer A20).
Do we have access to any other Yes Historically we have made use

resources that may be necessary of other auditing firms in Africa
to perform this engagement? to perform inventory checks at
year-end. We have no reason to
believe that this will be different
in the current year.
Are there any ethical reasons why we should not re-accept this engagement?
Are there any significant threats No All staff have completed ethics
to any of the fundamental declarations in respect of this
principles and if so, can they be engagement and no threats to
adequately safeguarded? any of the principles were
identified. (Refer A19).
Are there any statutory reasons why we should not re-accept this engagement?
Has our continued appointment Yes The major shareholders

been approved by the indicated at the 20X0 AGM that
shareholders at the company’s they would like us to continue as
AGM, or do we have assurance Registered Auditors of Ntsimbi
that they intend to do so? Piping for the 20X1 financial
year.
Are there any statutory reasons No None identified. No change in

why we should not re-accept appointment of auditors.
this engagement?
Conclusion
Based on the above considerations and the related findings, there are no
reasons why we should not continue with this engagement. The engagement is
therefore to be re-accepted for the 20X1 financial year.
12.3 How are the terms of the engagement

documented?
Having worked through the four questions discussed in the preceding section of this chapter
and having decided that he or she is willing and able to accept the engagement, the auditor then
has to reach an agreement with management as to the terms under which the audit will be
conducted. This agreement should be reduced to writing in an audit engagement letter
(sometimes simply called an engagement letter) before the audit commences.
12.3.1 Importance of documenting the terms

The engagement letter is the contract between the auditor and the auditee. Should the auditee’s
management believe that the auditor did not meet his or her responsibilities, as specified in the
engagement letter, in performing the audit engagement, the auditee can commence with civil
proceedings against the auditor on the basis of a breach of contract. Therefore, from the
perspective of the auditor managing legal liability exposures, it is important that the auditor’s
responsibilities are clearly and correctly documented in the engagement letter.
Moreover, by documenting the agreed terms of the audit engagement, the potential for
misunderstanding on the part of both the auditor and the entity’s management is greatly
reduced. There should be no uncertainty around the responsibilities with regard to the
preparation of the financial statements, nor the audit thereof. It would clearly not be desirable
to have a situation where management believe the auditor is responsible for something while
the auditor believes that management are responsible for that same thing.
Also, if the auditee’s management are not satisfied with their responsibilities, it is better for
the auditor to know this upfront, and then to determine whether it is still possible to undertake
the audit. If this is not possible, the auditor should then simply decline to accept the audit
engagement. Do you recall earlier mention of management’s need to agree to certain
responsibilities as one of the pre-conditions to an audit? The engagement letter is where these
responsibilities are documented and formally acknowledged by management.
12.3.2 Contents of the engagement letter

ISA 210 (Agreeing the terms of audit engagements) prescribes the contents of the audit
engagement letter and requires that the following aspects be agreed on and documented in this
letter:
1. The objective and scope of the audit of the financial statements;
2. The responsibilities of the auditor;
3. The responsibilities of management;
4. The identification of the applicable financial reporting framework; and
5. The expected form and content of any reports to be issued by the auditor.
FURTHER READING
Take a few minutes to read through the example of an audit engagement letter contained
in Appendix 1 to ISA 210. Note how it complies with the five aspects mentioned above.
12.4 How does the auditor obtain an understanding

of the entity?
Having made the decision to accept the audit engagement, and having reached agreement with
management of the entity as to the terms of the engagement, the auditor is now ready to
commence with the second phase of the audit, which involves the planning activities. This
phase is the area highlighted in Figure 12.3 below and is the focus of the remainder of this
chapter.
This phase starts with obtaining the necessary understanding of the entity.
REFLECTION
None of the remaining phases of planning can be properly completed if the auditor does
not have a comprehensive understanding of the entity he or she is about to audit:
• The auditor cannot identify the risks of material misstatement in the financial
statements.
• The auditor cannot design audit procedures to respond to identified risk of material
misstatement.
• The auditor cannot set appropriate levels of materiality.
• The auditor cannot assign appropriate levels and numbers of audit staff (at the right
locations).
12.4.1 Aspects of the entity to be understood

ISA 315 (Identifying and assessing the risks of material misstatement) provides extensive
guidance to the auditor in terms of what information has to be obtained about the entity and its
environment, including its internal control.
In summary, there are six broad components to this understanding:

1. Industry, regulatory and other external factors;
2. The nature of the entity;
3. The selection and application of accounting policies;
4. Objectives, strategies and related business risks of the entity;
5. The measurement and review of the entity’s financial performance; and
6. The entity’s internal control.
Each of these components is discussed in more detail below.
REFLECTION
Before continuing, give some thought to how the auditor’s understanding of each of these
components may assist in planning and performing the audit.
12.4.1.1 Industry, regulatory and other external factors

This component requires that the auditor understands the broader environment within which
the entity operates.
The auditor has to consider matters such as the following:

a) The market within which the entity trades – what demand is there for the entity’s
products; what capacity does the entity have to meet this demand; and who is the entity’s
competition;
b) Whether or not there is a cyclical or seasonal pattern to the entity’s trading activities;
c) The degree to which the industry is dependent on technology to remain competitive;
d) Whether or not there are any industry-specific accounting practices (consider the farming,
mining, or construction industry for example – these industries have unique accounting
practices with which the auditor will have to be familiar);
e) Whether or not the industry is regulated in any way and, if so, by which regulatory body
and in terms of what regulation. The auditor has to understand whether or not he or she
will be required to report in terms of these regulations and what the impact of these
regulations may be on the scope of the audit procedures;
f) Legislation that has a direct impact on the entity’s operations – fishing companies, mining
companies, import and export agents, estate agents, banks, and attorneys, for example, all
have specific legislation in place governing their activities;
g) The taxation considerations for the entity, for example VAT and income tax – are there
any unusual or industry-specific tax considerations in relation to the transactions
undertaken by the entity?
h) Government policy and the degree to which this may affect the industry – the auditor has
to understand any government incentives, grants, aid or rebate schemes that may affect
the industry in which the entity operates; and
i) The general state of the economy (including factors such as interest rates, foreign
exchange rates, rates of inflation and ease of obtaining finance) – this is likely to have a
direct impact on how well the entity is performing and on its prospects for future success.
DID YOU KNOW?

ISA 250 (Consideration of laws and regulations in an audit of financial statements)
specifically requires the auditor to identify laws and regulations that may have a direct and
possibly material effect on the financial statements.
A company that fails to comply with legislation runs the risk of facing fines, penalties
and possibly even closure. It is therefore important that the auditor obtains the necessary
understanding of these laws and the degree to which the company has complied with
them.
12.4.1.2 The nature of the entity

Having obtained an understanding of the industry and the broader context within which the
entity operates, the auditor then has to gain an understanding of the entity itself. There is a
virtually inexhaustible list of matters that the auditor could consider when looking at the entity
itself, but the focus is on information that will enable him or her to perform the audit
efficiently and effectively.
Some of the more important matters that would have to be understood include:
a) Organisational structure of the entity
Is the entity a single standalone entity or is there a group structure? If there is a group
structure, what is the nature of the relationship between the holding company and its
component parts? Are the components subsidiaries or joint ventures, for example? Where
there are subsidiaries, are they audited and, if so, by the auditor of the holding company or
by another auditor?
Consider an entity that is a group with a diverse geographical spread of subsidiaries
(possibly even into countries outside South Africa). This structure will have major
implications for the planning process when it comes to deciding on which subsidiaries
have to be audited, to what extent they have to be audited and who will conduct their
audits.
Go back and have a quick look at the company that was presented at the beginning of this
chapter (Steinhoff). Consider how important it would be for its auditors to fully
understand the complexity of that particular organisational structure (12 000 stores,
incorporating 40 different brands, operating in 30 different countries!).
b) Identification of any related parties and related party transactions

The auditor needs an understanding of the nature of any relationship between the entity
and its owners and other companies or parties. Some of these parties may be related to the
entity and transactions between them and the entity might not be at arm’s length. These
related party transactions carry increased risk of causing material misstatement in the
financial statements. ISA 550 (Related parties) provides specific direction to the auditor in
terms of how to identify and respond to these circumstances.
c) Details of the entity’s business operations

This is a large matter in itself and requires the auditor to become familiar with at least the
following aspects of the entity’s business:
i) What products or services does the entity provide?
ii) Who does the entity sell to (local/export)?
iii) How does the entity sell to its customers? (internet/e-commerce?)
iv) Who does the entity buy from (local/import) and what does it buy?
v) Does the entity sell or buy in terms of any special arrangements (on consignment,
for example)?
vi) If the entity manufactures a product, what is the nature of the manufacturing
process?
vii) Where are the entity’s operations based geographically?
viii) Does the entity make use of any outsourced services?
ix) Where is the entity’s inventory located?
x) What are the entity’s employment arrangements (for example, how are staff paid,
are there unions involved, are there incentives in place)?
xi) How does the entity invest its surplus cash? What is the nature of its current
investments?
xii) How does the entity obtain any finance that may be required?
xiii) How are assets currently financed?
xiv) Are there any specific revenue recognition practices (when does the entity deem
revenue to be earned for accounting purposes)?
xv) How does the entity determine the fair value of its assets?
xvi) Are there any unusual or complex transactions into which the entity enters or has
entered?
12.4.1.3 The selection and application of accounting policies

In this aspect of gaining an understanding of the entity, the auditor focuses on understanding
key transactions and balances and how the entity accounts for them. This involves considering
the following matters:
a) Identification of significant or unusual transactions and understanding how the entity
accounts for them;
b) Identification of any controversial or emerging matters where there is currently no
authoritative financial reporting guidance or consensus, and understanding how the entity
accounts for these matters;
c) Any changes in accounting policies during the year; and
d) Any new financial reporting standards and understanding how the entity plans to adopt
them.
12.4.1.4 Objectives, strategies and related business risks of the entity

It is important for the auditor to understand what management’s overall objectives for the
entity are, and what strategies they have in place to help achieve these objectives.
These strategies/objectives may include elements such as how management plan to grow
their business, how they plan to address its perceived weaknesses and how they plan to
respond to potential threats to its sustainability.
Understanding these strategies (and the driving factors behind their design) is important to
the auditor because risks to the business that are not adequately dealt with by management
invariably end up having a financial impact on the financial statements on which the auditor
needs to express an opinion.
Recommended practice 1 of Principle 11 of King IV™ specifically recommends that the
governing body assume responsibility for the governance of risk to the entity. This principle
further includes recommendations that emphasise the need for regular assessment of risks
facing the entity by the entity’s governing body and also for the adequate design, delegation,
implementation and monitoring of their plans to deal with these risks.
It is therefore necessary for the auditor to understand management’s assessment of risks
facing the entity so that he or she may consider the likelihood and impact of these business
risks when planning and performing the audit.
EXAMPLE
Audit risks versus business risk
Audit risk is the risk that the auditor expresses an inappropriate opinion on the financial
statements when the financial statements are materially misstated. This is clearly a risk to
the auditor and not to the entity. Expressing an inappropriate opinion on the financial
statements when they are not in fact materially misstated is less of a concern to the
auditor, as the entity’s management will no doubt take this up with the auditor, and the
appropriate opinion will be expressed in the final version of the auditor’s report.
Business risk, however, is a risk to the entity. It usually reflects a potential threat to the
business in terms of its ability to generate profits or minimise losses, remain sustainable,
or to achieve its social and environmental objectives. Examples of potential business
risks may include:
• Inappropriate response to a change in the market;
• Development of a new product that fails;
• New entrant into the market;
• The entity’s products becoming redundant;
• Poor quality products or services;
• Loss of a key customer or supplier; and
• Labour disputes.
The important thing to note here is that business risk may well result in audit risk.
Producing poor quality products (a business risk) may cast doubt over the net
realisable value of any inventory reflected in the entity’s financial statements at year-end
(an audit risk).
Loss of a major customer (a business risk) may result in going concern problems for
the entity that may cast doubt over the adequacy of the basis for the preparation of the
financial statements (an audit risk).
Not all business risks give rise to audit risks but understanding the business risks will
enable the auditor to make this assessment.
Examples of some of the matters the auditor should consider when understanding the
business risks facing the entity include the following:
a) Developments in the industry and the entity’s ability to respond to these changes;
b) The launch of any new products or services and the degree to which these may fail or
cause potential product liability;
c) Expansion to the business and the degree to which the entity is ready to expand or has
correctly assessed the market needs prior to the expansion;
d) New accounting or regulatory requirements and the degree to which the entity has
responded to them. The potential for penalties or fines for non-compliance would also
have to be understood; and
e) The degree to which the company is dependent on information technology and the
extent to which the entity keeps their information systems and business operations up
to date and technologically current.
12.4.1.5 The measurement and review of the entity’s financial performance

The auditor has to understand how the entity measures the success of its financial performance.
This will assist the auditor in his or her understanding of what is important to the entity and
will provide insight into where there may be the potential for misstatement. An entity that
places a lot of importance on its bottom-line profit figure, for example, may create a situation
where management may be tempted to do whatever it takes to achieve its desired results, even
if this means manipulating the financial information.
To identify these measures of success for the entity, the auditor considers the following
information:
a) Key performance indicators (financial and operating), and key ratios, trends and statistics;
b) Management accounts presented on a regular basis and an emphasis on what is being
reported on therein;
c) Budgets, forecasts and targets and the manner in which they are monitored;
d) Employee performance measures and incentives, for example a sales director who
receives a bonus if revenue figures meet predetermined targets may attempt to do
everything he or she can to achieve those targets and this would clearly create a risk of
misstatement in the financial statements to which the auditor would have to respond; and
e) Comparison of performance of the entity with its competitors or against industry norms.
Having identified how the entity measures its success, the auditor then also performs a review
of the entity’s performance to date. This review encompasses the performance of trend analysis
(year-on-year comparisons) in the entity’s liquidity, solvency and profitability ratios.
This provides the auditor with a good understanding of the general direction in which the
entity is heading. Is the entity becoming more or less liquid, solvent, and profitable?
This understanding is essential as a mechanism to identify potential risk of material
misstatement in the financial statements. An entity whose performance is declining, for
example, will be under pressure to turn things around and this may result in management
manipulating the financial results to achieve this. The auditor has to be aware of this possibility
when designing his or her procedures to respond to this identified risk of material
misstatement.
12.4.1.6 The entity’s internal control

Internal control is defined in ISA 315 as the system established by management to provide
them with reasonable assurance that the entity’s objectives are being met with regard to:
a) The reliability of financial reporting;
b) The effectiveness and efficiency with which their operations are conducted; and
c) Their compliance with laws and regulations.
The degree to which internal control is effective has a potentially significant impact on the
auditor’s assessment of risk of material misstatement. An entity that has strong internal control
is far more likely to be able to prevent or detect (and correct) misstatements in their records by
itself. This provides the auditor with assurance that misstatements are therefore less likely to be
present in the financial statements – the risk of misstatement will be reduced. However, an
entity that has poor or weak internal control is unlikely to be able to prevent or detect (and
correct) by itself misstatements in its financial records. This in turn increases the risk of
material misstatement perceived by the auditor.
Understanding the entity’s internal control is therefore an important part of this planning phase
and typically involves the auditor considering the following aspects:
a) The entity’s control environment: This involves assessing the culture that management
has created regarding the importance of internal control – management’s attitude towards
sound internal control.
b) The entity’s risk assessment process: This involves the auditor understanding the process
that management follows to identify internally and respond adequately to business risks.
c) The entity’s information system: This involves understanding how the entity processes its
significant transactions (such as sales, purchases and payroll) from initiation of the
transactions through to updating the general ledger and financial statements to reflect the
financial results of the transactions (refer to section 4.3.2.3 for more information). The
auditor has to understand the documents that are used to record the transactions and how
the information is transferred through the information system.
It is only necessary for the auditor to understand the information system in so far as it
relates to the financial records and statements (and therefore is relevant to the audit).
Purely operational controls and compliance controls that have no potential impact on the
financial records and statements are not relevant to the audit and therefore the auditor
generally does not have to gain an understanding of these controls.
d) The entity’s control activities: This involves obtaining an understanding of what the entity
does to prevent or detect (and then correct) errors that may occur in its financial reporting
information system. It is not necessary for the auditor to gain an understanding of all
control activities – simply those sufficient to enable him or her to assess the risks of
material misstatement at the assertion level and to design further audit procedures to
respond to the assessed risks. The emphasis is on identifying and obtaining an
understanding of control activities that address those areas where the auditor considers
that material misstatements are more likely to occur.
In obtaining an understanding of control activities that are considered to be relevant to the
audit, the auditor is required to obtain information pertaining to both the design and
implementation of these control activities.
Understanding the design of a control activity involves the auditor considering whether or
not the identified control activity is capable of preventing or detecting misstatement in
theory. The auditor first considers the control as it was intended to be (i.e. ‘on paper’).
Should the control activity be poorly designed, then the auditor can provide feedback to
management of the entity as to how it could be improved. Clearly, a control activity that is
poorly designed will never be relied on by the auditor to reduce the assessment of risk of
material misstatement in the financial statements.
Having understood the design of the control activity, the auditor next considers whether
there is evidence to suggest that the entity has actually been using/performing the control
activity (i.e. has it been implemented by the entity). Clearly, no matter how well designed
a control activity is, if it has not been adequately implemented, the auditor will not be able
to rely on it to reduce the assessment of risk of material misstatement.
It is only by first understanding the design and implementation of control activities
relevant to the audit that the auditor can then make the decision as to whether or not to
place reliance on them to reduce his or her assessment of the risk of material
misstatement. Should he or she choose to place reliance on them, the auditor then plans to
perform tests of control to obtain evidence about the operating effectiveness of these
control activities.
The decision on whether to test control activities or not is further elaborated on in section
12.6.4.3 of this chapter.
REFLECTION
ISA 265 (Communicating deficiencies in internal control to those charged with
governance and management) specifically requires the auditor to communicate to the
entity’s governing body what he or she regards as being a significant deficiency in internal
control (a deficiency meriting the attention of those charged with governance).
This requirement would apply to control deficiencies where the auditor believes an
important/key control activity is poorly designed, or is well-designed but has not been
adequately implemented by the entity.
e) The entity’s monitoring of controls: This final component involves understanding how the
entity ensures that its internal control is functioning as intended and how it responds to
instances where deficiencies in internal control are identified.
It is important to note that although the auditor is required to obtain an understanding of the
entity’s internal control, including its information system and relevant control activities, (i.e.
the design and implementation of control activities), this does not mean that he or she will
necessarily need to perform tests of controls to test their operating effectiveness. There are
several factors that influence the decision as to whether the auditor will test controls or not and
these are discussed in much more detail in section 12.6.4 when exploring the difference
between a combined audit approach (which includes tests of controls) versus a substantive
audit approach (which does not include tests of controls).
Working paper B1 contains the review notes of the audit manager about the audit work
performed by the audit team in respect of gaining an understanding of Ntsimbi Piping during
its 20X1 audit.
AUDIT WORKING PAPER
Client:
Ntsimbi
Ref: B1
Piping
(Pty) Ltd
Financial Reviewed
year-end: by:___________________________________________
31
December
20X1
Prepared
Date
by: Audit
reviewed:_________________________________________
manager
Date: 13
December
20X1
Title: Review notes in respect of our documented understanding of the
entity

To provide feedback to audit staff who performed and documented the
obtaining of the understanding of the entity about aspects that need to be
further elaborated on.
Further work required
Following my review of the working papers documenting our understanding of
Ntsimbi Piping, I believe there are certain gaps in our understanding that I
would like you please to investigate and document.
Please obtain further understanding of the following aspects relating to this

entity:
1. Who are Ntsimbi Piping’s major competitors? It is important that we
understand who they are so that we may monitor them as a means to
identify potential risks to Ntsimbi Piping (changes in technology, major
contracts awarded, etc.).
2. Is Ntsimbi Piping/the PVC industry regulated in any way that we need to be
aware of? We need to be aware of this, so we can ensure that non-
compliance does not result in any significant fines or penalties that may
need to be accounted for. Please ensure that our working papers responding
to ISA 250 adequately reflect our understanding of any regulations and
their financial impact.
3. What are the legislative implications associated with Ntsimbi Piping’s trade
in Africa? Consider tax implications as well as customs duty implications.
Ntsimbi Piping trades across borders in Africa and we need to understand
the legislative implications of this in order to test properly and conclude on
these types of transactions in the accounting records. As for review note 2,
please also ensure that any legislation is properly documented in our
working papers relating to the ISA 250 requirements in an appropriate
manner.
4. Are there any government grants, incentives, etc. that Ntsimbi Piping
qualifies for? We need to identify these so that we may be sure they have
been correctly accounted for.
5. You have indicated that the general state of the global and local economy is
depressed. Please document aspects relating to this that will affect Ntsimbi
Piping, such as exchange rate fluctuations between SA and the countries to
which it exports as well as the countries from which it imports the majority
of its raw materials. This is important information for us when it comes to
the audit of cross-border costs and transactions, as well as any foreign
exchange gains or losses.
6. Obtain a detailed organisational structure of the group. You refer to there
being a holding company as well as there being other subsidiaries in the
group of which Ntsimbi Piping forms part. There are significant
intercompany assets and liabilities at year-end, as well as significant
transactions with related parties. It is vital that we fully understand the
nature of the relationships between these entities and Ntsimbi Piping.
Please indicate the relationship between Ntsimbi Piping and its holding
company and its fellow subsidiaries (indicating the identity of the
shareholders, as well as the percentage holdings).
Please also detail the exact nature of all related party transactions.
7. Your description of Ntsimbi Piping’s operations is rather brief. Please
provide more extensive descriptions concerning the following matters:
a) What exact products or services does Ntsimbi Piping supply? You refer
only to PVC piping – surely there is a range of products with varied
uses?
b) Who does Ntsimbi Piping sell to (local/export)? Please provide specifics
in terms of who the major customers are (and whether or not they are
related parties).
c) How does Ntsimbi Piping sell to its customers? Please describe the
primary mechanism used to sell products – internet/e-commerce, for
example? Alternatively, please cross-reference to where this is described
in more detail in the audit file.
d) Who does Ntsimbi Piping buy from (local/import) and what does it buy?
Please provide specifics in terms of who the major suppliers are (and
whether or not they are related parties).
e) Does Ntsimbi Piping sell or buy in terms of any special arrangements
(on consignment, for example)? This would be especially relevant to the
sales made in Africa, particularly if they are made to related parties.
Please describe the manufacturing process in more depth. Provide at
f) least a high-level overview of the process. This has implications for our
understanding of inventory and property, plant and equipment and will
assist us with our identification of possible risks of material
misstatement in these account balances.
g) Where is Ntsimbi Piping’s inventory located? Please list all locations at
which inventory is stored/located and provide an indication of the
relative size of the inventory holding at each location.
h) What are Ntsimbi Piping’s employment arrangements (e.g. how are staff
paid (weekly or monthly/cash or transfer), are there unions involved, are
there incentives in place)? You also refer to industrial action being a
challenge faced by the entity – please substantiate this so we are in a
position to assess the degree to which this may affect the risk of material
misstatement.
i) How does Ntsimbi Piping obtain any finance that may be required? You
indicate that most finance is obtained from the shareholders (including
the holding company). Please describe the arrangements made with
regard to this finance (terms, interest rates, security, etc.). The company
also operates a sizeable overdraft – please provide details of this (bank,
limit, interest rates, security, etc.).
j) Are there any specific revenue recognition practices (when does Ntsimbi
Piping deem revenue to be earned for accounting purposes)? We have to
understand their revenue recognition practices. Consider specifically
when transfer of ownership of a sale is deemed to take place, given the
volume of cross-border trading (and the related length of delivery times).
Does ownership transfer on arrival or on despatch of goods?
k) How does Ntsimbi Piping determine the fair value of its assets? Please
document the process followed to determine the residual values of its
assets and the process followed to determine (and then adjust for) any
possible asset impairments.
l) Are there any unusual or complex transactions that Ntsimbi Piping
enters into, or has entered into in the current year? If so, please
document them in sufficient detail so that we can assess whether they
present any risk of material misstatement.
Note: The review notes in the working paper above only deal with the documentation of the
auditor’s understanding of the industry within which the client operates, as well as the nature
of its business. In addition, the working paper subjected to these review notes is not
specifically included in the case study, but the assumption has been made that much of what
has been documented in the Ntsimbi Piping Company Profile (at the start of the book) has been
included in the working paper subject to this review.
12.4.2 Method of obtaining the understanding

Having discussed what information needs to be obtained when understanding the entity (in
order for the auditor to be able then to assess the risk of material misstatement in the entity), it
is now time to consider how this information can be obtained.
There are four broad sources of information that the auditor can explore to obtain the
necessary understanding of the entity.
These are sometimes collectively referred to as the 4 Ps and are:

1. People;
2. Paper;
3. Premises; and
4. Analytical Procedures.
Let’s consider each of the 4 Ps in more depth.
12.4.2.1 Through discussions with People

There are various people with whom the auditor can enter into discussions to assist in
obtaining an understanding of the entity. It is unlikely that there would be one individual who
would be able to provide the depth and breadth of understanding that is required and it is
important that the auditor identifies the appropriate individuals to direct enquiries to.
Key individuals are listed below.
Internal to the entity:

a) The financial director/chief financial officer;
b) The managing director/chief executive officer;
c) The production director/chief operating officer;
d) The sales director;
e) The human resources director;
f) The company secretary;
g) The financial accountant; and
h) The internal auditor.
External to the entity:

i) The entity’s lawyers;
j) The audit engagement partner; and
k) Industry regulators.
12.4.2.2 Through inspection of Paper

There are numerous documents that could be inspected to provide insight into the entity and its
environment. As with people above, it is useful to categorise these into internally
generated/available documents and externally generated/available ones. The list below is
unlikely to be exhaustive.
Internal to the entity:

a) Minutes of management (the board of directors) and shareholder meetings;
b) Prior annual financial statements;
c) Current and prior trial balances;
d) Monthly management accounts;
e) Budgets;
f) Business strategy documents;
g) Internal newsletters;
h) Internal audit reports;
i) Policy documents; and
j) Information system descriptions.
External to the entity:

k) Prior year audit working papers;
l) Industry journals;
m) The media (including search engines like Google); and
n) Correspondence with attorneys.
12.4.2.3 Through visits to the entity’s Premises

A wealth of knowledge can be gained by visiting the entity’s premises from where it conducts
its operations to observe what it does and how this is done.
The following examples of understanding can be gained through this mechanism:

a) The nature of inventory and where and how it is stored;
b) The manufacturing process and the stages of production;
c) The nature of plant and equipment; and
d) Observation of control activities being performed, for example controls over the receipt of
inventory from suppliers.
12.4.2.4 Through the performance of analytical Procedures

Analytical procedures are a mechanism used to review financial and non-financial data with a
view to establishing patterns, trends or comparisons. These procedures can be useful in
identifying key changes in the results in comparison to prior years and in identifying unusual
or unexpected deviations from what may normally be expected.
These procedures (when performed as an audit planning activity1) are often referred to as
preliminary analytical procedures and include the review of the following aspects relating to
the entity’s results:
a) Year-on-year comparisons (Statement of Comprehensive Income and Statement of
Financial Position);
b) Month-on-month comparisons (of sales or wages for example); and
c) Calculation and review of trends in key ratios relating to profitability, liquidity and
solvency.
Refer to working paper C1 on the following page for an example of a working paper in respect
of a preliminary analytical procedure for Ntsimbi Piping.
AUDIT WORKING PAPER
Client: Ntsimbi
Ref: C1
Piping (Pty) Ltd
Financial year-
Reviewed
end: 31 December
by:_________________________________
20X1
Prepared by: Date
Audit senior reviewed:________________________________
Date: 10 January
20X2
Title: Preliminary analytical review procedures – Statement of
Comprehensive Income

To perform a year-on-year comparison of the Statement of Comprehensive
Income in order to identify potential anomalies or inconsistencies in the
information. Having identified anything, these aspects would then be followed
up with the entity to establish the reasons for the anomalies and we as auditors
would then consider whether this presents any risks of material misstatement.
We can use the prior year audited figures as a basis for comparison to the
current year unaudited figures to identify unusual trends in the current year that
require investigation.
UNAUDITED AUDITED
20X1 20X0
(R 000’s) (R 000’s) % Movt Notes

Revenue 128,320 97,802 31% 1
Cost of sales (105,274) (76,863) 37% 1
Gross profit 23,046 20,939
Other 500 279 –6%

income
Operating (20,333) (17,735) 15% 2

expenses
Operating 3,212 3,483 –8%

profit
UNAUDITED AUDITED
20X1 20X0
(R 000’s) (R 000’s) % Movt Notes
Investment 215 16 1244% 3

revenue
Finance cost (506) (509) –1% 4
Profit before 2,921 2,990 –2%

taxation
Taxation (781) (949) –18%
Profit after 2,140 2,041 5%

taxation
Gross profit 18% 21% –16% 5

%
Operating 2.5% 3.6% –31% 6

profit %
Notes in respect of the review above (to follow up with the entity):
1. 31% increase in revenue. This is significantly higher than expected for what
has apparently been a difficult year as indicated in our understanding of the
entity. Growth in the PVC consumables market was only 3% for the year
and the economic outlook both globally and locally is depressed. How then
can revenue have increased by such a significant degree? This may
represent potential overstatement of revenue and we would have to
establish the reasons for the huge growth in revenue.
It is likely that the growth in cost of sales is related to the growth in
revenue. If they sold that much more, they would have been required to
purchase an associated increase in materials. The growth in revenue is,
however, less than the growth in cost of sales (which may account for some
of the drop in GP% – refer note 5 below). This may be as a result of
supplier price increases exceeding those given to customers or alternatively,
the company discounting its prices in order to increase sales volumes. We
would need to understand more fully the reasons behind this movement in
cost of sales and the reasons why it differs from the associated increase in
revenue.
2. The growth in operating expenses is much higher than the normal CPI
increases that may be expected normally. We would have to try to
understand which components of operating expenses increased to result in
an overall increase like this. In other words, does this relate to genuine
increased costs associated with the increased revenue or could it represent
fictitious or unauthorised spending?
3. This is a significant increase in investment revenue, particularly given that
there are no investments disclosed on the face of the Statement of Financial
Position and the fact that cash and cash equivalents have decreased since
20X0! The nature of this revenue would need to be investigated as there is
currently a potential overstatement of income (or understatement of
investment assets).
4. Finance costs have reduced by only 1%. However, if we review the
Statement of Financial Position, interest-bearing borrowings have increased
from R429k to R1,396k in the current year and the bank overdraft has
increased from R75k to R4,022k. Surely, we would therefore be expecting a
sizeable increase in finance costs and yet they have decreased? We would
need to establish the reasons behind this as this suggests a potential
understatement of finance costs.
5. We are aware that there have been operational inefficiencies and the drop in
gross profit percentage (GP%) is therefore perhaps not unexpected, but a
16% drop in GP% is significant. We would need to discuss this with the
entity. It is unlikely that this drop would be due to understated revenue
(because revenue appears to be much larger than expected) and so it may
represent a potential overstatement of cost of sales.
6. The large drop in operating profit as a % of revenue is perhaps to be
expected as a consequence of the other movements in this Statement of
Comprehensive Income and does not warrant investigation on its own.
12.5 How does the auditor assess the risk of material
misstatement?
Having accepted the engagement (phase 1) and having obtained (or updated) his or her
understanding of the entity (phase 2), the auditor is now ready to assess the degree to which
there is risk that the financial statements may be materially misstated (i.e. to perform risk
assessment procedures) and will thus move into phase 3 of the audit planning process.
12.5.1 Conceptual aspects of risk assessment

12.5.1.1 Understanding the concept of audit risk
The nature of an audit is such that the auditor never performs tests on every transaction and
every balance to such a degree that he or she is able to conclude with absolute certainty that the
financial statements are 100% correct. The auditor applies judgement in determining the nature
and extent of testing to be performed and uses sampling to test and conclude on large
populations of transactions and balances (which, by their very nature, involves testing only a
selected group of items).
There is therefore always an element of risk present that the auditor may miss something.
Ideally, the auditor would like a situation where if anything is missed, it is not significant
enough to have any effect on decisions taken by users of the financial statements, and this risk
of missing something significant is sufficiently low to be acceptable to the auditor.
Every audit is therefore performed in the context of there being a degree of risk that the
financial statements contain significant or material misstatement, which the auditor does not
pick up and therefore expresses an opinion that the financial statements are a fair presentation
when, in fact, they are not. This risk is what is referred to as the audit risk in the engagement.
WHY? Why is it unavoidable that some level of audit risk remains on every audit?
Because the complete elimination of audit risk is impossible due to the inherent
limitations of the external audit – see section 1.4.5.2 of Chapter 1.
In terms of the ISAs, the auditor is required to reduce this audit risk to acceptably low levels.
After the completion of any audit procedures that the auditor believes are necessary, he or she
therefore needs to end up with an acceptably low level of risk (based on the client’s specific
circumstances) that the opinion expressed on the financial statements is not inappropriate.
It is conceivable that, under differing circumstances, what might be an acceptably low level
of audit risk for one audit client, may be completely different to that for another audit client. In
other words, reducing the level of audit risk to say 5% (i.e. a 5% probability that the auditor
expresses an inappropriate opinion on the financial statements when they contain material
misstatements) may be an acceptably low level of audit risk for one audit client, while
reducing it to say 3% may be seen to be necessary for a different audit client. What an
acceptably low level of audit risk is, is a matter for the auditor’s judgement exercised on the
basis of his or her experience. This is called professional judgement.
12.5.1.1.1 High-risk engagements

Examples of these types of engagements include situations where there is likely to be known
reliance placed on the audit opinion by third parties or situations where there is a large degree
of public interest in the audited financial statements of the entity. An example is a company
listed on the JSE.
For these types of engagements, audit risk is likely to be required to be relatively low for it
to be acceptable to the auditor.
12.5.1.1.2 Low-risk engagements

Examples of these types of engagements include those where there is likely to be no outside
reliance being placed on the audit opinion or situations where there is only a small degree of
public interest (if any) in the audited financial statements. Owner-managed clients that do not
need to provide audited financial statements to external parties (e.g. banks or potential
investors) are an example of this type of engagement. For these types of engagements, the
auditor is likely to be prepared to live with relatively higher levels of audit risk.
12.5.1.1.3 Normal (or medium) risk engagements

Typically, any audit engagement that cannot be readily classified into one of the two previous
categories falls into this group. Here the auditor is prepared to accept normal (or medium)
levels of audit risk (audit risk does not need to be particularly high or low).
REFLECTION
What type of audit risk is associated with Ntsimbi Piping?
Ntsimbi Piping is unlikely to be a high-risk engagement as there is not a high degree of
public interest in its financial statements nor is the auditor aware of any specific reliance
being placed on the audit opinion. It is, however, also unlikely to be a low-risk
engagement as there is clearly some degree of public interest.
Ntsimbi Piping is thus likely to be classified as being a normal (or medium) risk
engagement.
12.5.1.2 What factors affect the level of audit risk in an entity?

Remember that the level of audit risk represents the level of acceptably low risk to the auditor
that the financial statements may contain material misstatement that he or she fails to detect.
The auditor should not end up with a situation where the final level of audit risk (after the
audit has been completed) is higher than the level he or she was prepared to accept (set during
this planning phase). If this were to happen, this would mean that the auditor had not done
enough work to reduce audit risk to the level that needed to be acceptable prior to expressing
the audit opinion.
The auditor should also attempt to avoid situations where the audit risk ends up being
lower than the level he or she was prepared to accept. If this were to happen, this would mean
that the auditor had done more audit work than was actually necessary in the circumstances
and that the audit had therefore been more costly to the client (or the audit firm, if this resulted
in them exceeding the audit budget!) than was necessary.
This phase of planning therefore requires the auditor to identify the factors at the entity
being audited that potentially increase the level of audit risk, as well as those that potentially
reduce it. Having identified the factors that affect (increase or reduce) audit risk, the auditor is
then able to plan an appropriate response that will result in him or her ending up with audit risk
at the acceptably low level that is desired.
There are three categories of factors that affect the level of audit risk in a particular entity.
These factors are often referred to as the ‘components’ of audit risk.
12.5.1.2.1 Inherent risk

Inherent risk is defined in ISA 200 as being the susceptibility of an assertion to material
misstatement before considering internal control.
Inherent risk is intrinsic to the entity and arises from the very nature of the entity itself and
its business dealings. Inherent risk is also sometimes referred to as the ‘built-in’ risk of
material misstatement. Inherent risk cannot be changed by the auditor – it can only be assessed
and then responded to.
It is important to note that inherent risk does not include an assessment of the degree to
which internal controls (or a lack thereof) may lead to misstatement. This is a category all on
its own (called control risk and covered in the next section) and should not be confused with
inherent risk. Inherent risk should thus be seen as the risk prior to the consideration of internal
control.
A few examples of aspects of the entity that are likely to affect the inherent risk are
discussed in Table 12.1.
Table 12.1: Examples of inherent risk factors
INDICATOR OF HIGHER INDICATOR OF LOWER

INHERENT RISK FACTOR
INHERENT RISK INHERENT RISK
Staff competence Staff are not competent and Staff are competent and so
so there is a higher risk that there is a lower risk that the
the financial statements may financial statements may
contain misstatement. contain misstatement.
Staff integrity Staff lack integrity and are Staff are seen to have
thus seen to be more likely integrity and are thus seen to
to manipulate financial be unlikely to manipulate
information and there is financial information and
therefore a higher risk that there is therefore a lower risk
the financial statements may that the financial statements
contain misstatement. may contain misstatement.
Complexity of transactions Transactions are highly Transactions are simple and

complex and are therefore are therefore not prone to
prone to misstatement misstatement resulting from
resulting from errors. errors.
Level of sophistication of Information systems are Information systems are

information system highly sophisticated with a simple with a minimal degree
high degree of of computerisation and no
computerisation and transacting over the internet.
possibly also involve Misstatements are therefore
transacting over the internet. less likely to occur (except
Misstatements are therefore for human error).
more likely to occur.
Age of the information system Systems are new and tend to Systems are neither new nor
be problematic initially until outdated and are therefore
staff know how to use them stable and less likely to
and/or any bugs have been contain programming flaws
ironed out, or systems are that may lead to
old and tend no longer to be misstatement. Staff using
able to meet the processing these systems are also
needs of the entity and so familiar with them and so, are
tend to crash more less likely to make mistakes.
frequently with resultant
potential loss of data.
Design of the information Unique, tailored systems are Accounting software has been
system developed in-house to cater purchased off-the-shelf and is
for the entity’s specific therefore tried and tested and
processing needs. These has not been customised at all
systems are relatively for the entity. These systems
untested and are therefore are generally less likely to
more likely to contain flaws create misstatements.
leading to misstatements that
are only resolved over time
as they are picked up.
Degree of subjectivity in the There is a high degree of There is no subjectivity (and

determination of gures subjectivity (and therefore therefore little potential for
greater potential for misstatement) in arriving at
misstatement) in arriving at an amount. The amount is
accounting estimates or fair supported by factual evidence
value adjustments. that is not refutable.
History of misstatement Numerous misstatements No (or very few)

were detected in prior audits. misstatements were detected
There is therefore an in prior audits. There is
expectation that therefore no expectation that
misstatements will once misstatements will be present
again be present in the in the current year’s financial
current year’s financial statements.
statements.
Aggressive nancial targets Staff have aggressive Staff have

financial targets in place that reasonable/attainable
they need to meet. There is financial targets in place (or
therefore pressure placed on do not have predetermined
them to achieve these results targets at all) that they need to
and so a greater risk that meet. There is therefore little
figures have been additional pressure placed on
manipulated to be able to them to achieve these results
achieve them. and so a reduced risk that
figures have been
manipulated.
Management/staff incentives Management and/or other Management and other staff

staff receive an incentive do not receive incentives for
should they reach reaching predetermined
predetermined results. There results. There is thus no
is therefore a personal benefit to them in the
benefit to them should they manipulation of figures and
achieve these results and so so this is therefore unlikely to
a greater risk that they may have happened.
have manipulated figures to
attain them.
There are numerous further examples of inherent risks that could be put forward, but the
examples provided above should suffice for you to understand the nature of an inherent risk.
Clearly, where an inherent risk is identified, this increases (or decreases) the assessment of
the risk of material misstatement and the auditor therefore needs to do something to reduce (or
increase) the resultant level of audit risk back to the level that is acceptable. What these
responses may include is discussed in detail later in this chapter.
12.5.1.2.2 Control risk

Control risk is defined in ISA 200 as being the risk that a material misstatement that could
occur in the financial statements is neither prevented, nor detected and corrected, on a timely
basis by an entity’s system of internal control.
When discussing inherent risk above, specific mention was made of the fact that inherent
risk identifies factors prior to the consideration of internal control. Control risk is where
specific consideration is given to the degree to which an entity’s internal control (or lack
thereof) may affect the level of audit risk.
As is the case with inherent risk, control risk is also intrinsic to the entity and arises due to
the nature of the controls in the entity itself. Control risk cannot be changed by the auditor – it
can only be assessed by him or her, and then responded to.
You should remember – from the discussions about obtaining an understanding of the
entity (phase 2 of the planning process) – that internal control was one of the areas that the
auditor is required to understand. Having understood the entity’s internal control, the auditor is
then in a position to consider the degree to which internal control may increase or decrease
audit risk.
Control risk is essentially the risk that internal control will fail to prevent, or detect and
correct, material misstatement. An entity with strong internal control is more likely to be able
to prevent, or detect and correct, material misstatements affecting the financial statements, and
there is therefore a reduced risk that these sound internal controls will fail to prevent, or detect
and correct, misstatement. Control risk is therefore low. However, an entity with poor or weak
internal control is unlikely to be capable of preventing, or detecting and correcting, material
misstatements affecting the financial statements and there is therefore a relatively high risk that
these weak (or non-existent) controls will, in fact, fail to prevent, or detect and correct,
misstatement. Control risk is therefore high.
As was the case with inherent risk, increases in control risk increase the risk of material
misstatement. Similarly, reductions in control risk reduce the risk of material misstatement. In
either case, the auditor needs to consider the collective effect of both inherent and control risk
(i.e. the assessed risk of material misstatement) when it comes to designing appropriate
responses to reduce the level of audit risk to acceptably low levels.
Examples of a few aspects of a business that are likely to affect control risk are described
in Table 12.2.
Table 12.2: Examples of control risk factors

CONTROL RISK FACTOR
CONTROL RISK CONTROL RISK
Degree to which duties are A lack of segregation of Adequate segregation of

segregated duties results in one staff duties exists whereby no
member performing single staff member performs
incompatible functions incompatible functions. There
leading to a greater is thus a reduced likelihood of
likelihood of misstatements there being misstatements.
having taken place.
Control environment There is a weak control There is a strong control

environment where environment where
management does not place management places a strong
a strong emphasis on sound emphasis on sound internal
internal control. The general control. This usually results
philosophy in the entity is in internal control being seen
therefore one where internal by all staff as important to the
control is not seen to be organisation which results in
important and so better internal control and
misstatements are more thus fewer misstatements.
likely to occur.
CONTROL RISK FACTOR
CONTROL RISK CONTROL RISK
Control activities Control activities are poorly Control activities are well
designed (or non-existent) designed and have been
and are not capable of implemented by the entity.
preventing, or detecting and They are therefore capable of
correcting, misstatement, or preventing or detecting
well-designed control misstatement which thus
activities have simply not reduces the risk that
been implemented by the misstatements will reach the
entity. In both cases financial statements.
misstatement is unlikely to
be prevented, or detected
and corrected.
Monitoring of internal control There is weak or no Internal control is well

monitoring of internal monitored by management
control. Internal control is who then take steps to
therefore never improved on address weaknesses if and
and over time tends to lapse. when they are identified. An
There is thus a greater example of this may be an
likelihood of misstatement. entity that has a strong
internal audit department.
Misstatements are thus less
likely to occur.
As with the examples pertaining to inherent risks, the factors described above are only a
selection of possible factors that could influence the auditor’s assessment of control risk –
many more exist in any business.
12.5.1.2.3 Detection risk

Both inherent and control risk are functions of the entity whose financial statements are subject
to audit. Neither of these risks can be controlled as such by the auditor – they can only be
identified, assessed and responded to. The third component of audit risk can however be
controlled/managed by the auditor.
Detection risk is defined in ISA 200 as ‘the risk that the auditor’s procedures, performed to
reduce audit risk to acceptably low levels, will fail to detect misstatements that could be
material individually, or when aggregated with other misstatements’. Detection risk thus arises
through the performance of inappropriate or inadequate audit procedures – matters that the
auditor should very much be in control of.
It stands to reason that if an auditor’s procedures are inadequate, there is an increased
likelihood that misstatement will not be detected and therefore that audit risk will increase.
Detection risk can be controlled in that the auditor can choose:
• How to obtain the evidence that he or she believes is necessary to form an opinion on the
financial statements;
• What type of evidence is necessary;
• How much evidence is necessary; and
• How to conduct the audit.
By using audit staff with experience, or by increasing the type and extent of audit testing (and
therefore the reliability and amount of evidence to support a conclusion), for example, the
auditor is able to reduce the risk that material misstatements will go undetected (detection risk
is thus reduced). Conversely, if audit staff are inexperienced, they are much less able to
determine whether procedures are appropriate or not, or whether enough evidence has been
gathered (detection risk is thus increased). Also, if the extent of testing is reduced, the amount
of evidence will be reduced and conclusions will be less easily justified – the less the testing is,
the more likely it is that the auditor will not detect misstatement (and thus the higher the
resultant level of detection risk will be).
12.5.1.3 Understanding the relationship between the three components that affect
audit risk
In ISA 200, risk of material misstatement is defined to be the product, or net result, of inherent
and control risk. The inherent and control risk levels can be assessed by the auditor. The higher
the assessed level of the risk of material misstatement is, the more detection risk must be
reduced in order to re-establish the required low level of audit risk.
Given that detection risk is the only one of these three factors that the auditor can control
(the other two factors can only be assessed by the auditor), detection risk becomes a very
important mechanism that can be used to return the level of audit risk to acceptably low levels.
WHAT What if, for example, the auditor is faced with a situation where there is high
inherent risk?
IF?
Because of this increased inherent risk, risk of material misstatement will
automatically be assessed at a higher level and this will therefore push audit
risk to a level that is higher than that which will be acceptable to the auditor.
What can the auditor now do to reduce this level of audit risk back to
acceptable levels (to mitigate the effect of the increase in inherent risk)?
1. The auditor can consider designing the substantive procedures in such a way
that detection risk is reduced, thereby offsetting the increase in inherent risk
and returning audit risk to an acceptable level; or
2. The auditor can consider incorporating tests of control into the audit
approach such that he or she is able to justify reduced levels of control risk
to offset the increased levels of inherent risk.
Consider Table 12.3 below.
Table 12.3: The relationship between inherent, control and detection risk
ASSESSED LEVEL ASSESSED LEVEL RESULTANT NET REQUIRED LEVEL

OF INHERENT OF CONTROL EFFECT ON RISK OF DETECTION
RISK RISK OF MATERIAL RISK TO OFFSET
MISSTATEMENT THE RISK OF
(Note: where less MATERIAL
than high, the MISSTATEMENT
assessment is to be AND RETURN
con rmed by the AUDIT RISK TO
results of tests of ACCEPTABLY
LOW LEVELS
control)
High High Significantly Needs to be very low
increased
High Medium Increased Needs to be low
High Low No effect (the Needs to be medium

inherent and control
risk cancel each
other out)
Medium High Increased Needs to be low
Medium Medium No effect Needs to be medium
Medium Low Reduced Needs to be high
Low High No effect (the Needs to be medium

inherent and control
risk cancel each
other out)
Low Medium Reduced Needs to be high
Low Low Significantly reduced Needs to be very

high
REFLECTION
Under which circumstances might control risk be considered to be medium?
It could be argued that if we test the operating effectiveness of control activities and
conclude that they are working, control risk will then always be low, and if we do not test
operating effectiveness of control activities, control risk must then surely be high. So,
when might we justify medium control risk?
If we follow a rotation plan regarding the testing of control activities (ISA 330 para 13
and 14 – refer also to section 13.4.4), for audit purposes we would be placing reliance in
the current year on control activities that were tested in a prior year. It might then be
argued that because we didn’t actually test the control activities in the current year, that we
couldn’t justify a low control risk. But equally because we tested the controls in a prior
period (and concluded that they were working in that period), it wouldn’t be appropriate to
assess control risk as high. This may be a situation where control risk assessed at a
medium level may become justified.
What is clear is that inherent risk and control risk have to be assessed so that the resultant level
of required detection risk (that the auditor can control) can be established. The audit plan can
then be created in such a way that it addresses (responds to) the required level of detection risk.
This relationship between inherent, control and detection risk is often formalised in what has
become known as The Audit Risk Model.
This is a good way to visualise the relationship between the component factors that affect audit
risk. Given that AR (audit risk) must remain at the level set by the auditor as being acceptable
for the specific engagement, if IR (inherent risk) and CR (control risk) for a particular audit
engagement are both high, DR (detection risk) must be very low to enable the auditor to
achieve the required level of acceptable AR. For this engagement, the auditor must therefore
plan their procedures in such a way that once they have been performed, there is a very low
risk that these procedures will not have detected material misstatements.
Visually the above example can be represented as follows:
In theory, this model should probably rather be referred to as the Detection Risk Model since it
is actually the level of required detection risk that the auditor is trying to determine.
It may, however, just complicate things if the model were to be presented as follows:
The original layout of the audit risk model does make it easier to understand the nature of the
relationships between the different components of the model but can lead to the mistaken
belief that it is being used to determine the level of audit risk. It is not! It is being used to
determine the required level of detection risk in order to maintain audit risk at a level that is
considered to be acceptably low for the engagement concerned.
12.5.1.4 Risk at the financial statement level versus risk at the account
balances/classes of transactions/ disclosures level
ISA 315 requires the auditor to consider risk of material misstatement (the product of inherent
and control risk) at two different levels. The consideration of these two levels has major
significance when it comes to the auditor’s planned response to achieve the resultant level of
detection risk that needs to be attained.
Risks at the financial statement level result from those risk factors that could have an
impact across the entire set of financial statements, affecting many account balances, classes of
transactions or disclosures. It is therefore not possible to pinpoint the effect of these risks to
just one or two individual account balances/classes of transactions/disclosures. The effects of
these risks are pervasive to the financial statements as a whole.
Risks at the assertion level for classes of transactions, account balances and disclosures
(refer to section 1.3.3 in Chapter 1 if necessary where these concepts have been explained in
detail), however, result from risk factors that are likely only to have an impact on a limited
number of transactions, the related account balances, and/or disclosures.
Before working through a few examples of risks at these two different levels, let’s consider
the effect of risk at these different levels in terms of the resultant level of detection risk.
If the auditor discovers an inherent risk that could impact on the entire set of financial
statements (the potential for misstatement is thus present across multiple account balances
and/or classes of transactions and/or disclosures), this means that IR at financial statement
level is seen to be high. The auditor therefore has to design an approach that ensures that DR at
financial statement level is appropriately reduced. This means that the planned response to
achieve this lower level of DR that is now required would have to be such that it results in a
reduced risk that the auditor would fail to detect material misstatement across all classes of
transactions and account balances and disclosures.
Now consider instead a situation where the auditor identifies an increase in inherent risk in
just one particular account balance or class of transaction or disclosure. Clearly, the inherent
risk for only that account balance or class of transaction or disclosure (and its related double-
entry account of course) increases and the auditor must then plan an audit approach that results
in DR for only that account balance or class of transaction or disclosure being appropriately
reduced. The important thing to note here though is that this response only has to reduce DR in
this one account balance or class of transaction or disclosure (and its related double-entry
account if applicable) and should not have any effect on the DR for any other account
balance/class of transaction/disclosure. This is very different from the financial statement level
where the planned response has to ensure that DR is adjusted for all account balances/classes
of transaction/disclosures.
This may initially seem fairly complex. We discuss the nature of these required responses
in more depth later on in the chapter.
Refer to Table 12.4 below where the inherent risk factors described in Table 12.1 have been
further broken down to show when they might apply at the financial statement level as opposed
to at an account balance/class of transaction/disclosure level.
Table 12.4: Inherent risk at nancial statement level and at account balance level
INHERENT RISK INDICATOR OF RISK AT INDICATOR OF RISK AT

FACTOR IDENTIFIED FINANCIAL ACCOUNT
IN TABLE 12.1 STATEMENT LEVEL BALANCE/CLASSES OF
TRANSACTION/DISCLOSURE
LEVEL
Staff competence Management of the finance Staff responsible for a particular

department are not account balance or class of
competent (e.g. do not transactions are not competent
understand the (e.g. a wage clerk or a credit
requirements of IFRS) – controller). Given the limited
given the influence that access that these staff members
management have over have, misstatements arising out
multiple transaction cycles of their lack of competence can
and account balances, a only manifest in the account
lack of management balance or class of transactions
competence could manifest for which they are directly
itself in any (or every) responsible (and its double-entry
account balance. account of course).
Staff integrity There is concern about the There is concern about the
integrity of the entity’s integrity of a staff member
management. As with responsible for a particular
competence above, the account. As with competence
impact of this risk could be above, the impact of this risk can
felt in any (or every) only be felt in a limited number
account balance/class of of account balances or classes of
transaction/disclosure. transactions (only those for
which the applicable staff
member is directly responsible
and their double-entry accounts
of course).
Complexity of transactions The business as a whole Limited individual account

involves all transactions balances or classes of
generally being complex in transactions contain complex
nature. Examples of this are transactions but generally most
banks or entities involved account balances or classes of
in import and export. transactions contain fairly routine
and non-complex transactions.
LEVEL
Level of sophistication of The entire information Only certain parts of the overall
information system system is sophisticated and information system are
therefore all account sophisticated. For example,
balances and classes of revenue is processed through a
transactions are affected. complex information system
while the other classes of
transactions are not.
Design of the information The entire information Only certain parts of the overall
system system has been developed information system have been
in-house and therefore all developed in-house or purchased
account balances and off-the-shelf. For example, the
classes of transactions are payroll is processed through a
affected. standard purchased software
package (in which case only the
The general ledger system
salaries and wages classes of
always has an impact at a
transaction are affected).
financial statement level.
Age of the information This applies where the Different parts of the system
system entire system is the same have been developed and added
age. at different stages. It is therefore
possible that for certain classes of
transactions, inherent risk may be
high (brand new system) while
for other classes of transactions,
it may be low (established
system).
Degree of subjectivity in the This is unlikely to have any This applies where individual
determination of gures impact at this level since account balances require
subjectivity is only relevant subjective determination of
to certain account balances amounts – accounting estimates
where accounting estimates or fair value adjustments, for
are required. example.
LEVEL
History of misstatement Prior year misstatements Prior misstatements have been in

have been across the board a limited number of account
– not in any particular class balances or classes of
of transaction or account transactions or disclosures with
balances or disclosure. the same item being affected for
several years running.
Aggressive targets Profit-based targets create Targets in specific areas of the

risk at a financial statement business, such as revenue targets
level because of the vast for example, create a risk of
number of account balances misstatement only in that
and classes of transactions particular class of transactions.
that can be manipulated to
have an impact on profit.
Management/staff For the same reasons as Any other incentives (other than
incentives targets above, where profit-based incentives) usually
incentives are profit-based, create risk at the relevant account
this creates risk at a balance/class of transaction level
financial statement level only. This is because any
because of the large potential manipulation to attain
number of account balances the target is going to be limited to
and classes of transactions the affected account balance or
that can be manipulated to class of transaction only.
have an effect on profit.
Refer to Table 12.5 where the control risk factors described in Table 12.2 have been further
broken down to show when they may apply at a financial statement level as opposed to at an
account balance/class of transaction/disclosure level.
Table 12.5: Control risk at nancial statement level and at account balance level
CONTROL RISK INDICATOR OF RISK AT INDICATOR OF RISK AT

FACTOR IDENTIFIED FINANCIAL ACCOUNT BALANCE/CLASS
IN TABLE 12.2 STATEMENT LEVEL OF
LEVEL
LEVEL
Degree to which duties are Applies at this level where Applies at this level where the
segregated the duties of senior duties of staff members
financial staff who are responsible for certain account
responsible for multiple balances or classes of
account balances or classes transactions only are not
of transactions are not adequately segregated.
adequately segregated.
Control environment Can only apply at this level Not applicable unless
since the control management responsible for one
environment is concerned class of transactions have a
with management’s overall different mind-set regarding
attitude towards internal internal control to the board
control in general. (which is possible).
Control activities Applies where control Applies often at this level since
activities are designed to control activities are put in place
detect and correct to prevent or detect and correct
misstatements in the misstatement in the processing of
financial statements as a transactions and therefore relate
whole (for example, the to certain individual account
review of management balances and classes of
accounts against budgets transactions.
by the board of directors or The control activities over the
the authorisation of all payroll class of transactions, for
journal entries by a senior example, cannot have any
member of management). bearing on the control risk over
the revenue class of transactions,
since they are two independent
systems with their own
independent control activities.
The auditor may therefore have a
situation where the payroll class
of transactions is regarded as
having low control risk while the
revenue class of transactions is
seen to have high control risk.
LEVEL
Monitoring of internal Usually applies only at this Not applicable unless

control level since monitoring management responsible for one
activities are likely to class of transactions play an
apply to internal control as active role in monitoring their
a whole. It is unlikely area of responsibility
(although technically still independent of the general
possible) that only one or approach to monitoring of
two transaction cycles are internal control (which is
monitored whereas the rest possible).
are ignored.
Working paper D1 below shows how the assessment of the risk of material misstatement at
financial statement level is documented in the audit working papers of the 20X1 audit of
Ntsimbi Piping.
AUDIT WORKING PAPER
Client:
Ntsimbi
Piping Ref: D1
(Proprietary)
Limited
Financial
year-end: 31 Reviewed
December by:______________________________________
20X1
Prepared by: Date
Audit senior reviewed:____________________________________
Date: 10
January
20X2
Title: Assessment of risk of material misstatement at financial
statement level

To document the factors that affect risk of material misstatement at financial
statement level for this engagement, and to assess the risk. This conclusion will
then be used to design a response that adjusts overall detection risk such that
audit risk is reduced to acceptable levels.
Note: This working paper has been prepared based solely on the
information currently documented in the understanding of the entity (and
re ected in the client pro le). With reference to a previous working paper
in this section, it should be noted that further information would be
required in order to complete a proper risk assessment at this level.
Findings
The following factors will need to be considered when reaching a conclusion
regarding risk of material misstatement at financial statement level in this
engagement:
RISK FACTOR WHY THE FACTOR AFFECTS THE

RISK THAT THE FINANCIAL
STATEMENTS MAY CONTAIN
MATERIAL MISSTATEMENT
Factors that reduce inherent risk at financial statement level
The company is unlisted. Relatively limited public interest and so

less pressure to manipulate results.
The company was established The company is well established and

over a decade ago. thus there are reduced concerns around
going concern ability (it has a proven
track record) and also a reduction in the
likelihood of errors taking place.
Factors that increase inherent risk at financial statement level
The company trades (imports and There is the risk that the company
exports) across borders. suffers significant foreign exchange
losses, which increases the risk that the
company may not be a going concern.
Furthermore, the nature of these cross-
border transactions Is likely to be
inherently complex.
There are significant related This increases the likelihood of
parties across multiple manipulation of numbers between
transaction types. entities.
Potential going concern issues: Going concern problems put pressure on

• Both operating profit and management to reflect a better situation
profit before tax reduced than may actually be the case. Although
marginally from FY20X0, the financial results for 20X1 are by no
primarily as a direct result of means bad, management may none-the-
increased pressure on sales less be under pressure to do what they
prices, resulting in a reduced can to present an even healthier set of
gross profit margin financial statements.
• Increased competitor threats
• Potential industrial action
• Changing emerging markets
• Operational inefficiencies
• Ineffective cost management
• Sizeable increase in bank
overdraft balance
• In a position that shows a net
current liability at year-end
(current liabilities marginally
exceed current assets)
Conclusion
Based only on the above factors, the overall risk of material misstatement at
financial statement level in this engagement is regarded as being MEDIUM.
Note: Working paper D1 does not include information about control risk at financial statement
level as the available information about Ntsimbi Piping does not include sufficient information
in this regard.
12.5.1.5 Introducing the financial statement assertions into risk assessment at the
account balances/ classes of transactions/disclosures level
Chapter 1 has introduced you to the concept of assertions (refer to section 1.3.3 of Chapter 1)
and from reading Chapter 11 you will be aware that auditors need to perform procedures
necessary to obtain sufficient appropriate evidence that none of these assertions made by
management about year-end balances, transactions and events, and disclosures result in
material misstatement.
The nature, timing and extent of the required procedures for each assertion as it applies to
each account balance, class of transaction or disclosure is influenced by the degree of assessed
risk of material misstatement relating to that particular assertion. For example, if there is a
greater risk of material misstatement that accounts receivable are not fairly valued, the auditor
will design (and then perform) more extensive procedures on the accuracy, valuation and
allocation assertion for accounts receivable (which will result in lower levels of detection risk
being achieved for the accuracy, valuation and allocation assertion – which in turn will offset
the original higher risk of material misstatement in this assertion and will restore audit risk to
acceptably low levels).
It therefore becomes essential to be able to determine the level of required detection risk
for each assertion separately when considering the account balances, classes of transactions or
disclosures that have to be audited.
EXAMPLE
Accounts Receivable
The following information pertains to the Accounts Receivable account balance of an
entity being audited:
Staff who manage the account balance are competent. Historically, whereas
there have not been instances of misstatement with regard to the recording or
classi cation of the sales transactions that give rise to the related debt, there was
reason to be concerned about the manner in which the entity provides for
irrecoverable credit losses. Management use a subjective formula to determine the
allowance for credit losses and the level of this allowance recorded has seldom
been a re ection of the actual subsequent write-off of bad debts.
There is no reason to believe that management may want to record ctitious
sales transactions, nor that management have pledged or secured their debtors
book in any way. Nor is there any reason to suspect that management have not
recorded all credit sales transactions.
Although there are no speci c control activities in place around the
determination of the allowance for credit losses, control activities ensuring the
completeness, validity and accuracy of recorded sales transactions appear to be
well designed and there is evidence that they have been implemented by the entity
throughout the year. Given the size of the Accounts Receivable balance, the
auditors have historically found it most cost-effective to adopt a combined approach
to the audit of Accounts Receivable (i.e. perform tests of control).
Now: How does the auditor assess the risk of material misstatement in the Accounts
Receivable balance at year-end (ignoring the presentation assertion)?
Inherent risk by assertion (account balances, and related disclosures at period end)
• Existence: No reason to believe that the client has created fictitious debt, so the
inherent risk of non-existent debt is low.
• Completeness: No reason to believe that the client has failed to record all credit sales
transactions, so the inherent risk of the Accounts Receivable balance being
incomplete is low.
• Rights: No reason to believe that the client has pledged or secured its debtors book, so
the inherent risk pertaining to inappropriate identification of rights to debtors is low.
• Classification: No reason to believe that the client has incorrectly classified debtor’s
balances, so the inherent risk pertaining to this assertion is low.
• Accuracy, valuation and allocation: Historically there have been problems with the
allowance for credit losses, there has been use of a subjective formula, and the
allowance seldom equates to the actual subsequent write-off. The inherent risk that the
valuation of this account balance will be incorrect in the current year is therefore high.
Note that because there are no reasons to believe that the accuracy or allocation of
Accounts Receivable are misstated, these elements of this assertion will remain a low
inherent risk.
Control risk by assertion (account balance at period end)
• Existence: There appear to be well designed and implemented control activities over
the valid recording of sales and therefore debtors. Assuming that the auditor plans to
rely on these controls again in the current year and that he or she will therefore
perform tests of control to confirm their operating effectiveness, the risk that controls
will fail to prevent, or detect and correct, non-existent debt (fictitious sales) can
therefore be assessed as low on a preliminary basis (tests of control would have to be
performed to confirm this preliminary assessment).
• Completeness: As with existence above, control activities over the complete recording
of sales (and thus trade debtors) appear to be well designed and implemented, and
assuming the auditor plans to rely on these controls and test their operating
effectiveness, control risk for this assertion can also be assessed as low on a
preliminary basis (tests of control would have to be performed to confirm this
preliminary assessment).
• Rights: This assertion is generally difficult to implement control activities over
(management seldom introduce control activities to detect instances where rights are
not identified) and control risk for this assertion is therefore usually high.
• Classification: Given that there appear to be well designed and implemented control
activities over the accurate recording of sale transactions, and assuming these control
activities extend to ensuring that transactions are posted into the correct account, and
given that we are likely to test controls for existence and completeness, it seems
appropriate that we also rely on controls for classification. Control risk for this
assertion will thus also be set as low on a preliminary basis.
• Accuracy, valuation and allocation: There are no control activities in place that can be
relied on to prevent misstatement with regard to the valuation of Accounts
Receivable. Control risk here is therefore high for the valuation element of this
assertion. Note that given the well-designed control activities in place over the
recording of the related sales transactions, control risk for the accuracy and allocation
elements of this assertion are likely to be low.
Level of detection risk therefore required for the assertions pertaining to Accounts
Receivable to restore AR to acceptably low levels:
Inherent risk Control risk Therefore, required

level of detection
risk is
Existence Low Low Very High
Completeness Low Low Very High
Rights Low High Medium
Classification Low Low Very High
Accuracy, valuation High (valuation) High (valuation) Very Low

and allocation Low (accuracy & Low (accuracy & (valuation)
allocation) allocation) Very high (accuracy
& allocation)
What becomes apparent in this example is that there are three different levels of detection
risk that have to be managed by the auditor in this one account balance. The auditor’s
response therefore has to vary from one assertion to the next, given that the required level
of detection risk is different for each assertion.
The main issue in this example is with the carrying amount (accuracy, valuation and
allocation) of Accounts Receivable. It therefore makes sense to perform extensive
(additional) audit procedures on the allowance for credit losses (i.e. which forms part of
the accuracy, valuation and allocation assertion), as this is where the high risk of material
misstatement lies (this is therefore where the risk that the auditor’s procedures will fail to
detect material misstatement – the detection risk – needs to be at its lowest). It makes no
sense to perform extensive audit procedures on the existence or completeness of accounts
receivable, as levels of detection risk can remain very high for these assertions.
If the auditor does not separately assess risk at the assertion level, situations may
arise where the auditor looks at Accounts Receivable, declares there to be a potential
problem given the history around the allowance for credit losses and so proceeds to
declare Accounts Receivable to be a high-risk balance. The auditor may then respond by
increasing the extent of audit testing to be done for the balance as a whole rather than just
for the accuracy, valuation and allocation assertion, which is where the main concern lies.
This will lead to an inefficient and unnecessarily costly audit.
Working paper E1 below shows how the assessment of the risk of material misstatement at
account balance and assertion level is documented in the inventory audit working papers of the
20X1 audit of Ntsimbi Piping.
AUDIT WORKING PAPER
Client: Ref: E1
Ntsimbi
Piping
(Pty) Ltd
Financial Reviewed
year-end: by:_______________________________________________
31
December
20X1
Prepared Date
by: Audit reviewed:_____________________________________________
senior
Date: 13
January
20X2
Title: Assessment of Inherent risk for the inventory account balance

To document the factors that affect the inherent risk in the inventory account
balance at year-end in order to reach a conclusion regarding the level of this
risk in each of the relevant assertions that pertain to this account balance. In
conjunction with the conclusion on working paper E2 (the assessment of
control risk in inventory), this conclusion will then be used to design a
response that sets the required level of detection risk such that the risk of
material misstatement in each of these assertions is restored to an acceptable
level.
Note: This working paper has been prepared based solely on the
information currently documented in the understanding of the entity (and
re ected in the client pro le). With reference to a previous working paper
in this section, it should be noted that further information would be
required in order to complete a proper risk assessment for this account
balance.
Findings
The following factors need to be considered when reaching a conclusion
regarding the inherent risk in the inventory account balance at year-end:
Risk factor Assertion affected Reason for the effect

on risk
Inventory is Accuracy, valuation and The calculation of the

manufactured allocation of inventory (Work costing of inventory
in progress and Finished (i.e., its accuracy) is
goods) inherently more
complex in a
manufactured product
and thus more subject
to possible
misstatement.
Raw material is Accuracy, valuation and The calculation of the

imported allocation of inventory (Raw cost (i.e., its accuracy)
materials) of imported raw
material is inherently
complex given the
need to capitalise all
appropriate costs in
getting the materials
into the store
(shipping costs, forex
costs, insurance, etc.).
Inventory is Existence/Completeness/Rights It is difficult to

distributed of inventory (Finished goods) determine at what
through Africa point ownership of
inventory transfers
due to the large
volume of cross-
border transactions as
well as the
importation of a
significant proportion
of their raw materials
(i.e. high volumes of
goods in transit likely
at year-end).
It is also more difficult
for client’s staff to
verify the existence of
inventory stored at
remote locations.
The nature of the Existence/Completeness of Given the similarity of

product inventory (Raw materials, various PVC piping
Work in progress, and Finished products, it may be
goods) difficult for the
company’s staff to
differentiate between
different raw
materials, work in
progress and finished
products, which may
result in incorrect
quantities being
recorded for inventory
items. It may also be
difficult for us to
corroborate the count
information if it is
difficult to distinguish
between differing
types of product.
Note 4 of the Completeness of inventory Raw materials appear

annual financial significantly
statement shows: Existence/Accuracy, valuation understated in relation
• A 70% and allocation of inventory to prior year figures.
decrease in Accuracy, valuation and Finished goods appear
raw materials allocation of inventory significantly
compared to overstated in relation
Classification of inventory
the prior year; to prior year. May
• A 62% suggest classification
increase in problems or may also
finished goods indicate an inability to
compared to sell finished goods,
the prior year; requiring these to be
and Note 14 of written down to net
the annual realisable value.
financial Higher levels of
statement inventory write-off
shows: create increased
• Inventory concerns about net
write-downs realisable value of
amounting to finished goods.
13% of the
total inventory
value at year-
end in the
current year
compared to
only 8% in the
prior year.
Conclusion
Based on the risk factors identified above, there appears to be relatively high
inherent risk in all the assertions pertaining to inventory at year-end with the
exception of classification and presentation (given that there do not appear to
be any indications that these assertions are at risk).
Inherent risk assessments are therefore set as follows:
Existence High risk for finished goods

Medium risk for raw materials and work in progress
High risk for goods in transit at year-end
Completeness High risk for finished goods and raw materials

Medium risk for work in progress
High risk for goods in transit at year-end
Accuracy, High risk for raw materials, work in progress, and finished
valuation and goods in relation to both the cost of inventory (accuracy) and
allocation its net realisable value (valuation)
Rights Low risk
Classification Low risk

Note: Working paper E1 does not include information about control risk relating to inventory.
The final conclusion regarding risk of material misstatement in the various assertions related to
inventory will be dependent on the assessments of control risk by assertion which would be the
subject of a separate working paper (not included in this text).
12.5.2 The need to consider risk arising from going concern issues
Financial statements are prepared by management on the assumption that the entity will
continue trading in the foreseeable future and that it will realise its assets and discharge its
liabilities in the normal course of business. This entity can be referred to as a going concern.
While this may appear to be a consideration only for when the financial statements are
prepared (or during the finalisation phase of the audit), ISA 570 (Going concern) specifically
requires the auditor to consider whether there are any indicators that the entity may not be a
viable going concern during the risk assessment phase of the audit.
These indicators of an entity’s potential inability to continue trading as a going concern, as
suggested by ISA 570, are grouped into three main headings and all three should be considered
during the planning phase in order to reach a decision on potential inherent risk related to
going concern issues.
The three indicators of an entity facing going concern problems are:

1. Financial indicators: These indicators are concerned with the financial figures and include
aspects pertaining to profitability, solvency and liquidity indicators. The auditor would be
concerned if, for example, the entity is making losses, is not able to meet its debts, was
refused additional finance or credit and is having to renegotiate loan repayment terms.
2. Operating indicators: These indicators are concerned with the day-to-day running of the
entity and factors relating to this that may imply an inability to continue trading, such as
loss of key management (without a reasonable prospect of replacing them), loss of a key
franchise or license arrangement, quality problems with their product and protracted
labour disputes.
3. Other indicators: This final category of indicators includes anything not specifically
related to the financial or operating position of the entity. Typically, matters such as
pending court cases or changes in legislation may fall into this category.
FURTHER READING
Take a few minutes to read through the list of specific indicators under these three
categories in ISA 570 para A3.
Reflect on how each one might cast doubt about an entity’s ability to continue trading
as a viable going concern and thus present increased inherent risk that the accounts may
have been manipulated.
Should the auditor have detected the presence of any indicators of potential going concern
problems that have occurred, or should he or she believe these are likely occur in the 12-month
period following the end of the financial reporting period subject to audit, the auditor would
then need to be concerned about whether management have any plans in place to mitigate the
identified going concern problem. A consideration of these plans and management’s intended
disclosures in the financial statements relating to them are critical to the auditor in assessing
the resultant level of inherent risk for the audit.
Inherent risk is created when an entity is potentially not a viable going concern. This
inherent risk arises because of the potential pressure management is now under to present
results that reflect a better situation than the entity is actually in. An entity that is struggling
financially is unlikely to be able to attract any additional finance or investment funding and yet
this is usually just what these entities desperately require if they want to survive. This pressure
that management are under creates an increased risk that management may manipulate the
financial statements to try to show the entity as being in a better position than it actually is.
This will amount to fraudulent financial reporting, which is discussed in more detail in the next
section of this chapter.
The inherent risk associated with a potential going concern problem is regarded as being at
a financial statement level as there are numerous ways in which management can inflate assets,
understate liabilities, inflate profits and understate expenses to present better-looking results. In
situations where there is perceived to be a risk that the entity will not continue as a going
concern, inherent risk at financial statement level will therefore increase, increasing audit risk.
The auditor will therefore have to find ways to reduce detection risk at financial statement
level to compensate for this and thereby return audit risk to acceptably low levels.
Note: Where going concern is identified to be a potential problem during the planning phase,
this will increase the risk of inappropriate disclosure relating to going concern being made in
the final financial statements, and/or the inappropriate basis of accounting being applied (i.e.
the going concern basis of accounting cannot be used if the entity intends ceasing operations
six months after the end of the financial reporting period).
REFLECTION
What is the assessment of going concern risk for Ntsimbi Piping?
Go back and have a look at the working paper that considers risk at financial statement
level for Ntsimbi Piping. One of the considerations that affected the risk assessment was
the potential going concern problems highlighted through the client profile and the annual
financial statements.
The formal assessment of the going concern ability of the entity is, however, not concluded
during audit planning. Instead, it is concluded after performing specific audit procedures
during the finalisation of the audit. These procedures are covered in detail in Chapter 15. It is
during this finalisation phase where the appropriateness of the final preparation of the financial
statements on the going concern basis is considered and also where the adequacy of any
required disclosure relating to any material uncertainties about going concern are considered in
the context of expressing the appropriate audit opinion on the financial statements.
12.5.3 The need to consider risk of fraud

While the responsibility for the prevention and detection of fraud rests securely on the
shoulders of management, ISA 240 (The auditor’s responsibilities relating to fraud in an audit
of financial statements) does require the auditor to obtain reasonable assurance that the
financial statements are free from material misstatement, whether caused by fraud or error.
It stands to reason that when considering the risk of material misstatement in the financial
statements (whether it be inherent or control risk and whether it be at financial statement level
or at account balance/class of transaction/disclosure level), the auditor should be alert to the
risk of material misstatement caused specifically by fraudulent activities.
REFLECTION
What is the difference between fraud and error?
Fraud is defined in ISA 240 to be ‘the intentional act by one or more individuals …
involving the use of deception to obtain an unjust or illegal advantage’.
Error, however, does not have any intent (no one sets out to make a mistake), nor
deception (usually individuals are unaware that they have made an error and so they will
not try to cover it up in any way), nor any unjust or illegal advantage (again, individuals
who make an error are usually doing so unknowingly, and certainly not because they are
trying to achieve any personal gain or benefit).
Owing to its nature, fraud is inherently more difficult for the auditor to detect than
error because perpetrators of fraud do so knowingly and therefore attempt to find ways to
cover it up.
There are two types of intentional misstatements that the auditor is concerned with:
1. An intentional manipulation of the financial statements (referred to as ‘fraudulent
financial reporting’ in ISA 240). This is also sometimes referred to as window-dressing
(portraying a different picture to the one that really exists).
2. Theft (referred to as ‘misappropriation of assets’ in ISA 240).
12.5.3.1 What procedures is the auditor specifically required to perform while

obtaining an understanding of the entity to obtain information to enable
him or her to assess the risk of material misstatement arising from fraud?
ISA 240 requires the auditor to perform the following procedures to assist with the
identification of fraud:
1. Enquire of management (and those charged with governance of the entity if different to
management) as to their assessment of the potential for fraud in their entity and their
process to identify and respond to any perceived fraud risk. These enquiries would also
include the extent to which management has any knowledge of actual, suspected or
alleged fraud. Should the response from management to the auditor’s enquiries indicate
poor internal fraud risk procedures or should they highlight the potential for fraud, the risk
of material misstatements in the financial statements will clearly be increased as a result.
2. Evaluate any unusual or unexpected relationships identified during the performance of
preliminary analytical procedures to determine whether or not they indicate any possible
risk of fraud.
3. Consider any other information that comes to light that may indicate a risk of fraud.
Evaluate whether information obtained through other risk assessment procedures (i.e.
obtaining an understanding of the entity) indicates the presence of any fraud risk factors.
12.5.3.2 Exploring the fraud risk factors as a means to identify risk of fraud
To be able to consider whether fraud may have taken place or not, the auditor needs to be alert
to the reasons why fraud takes place. One needs to be able to think like a thief to catch a thief.
So, why then would anyone commit fraud? There are three different reasons why someone
may commit fraud and one overriding precondition that needs to be present for them to do so.
Once these reasons and the precondition are understood, it will make it much easier to identify
the risk of fraud taking place.
So, why would any individual commit fraud?

Reason 1 – Because they end up better off afterwards. There is thus an incentive for them to
commit fraud.
Reason 2 – Because they feel they have no choice. They feel forced into it. There is pressure
placed on them that results in their being driven to commit the fraud.
Reason 3 – Because they feel it is the right thing to do. They do not believe that what they have
done is unjust or illegal. There is a rationalisation to their act (as twisted as their logic might
sometimes be).
Overriding precondition – none of the above reasons to commit fraud can take place unless
there is also the opportunity to do so. As much as there may be an incentive, pressure or
rationalisation to commit fraud, it will simply not be possible if there is not also the
opportunity.
A sales manager may be under intense pressure to overstate revenue but if he or she has no
opportunity to do so, it cannot happen. A petty cash box left open and unattended on
someone’s desk presents a perfect opportunity to steal cash but if anyone does steal the cash, it
is because there is an incentive to do so, not simply because there was the opportunity. Would
anyone steal the contents of a rubbish bin even if the rubbish bin was in a location where there
was easy access to its contents? It would be unlikely not because there was not the opportunity,
but rather because there is no incentive, pressure or rational reason to steal rubbish.
Now, how do these fraud risk factors help the auditor in identifying possible risk of
material misstatement arising out of fraud?
Having obtained his or her understanding of the entity, the auditor then answers the following
questions to determine whether there are any fraud risks:
1. Are there incentives for anyone to manipulate the amounts and disclosures in the financial
statements?
2. Is anyone under pressure to manipulate the amounts and disclosures in the financial
statements?
3. Could there be any sort of rationalisation for why someone may want to manipulate the
amounts and disclosures in the financial statements?
4. Are there any incentives for anyone to steal any of the company’s assets?
5. Is the auditor aware of anyone who may be under sufficient pressure that they would steal
company assets?
6. Could there be any sort of rationalisation for why someone would steal company assets
believing it to be completely acceptable (as compensation for something they feel the
company has not given them, for example)?
7. If the answer to any of the above questions was ‘Yes’, then who would this person be, and
would they have had any opportunity to commit the potential fraud?
FURTHER READING
Appendix 1 in ISA 240 provides a comprehensive list of examples of possible fraud risk
factors for both fraudulent financial reporting and misappropriation of assets under the
headings of incentives/pressures (note that the ISA combines these into one reason),
rationalisations and opportunities (again note that the ISA refers to opportunities being a
fraud risk factor, yet in this text it is regarded as a precondition rather than a risk factor in
its own right).
Work through the appendix to gain valuable insight into possible indicators of fraud
risk that may become apparent through the auditor’s understanding of the entity.
Are there any fraud risk factors present when considering Ntsimbi Piping?
It is not clear from the client profile whether there are any incentives or possible
rationalisations to manipulate the financial statements, but the financial position of the
entity at year-end, the difficult trading conditions being experienced, and the uncertainty
around going concern all create pressure on management to produce better results.
It would then need to be evaluated whether management has the opportunity to
manipulate the financial statements. This will largely depend on the adequacy of the
company’s systems of internal control, both general and application controls.
Having identified a potential risk of fraud, this risk can then be categorised as either being at
financial statement level or being at an account balance/class of transaction/disclosure level.
Depending on the nature of the fraud risk indicator that has been identified, the fraud risk
will then also be classified as being either inherent or control risk.
Note that revenue recognition is deemed by ISA 240 to be a fraud risk in every audit
engagement. In other words, the auditor needs to ordinarily presume that the client has
manipulated its recognition of revenue either to overstate or understate its revenue. This
presumption can only be overturned should the auditor be able to document sufficient
reasoning as to why he or she believes the entity has not manipulated its revenue recognition.
ISA 240 also requires that the auditor consider, and respond to, the risk that management may
override (or bypass) internal control because of the unique position management are in that
enables them to operate outside normal control processes. As a minimum, auditors are
therefore required to design and perform procedures:
1. That consider the appropriateness of journal entries in the general ledger and other
adjustments made in the preparation of the financial statements (journal entries create a
significant opportunity to manipulate the financial statements);
2. That review accounting estimates for bias, as this may indicate manipulation by
management to achieve desired results. For example, if management wish to increase
profits as much as possible, they may intentionally understate all valuation adjustments to
minimise the effect thereof on the profit figure. The auditor should thus be alert to
whether misstatements with regard to accounting estimates present a consistent trend or
not; and
3. That consider the business rationale behind any significant transactions that are outside
the normal course of the entity’s business.
As with other identified risks of material misstatement, the auditor has to consider the effect of
fraud risk on the level of required detection risk and has to design appropriate responses to
attain these required levels of detection risk.
Fraud risk is an example of a risk that is classified as a significant risk, which is discussed
in the next section.
12.5.4 Identification of risks that require special audit

consideration (significant risks)
In terms of the requirements of ISA 315, having obtained the required understanding of the
entity and having identified potential risks of material misstatement, the auditor now needs to
consider whether any of these identified risks should be classified as a significant risk.
The implication of classifying a risk as ‘significant’ is that it requires the auditor to develop
a specific response to that individual risk rather than, for example, a general response to an
increase in inherent risk at financial statement level.
Why is there the need to include this separate category of risks?

WHY? Once you have worked through the examples that follow of what circumstances
typically give rise to a risk being classified as a significant risk, you will notice
that none of the circumstances relate to routine or normal/expected
circumstances.
In every case, there is either something new happening, something that is
open to manipulation, something that is overly complex, or something that is
judgmental. If there is going to be material misstatement in a set of financial
statements, it is most likely to be present under these types of circumstances.
By classifying something as a significant risk, the auditor is then forced to
pay specific attention to the matter.
So, what makes something a significant risk?
ISA 315 suggests that the auditor should consider at least the following when exercising his or
her judgement as to what may constitute a significant risk:
• Whether it is a fraud risk or not.
• Whether the risk arises out of recent significant developments (economic, accounting or
otherwise) and therefore requires specific attention.
This may include instances where, for example, there has been a significant change in
legislation, accounting standards, interest rates or foreign exchange rates. This change has
then triggered a potential risk of material misstatement which, if seen to be significant, will
thus require specific consideration by the auditor.
• Where complex transactions are identified.
Given the complexity of certain transactions, the potential for material misstatement is
greatly increased. The auditor may even find it difficult to understand the transaction, let
alone determine whether it has been appropriately accounted for.
Should the auditor therefore identify transactions that are seen to be sufficiently complex,
he or she may well flag these as significant risk areas and therefore design specific
procedures (including, for example, the use of an expert) to obtain the necessary evidence
regarding their correct recognition, measurement, presentation and disclosure in the
• Where significant transactions with related parties are identified.
Related parties cause concern for the auditor in that there is opportunity to manipulate
transactions between the related parties to achieve objectives of those parties that may not
be consistent with the objectives of the entity that the auditor is concerned about.
The charging of administration fees and rental, for example, as well as the sale of products
between related parties create ample opportunity to manipulate profits across different
entities.
Where these transactions are identified, they are therefore often judged by the auditor to be
a significant risk area and the auditor designs procedures to ensure that nothing untoward
has occurred in these transactions.
• Where there is a high degree of subjectivity in the determination of amounts.
Where there is considerable subjectivity in determining amounts, this presents the entity
with opportunities to manipulate results. Accounting estimates or fair value adjustments
that are subjective are difficult for the auditor to verify and are thus open to abuse.
For example, should an entity want to maximise its profits, it will look to minimise its fair
value write-downs of its assets. Should the determination of these write-downs be
subjective, it will be much easier for the entity to argue that little or even that no write-
down is necessary, and the auditor will be hard-pressed to prove them wrong.
These subjective areas will therefore need to be looked at carefully by the auditor and
hence will be flagged as significant risks that require special consideration.
• Where significant transactions outside the normal course of business are identified.
As soon as an entity does something that is not part of its normal business operations, the
auditor needs to question why this has been done and whether this presents a significant
risk or not. Given that these transactions are unusual, it is important for the auditor to
understand why management entered into them. There is also an increased likelihood of
material misstatement given that these transactions are not what the entity normally does
and is therefore familiar with.
Where a risk is classified as a significant risk, the auditor is required to:

• Obtain an understanding of the design of any internal control (including control activities
specifically) relevant to that risk; and
• If the internal control has been properly designed to address the significant risk, evaluate
whether the designed control has been properly implemented by the entity. (Note that this
does not necessarily mean that the operating effectiveness of the control must be tested –
i.e. that tests of controls must necessarily be performed.)
Significant risks are usually linked to the account balance/class of transaction level because
they are usually related to individual transactions or account balances but there may also be
instances where a significant risk is seen to affect multiple account balances (fraud risk where
there is an incentive to manipulate profits, for example).
Significant risks are usually classified as inherent risks given that they arise independently
of any internal control considerations.
REFLECTION
Are there any significant risks in Ntsimbi Piping?
It is likely that there will be significant risks in Ntsimbi Piping, such as the following:
1. There are bound to be several complex transactions (including the manufacturing of
inventory as well as the importation of raw materials, for example).
2. There are significant related parties and therefore there will be significant related party
transactions.
3. There are bound to be significant accounts that require high degrees of subjectivity in
their determination. For example, the residual value and useful life of manufacturing
plant, and the obsolescence allowance required for inventory.
12.5.5 Risks for which substantive procedures alone do not
provide sufficient appropriate audit evidence
ISA 315 highlights that there may be certain identified risks of material misstatement where it
is not possible, or practical, to obtain sufficient appropriate audit evidence to mitigate the risk
through substantive procedures alone. In these circumstances, detection risk is not able to be
reduced to sufficiently low levels to compensate adequately for the high level of inherent
and/or control risk. The only course of action the auditor has is to seek to reduce the level of
control risk by testing the related control activities and concluding therefrom that the controls
are effective. The auditor will then have reduced his or her assessment of control risk and this,
together with the reduction in detection risk resulting from the substantive procedures he or she
is able to perform, will adequately mitigate the high levels of inherent risk and restore audit
risk to an acceptably low level.
An example of a situation where the above may be the case would be the auditor in the
audit of a large retailer (like Pick n Pay, Shoprite or Woolworths). These organisations process
high volumes of sales transactions for a wide range of different products and at different
values. It would be impossible for the auditor to obtain sufficient appropriate audit evidence
regarding the sales class of transactions through performing substantive procedures alone and
he or she would need to test the operating effectiveness of control activities over sales
transactions in order to obtain sufficient audit evidence.
WHAT What if the auditor was unable to obtain sufficient appropriate evidence
through substantive procedures alone and yet, when seeking to place reliance
IF? on control activities, discovered that control activities were not capable of
adequately preventing, or detecting and correcting, material misstatements?
Under these circumstances, the risk of material misstatement for the affected
account balance/class of transactions could never be adequately mitigated and
audit risk could therefore not be reduced to acceptably low levels.
The auditor would therefore need to issue a modified audit opinion on this
account balance/class of transactions, effectively indicating that he or she was
unable to reach a conclusion on whether the account balance/class of
transactions is fairly presented or not.
12.6 How can the auditor respond to identi ed risks

of material misstatement?
Having completed phase 3 of planning (risk identification), it is now necessary for the auditor
to make decisions about what he or she is going to do to mitigate these identified risks of
Remember that risks are classified as either inherent or control risks and they result in a
level of detection risk being established that will enable the auditor to return the level of audit
risk to its required acceptably low level. The auditor now needs to consider how these resulting
levels of required detection risk will be achieved, at both financial statement and account
balance/class of transactions/disclosure levels.
12.6.1 Responding to detection risk at the financial statement level

Having assessed both inherent and control risk (i.e. the risk of material misstatement) at the
financial statement level arising from the potential for error or fraud (including having
considered the going concern risk of the entity), the auditor will have used his or her
judgement (based on the audit risk model) to determine a resulting level of detection risk
required to bring audit risk back to acceptably low levels.
Generally speaking, the level of detection risk required to bring audit risk back to
acceptably low levels can be classified according to Table 12.6.
Table 12.6: The varying levels of detection risk
LEVEL OF
DETECTION RISK RELATED LEVELS OF INHERENT AND CONTROL RISK
REQUIRED
Very high Low inherent risk and low control risk
High Low inherent risk and medium control risk or medium inherent risk
and low control risk
Medium High inherent risk but low control risk or high control risk but low
inherent risk or medium inherent risk and medium control risk
Low High inherent risk and medium control risk or medium inherent risk
and high control risk
Very low High inherent risk and high control risk
Remember that the lower the level of required detection risk, the lower the risk has to be that
the auditor will fail to detect material misstatements through his or her procedures.
Also remember that as the focus here is on detection risk at the financial statement level,
anything that the auditor does to adjust the level of detection risk at this level must be done in
such a way that it affects all account balances/classes of transactions/disclosures.
12.6.2 What options are available to the auditor to achieve desired

changes to the level of detection risk at the financial
statement level?
There are several approaches that the auditor can adopt to adjust the overall level of detection
risk in the audit and they can all be adapted to cater for whether detection risk needs to be
increased or reduced.
Table 12.7 sets out the available responses to the auditor at the financial statement level
(per ISA 240, specifically paragraph 29, and ISA 330 (The Auditor’s Responses to Assessed
Risks), specifically paragraphs A1 to A3) and how the auditor could use these responses to
achieve the desired level of detection risk at the financial statement level.
It is not necessary for the auditor to use all possible responses to change the level of
detection risk. The auditor needs to consider his or her required level of detection risk (refer to
Table 12.6) and then exercise his or her judgement in choosing the appropriate response(s) to
achieve this desired level of detection risk.
When reviewing the lists of available responses in Table 12.7, note that none of these
responses is linked to any specific individual account balance – they will all alter the manner in
which the audit is conducted rather than what specific procedures are going to be performed on
which specific account balances/classes of transactions/disclosures.
If you like, another way to view this is that the response to detection risk at the financial
statement level sets the overall context within which the audit as a whole will be performed.
Table 12.7: Available responses to the auditor (per ISAs 240 and 330) to adjust
detection risk at a nancial statement level
TO REDUCE DETECTION TO INCREASE DETECTION

RISK (WHERE THERE ARE RISK (WHERE THERE ARE
AVAILABLE
HIGHER OVERALL LOWER OVERALL LEVELS
RESPONSE
LEVELS OF INHERENT OF INHERENT AND
AND CONTROL RISK) CONTROL RISK)
Change professional Ensure that the engagement Ensure that the engagement
scepticism team is made aware of the team is made aware of the
need to increase the degree to need to reduce the degree to
which they have to be which they have to be
sceptical of representations sceptical of representations
from management or when from management or when
considering the sufficiency of considering the sufficiency of
audit evidence (which will audit evidence (which will
reduce the risk that increase the risk that
misstatement will not be misstatements will not be
detected). detected).
The message to the audit team The message to the audit team
is ‘Keep your eyes wide is ‘Don’t worry too much
open!’ about challenging the evidence
– if it seems OK at face value,
then accept it.’
AVAILABLE
RESPONSE
Change the composition of Assign more experienced audit Assign less experienced audit
the engagement team staff to the engagement who staff to the engagement. These
are more able to design staff members will be less able
appropriate procedures and/or to design appropriate
evaluate the adequacy of audit procedures and/or evaluate the
evidence. This will make it adequacy of audit evidence.
less likely that misstatement This will make it more likely
will not be detected. that misstatement will not be
detected.
Change the overall nature Seek to obtain better quality Be prepared to accept lower
and/or timing of audit audit evidence, such as an quality audit evidence, such as
procedures increased use of external an increased use of evidence
documentary evidence. This internally generated by the
will increase the strength of audit client (rather than
the evidence obtained and so evidence from an external
reduce the likelihood of not source). Auditors could also
detecting misstatement. place greater reliance on oral
Seek to perform procedures or visual evidence. This will
just before year-end or after reduce the strength of the
year-end (as opposed to earlier evidence obtained and so
increase the likelihood of not
in the year). This allows for
detecting misstatement.
the entire financial year to be
tested and, as a result, reduces Seek to perform procedures at
the risk of errors not being an interim stage
detected as a result of the (complemented by further
entire year not being included procedures later in the year),
in the testing. as the auditor can accept a
higher risk of not detecting
errors that occurred during the
period between the interim
testing and the year-end.
AVAILABLE
RESPONSE
Change the extent of audit Make adjustments to Make adjustments to

procedures and the level of performance materiality and/or performance materiality and/or
acceptable misstatement sampling methodology to sampling methodology to
ensure that more items will be ensure that fewer items will be
tested and that reduced levels tested and that increased levels
of potential misstatement will of potential misstatement will
be accepted. This will reduce be accepted. This will increase
the risk that misstatements the risk that misstatements
might not be detected. might not be detected.
(Note that performance (Note that performance
materiality is discussed later materiality is discussed later
in section 12.7 of this in section 12.7 of this
chapter.) chapter.)
Alter the extent of Ensure that supervision of the Ensure that supervision of the
supervision during the audit process is more regular audit process is less regular
engagement and more rigorous than and less rigorous than normal.
normal. Audit management This reduced extent of
should check in regularly to supervision will ensure that it
see how the audit is will be more likely that
progressing and should misstatements will not be
challenge the work being detected.
performed. It will therefore be
less likely that misstatements
will not be detected.
Adjust the strength of the Make the review process more Make the review process less
review process rigorous and with a greater rigorous and less probing than
depth than normal (work done normal (work done by the
by the audit junior is reviewed audit junior is reviewed
by the audit senior and then directly by the audit partner –
again by the audit manager the audit senior and manager
and then finally again by the are skipped in the review
audit partner). This will make process). Given that there is
it less likely that misstatements only one review of the work,
will not be detected. this will make it more likely
that misstatements will not be
detected.
AVAILABLE
RESPONSE
Change the degree of audit Ensure the audit partner (who Ensure the audit partner is not
partner involvement probably has the best very actively involved in the
understanding of the entity and audit process. Have the audit
its potential for audit risk) is planned by a less senior
more actively involved in the member of the audit team
audit process (especially the (with it just being reviewed by
planning and review phases). the audit partner, for example).
This will make it more likely This will make it less likely
that risks and responses thereto that risks and responses
will be appropriate and thereto will be appropriate and
therefore the likelihood of therefore the likelihood of
misstatements not being misstatements not being
detected will reduce. detected will increase.
Introduce unpredictability Make regular changes to the Do not make any changes to
into the design of the audit audit approach (nature, timing the audit approach from year
procedures and extent of audit procedures) to year. It does not matter that
from year to year alternating the client is able to predict
between different ways of what evidence the auditor is
obtaining the necessary audit likely to be looking for. The
evidence. This will ensure that fact that the client may be able
the client is unable to predict now to anticipate the auditor’s
what evidence the auditor is procedures will increase the
likely to be looking for and so risk of not detecting
reduce the risk of not detecting misstatements.
misstatements.
REFLECTION
If you were the auditor of an entity, would you be comfortable with the suggestions made
in the right-hand column of Table 12.7?
Would you be comfortable, for example, to reduce the level of scepticism, or reduce the
amount of testing, or even reduce the extent of the supervision or review process? Would
you be happy to keep the audit partner out of the planning process?
Most students are quite comfortable with the middle column dealing with responses to
decrease the likelihood of not detecting misstatement, but they struggle with increasing the
likelihood of not detecting misstatement (the third column).
Remember that where the auditor is looking to increase the levels of detection risk, it
is because there is a low risk of material misstatement – inherent risk is low (the auditor is
not expecting misstatement) and/or control risk is low (the auditor is satisfied that the
client’s internal controls should prevent, or detect and correct, material misstatements).
The auditor therefore does not need much additional assurance about the presence of
misstatement through his or her substantive procedures. In other words, it is absolutely
fine that there is a higher risk of not detecting misstatements through his or her substantive
procedures.
REFLECTION
What might the auditor do to respond to the medium level of risk at financial statement
level for Ntsimbi Piping?
Any of the previously mentioned responses could be considered. Given that it is medium
risk, it would probably be necessary to reduce marginally the overall level of detection
risk to restore the level of audit risk to acceptable levels.
Practically, this would probably involve the following:

1. Increasing levels of scepticism throughout the audit;
2. Increasing the thoroughness/depth of the review process; and
3. Reducing performance materiality marginally to increase the extent of work to be
performed.
12.6.3 Responding to detection risk at the account balance/class of

transactions/ disclosure level
As we have seen previously in this chapter, detection risk at an account balance/class of
transactions/disclosure level is determined for the relevant assertions for the specific account
balance/class of transactions/disclosure. Having considered the inherent and control risk (risk
of material misstatement) per assertion for an account balance/class of transactions/disclosure,
the resultant level of required detection risk is then determined by the auditor.
Possible levels of detection risk at assertion level for a particular account balance, class of
transactions or disclosure are the same as those at financial statement level and are set out in
Table 12.6 above.
Having assessed the required level of detection risk for a particular assertion for a
particular account balance/class of transactions/disclosure, what can the auditor now do – in
terms of designing the substantive procedures – to achieve those desired levels of detection
risk?
There are three areas pertaining to substantive procedures that the auditor can alter to respond
to a changing level of desired detection risk. These options are all discussed in more depth in
Chapter 13 but are summarised below:
Area 1: Change the nature of planned audit procedures.

The nature of testing embodies the ‘what to do’ component of audit procedures. There are
several alternatives that the auditor can use to strengthen or weaken the quality of the audit
evidence that will be gathered from substantive procedures depending on the desired level of
detection risk:
• Substantive tests of details versus substantive analytical procedures;
• Performing more different types of substantive procedures versus performing fewer types
of substantive procedures;
• Incorporating the use of experts, or not;
• Placing reliance on documentary evidence versus oral or visual evidence;
• Placing reliance on external evidence rather than internal evidence; and
• Making use of different sampling techniques (random selection versus haphazard selection,
for example).
Note: In each of the above examples, the first option provides stronger, more reliable evidence,
and hence reduces the level of detection risk to a greater extent.
All these options enable the auditor to vary what he or she plans to do to obtain the necessary
audit evidence to address the level of detection risk for each assertion. So, for example, if an
auditor needs to respond to a required level of detection risk that needs to be low for the
accuracy, valuation and allocation of trade debtors, the auditor could choose to make greater
use of external documentary evidence, possibly even provided by an auditor’s expert. If,
however, the auditor’s required level of detection risk is high, he or she could then opt for
substantive analytical procedures on internally generated documents as a means to obtain
relatively high levels of detection risk.
Both of the examples presented above reflect a change in the nature of testing in response
to the required level of detection risk that must be achieved.
Area 2: Change the timing of planned audit procedures

The timing of testing embodies the ‘when’ component of audit procedures. Again, there are
several alternatives that an auditor can consider that may have an impact on the quality of
evidence obtained and therefore the resultant level of detection risk:
• Performing procedures after year-end versus at an interim or early verification stage; and
• Performing procedures at year-end rather than after year-end (e.g. inventory counts).
Note: In each of the above examples the first option provides stronger, more reliable evidence,
and hence reduces the level of detection risk to a greater extent.
Note that modifications to the timing of planned audit procedures may also be influenced by
other factors, such as by when the audit has to be completed (if there is very little time after
year-end, the auditor may have to incorporate tests before year-end rather than after year-end)
or what audit approach is going to be adopted (e.g. if following a combined approach, it would
be important to schedule the substantive procedures to be after the tests of control). (Audit
approaches are discussed in the next section of this chapter.)
Area 3: Change the extent of planned audit procedures.

The extent of testing embodies the ‘how much’ component of audit procedures. There are only
two alternatives for the auditor to consider here:
• Doing more testing will reduce detection risk because it will result in more audit evidence
being obtained.
• Doing less testing will increase detection risk because it will result in less audit evidence
being obtained.
Remember that in responding to detection risk at financial statement level, the auditor may
already have planned to increase, for example, the extent of testing in all account balances and
classes of transactions (by having reduced performance materiality).
When considering the individual assertions, the auditor now considers whether for a
particular assertion to increase even more the extent of testing (a possible response to lower
levels of detection risk being required for the assertion being considered) or whether to
reduce/offset this overall increase in extent of testing (should the auditor wish to raise
detection risk for a specific assertion instead).
It is important to understand that there are therefore two elements affecting how much audit
work has to be performed for a particular assertion in a particular account balance/class of
transactions/disclosure. These are:
1. The auditor’s determination of performance materiality (which may or may not have been
adjusted to respond to financial statement level risk of material misstatement) (discussed
in more detail later on in this chapter); and
2. The desired level of detection risk for the specific assertion being considered (which is
influenced by inherent and control risk specific to that assertion only).
REFLECTION
What might the auditor do to respond to the high level of risk of material misstatement in
the accuracy, valuation and allocation assertion for the inventory account balance of
Ntsimbi Piping?
The auditor could consider making changes to:
• The nature of testing (e.g. through use of management’s experts (refer to ISA 500 for
further information about this) to assist in determining the net realisable value of
finished goods);
• The timing of testing is unlikely to be affected; and
• The extent of testing (through performing increased amounts of testing – i.e. larger
number of items to be audited – on the accuracy, valuation and allocation assertion,
both from a cost (accuracy) and a net realisable value (valuation) perspective).
12.6.4 The implications of combined testing versus substantive

testing
There are two audit approaches (the concept of an audit approach is discussed in the
introduction to this chapter and essentially incorporates the nature, timing, and extent of
procedures to respond to identified risk of material misstatement) that an auditor can adopt to
respond to identified risk of material misstatement. These are discussed in this section.
12.6.4.1 Combined approach (sometimes called a ‘controls-based approach’, where

the nature of procedures incorporates both tests of control and substantive
procedures)
The auditor chooses to place reliance on internal control (and therefore has to perform tests of
their operating effectiveness) which can corroborate a reduced assessment of control risk and
enable the auditor to justify higher levels of detection risk in the substantive procedures (which
results in fewer substantive procedures being required).
In essence, this approach tests controls (to confirm that the assessed control risk is lower
than high) and performs limited substantive procedures (higher detection risk).
12.6.4.2 Substantive approach (sometimes called a ‘wholly substantive approach’,

where the nature of procedures excludes any tests of control and only
relies on substantive procedures)
Here the auditor chooses not to place reliance on internal control, or is not able to place
reliance on internal control even if he or she would have liked to. This means that control risk
will automatically be assessed as high and the level of required detection risk will thus have to
be reduced. This reduction in the level of required detection risk means that the auditor has to
perform more extensive substantive procedures.
In essence, this approach ignores controls (high control risk) and obtains all audit evidence
through (often extensive) substantive procedures (resulting in lower detection risk).
It is important to note that there is no approach that enables the auditor to rely only on
internal controls. ISA 330 specifically requires that some substantive procedures (which may
only include substantive analytical procedures, or limited substantive tests of details, for
example) are performed for all material assertions.
WHY? Why does the auditor always have to perform at least some substantive
procedures? Why can he or she not adopt an audit approach that simply places
reliance on the operating effectiveness of internal controls?
Tests of control only provide the auditor with evidence about the operating
effectiveness of internal control and not regarding the rand value of the related
account balance/class of transactions. Tests of controls on their own will
therefore never provide sufficient audit evidence to support a conclusion about
the fair presentation of an account balance or class of transactions.
Also, the financial statements are a set of rand value figures. It would be
inappropriate for the auditor not to consider specifically the reasonableness of
these rand values in reaching conclusions about their fair presentation.
images
Figure 12.4: Diagrammatic representation of the audit risk model
When an auditor is considering the level of control risk, control risk can only ever be initially
assessed as low under the following conditions:
• The relevant control activity is well designed (it is capable of preventing, or detecting and
correcting, material misstatement); and
• The relevant control activity has been implemented (has been put in place by the client and
has been used throughout the period of intended reliance); and
• The auditor plans to place reliance on the relevant control activity (based on his or her
consideration of their design and implementation) and will therefore seek to obtain audit
evidence (through the performance of tests of controls) that the control activity is operating
effectively (is working as intended). Note that this is a planning decision and that it is only
after the subsequent tests of controls have been performed that this initial assessment of low
control risk can be confirmed.
Should a control activity:

• Not be well designed; or
• Be well designed, but not properly implemented by the client; or
• Be well designed and implemented by the client, but the auditor chooses not to place
reliance on the control activity (and therefore chooses not to perform any tests of controls
on the control activity’s operating effectiveness); or
• Be well designed and implemented by the client, but when the auditor tested the controls,
found that the controls did not operate effectively throughout the period …
Then … control risk must – by default – be set to HIGH.
The important point to note is that control risk can only ever be set as LOW when the auditor
plans to test the operating effectiveness of the relevant control activity, and tests of controls
subsequently performed by the auditor confirm that the control activity was operating
effectively for the period.
Note that the auditor does not have to test operating effectiveness of any controls (even if
they are well designed and have been implemented), unless, of course, he or she has to respond
to a risk for which substantive procedures alone cannot provide adequate audit evidence (refer
to section 12.5.5 of this chapter).
Tests of controls will always be performed prior to substantive tests because of the need
first to confirm that the initial assessment of low control risk is, in fact, appropriate. If tests of
controls indicate that controls are not, in fact, operating effectively, control risk would then
need to be increased and would in turn reduce the required level of detection risk, the planned
response to which would then need to be reconsidered and would probably require more
extensive substantive procedures to be performed.
12.6.4.3 Under what circumstances should an auditor consider performing tests of

controls?
There are three considerations that an auditor should bear in mind when deciding on whether to
test the operating effectiveness of internal control. Note that if the control activities are not
well designed or are well designed but have not been properly implemented, the auditor would
not have to consider whether or not to test their operating effectiveness in the first place – there
is no point testing the operating effectiveness of poorly designed control activities or of control
activities that we know were not used.
1. Is it necessary to test controls?

There may be some account balances/classes of transactions/disclosures where there is no
other option for the auditor but to test the operating effectiveness of controls. These situations
are referred to in ISA 315 as ‘risks for which substantive procedures alone do not provide
sufficient appropriate audit evidence’ and were discussed in section 12.5.5 of this chapter.
Under these circumstances, the auditor is required to understand fully the information system
and related control activities around the affected class of transactions and needs to seek to
place reliance on the operating effectiveness of these control activities to avoid a modification
of the audit opinion.
Another example of when it may be necessary to test internal controls is where
management specifically request it. Management may want feedback on the operating
effectiveness of their internal control (e.g. as part of their risk management process for
example) and may be prepared to pay the auditor to provide this feedback. In this case, even
though the auditor may otherwise have chosen not to perform tests of controls, under these
circumstances he or she will no longer have a choice in the matter and it will become necessary
to perform these tests of controls.
Under either of the above circumstances, the auditor therefore has to adopt (because it is
necessary) a combined audit approach whereby he or she performs both tests of controls and
substantive procedures.
REFLECTION
What would the implications be for either of these circumstances should the auditor
conclude that controls are not operating effectively?
In the case where the auditor is testing controls because substantive procedures alone
cannot provide sufficient evidence, a conclusion that controls are not operating effectively
would result in a modification to the audit opinion because without evidence that controls
are operating effectively, substantive procedures cannot give the auditor enough evidence
to support his or her conclusion.
In the case where the client has requested it, should the auditor conclude that controls
are not operating effectively, they would be able to communicate these deficiencies to
management, set control risk as high, reduce detection risk accordingly and then proceed
to design the necessary (more extensive) substantive procedures to obtain the required
level of evidence. This would not have any impact on the audit opinion.
2. Is it possible/feasible?
The second consideration is whether it is possible or feasible to test internal controls. A key
consideration is whether, based on the auditor’s understanding of the auditee’s internal control
system, he or she believes that the controls system is adequate to prevent, or to detect and
correct, fraud and errors (i.e., are the control activities well designed and is there evidence that
they have been implemented?).
Also, does the auditor have the necessary expertise or access to the software or technology
to test the operating effectiveness of controls? Is the information system structured in such a
way that it is possible to test controls should we wish to?
A situation where it is necessary to test controls but not possible will result in a limitation
on the scope of the audit and, if material, a modification or even disclaimer of the audit opinion
(unless the necessity arose out of a request by management – refer to the earlier reflection on
this matter).
A situation where it is not necessary to test controls and where it is not possible or feasible
anyway will not impose any scope limitations on the audit, as the auditor does not need to test
operating effectiveness. The auditor will have another avenue to follow to obtain the necessary
evidence about the affected account balances by adopting a substantive audit approach.
Obviously, if it is not possible to test controls, control risk must be set at high since there
will be no audit evidence obtained through tests of controls to suggest that controls are
operating effectively.
3. Is it desirable?
In the event that it is not necessary to test controls but is possible, this third consideration
becomes the deciding factor. This factor requires the auditor to consider the cost-effectiveness
of the two possible audit approaches (combined versus wholly substantive) as well as any other
factors that may influence his or her decision on whether to test controls or not.
When faced with the choice of either performing tests of controls and then limited
substantive procedures (a combined audit approach) or no tests of control and extensive
substantive procedures (a substantive audit approach), the auditor has to consider which route
is going to be more cost-effective. Which route would take less time and therefore be less
costly? Which route would be easier? If following a combined approach would take less time,
then performing tests of controls would be desirable. Obviously, if performing tests of control
would be more time consuming, given that it is not necessary to test controls, the auditor
would rather opt for a substantive audit approach.
There may be other circumstances where an auditor chooses to test internal controls even
though it is not necessary and not necessarily the most cost-effective route to reaching the
required levels of evidence. An example of this is a situation where the client has an historic
expectation that they will receive feedback on the operating effectiveness of internal controls
from their auditor. To manage that expectation, the auditor may choose to test controls just so
the client can receive their expected feedback. This allowance on the part of the auditor may
enhance the auditor–client relationship and may be a strategic choice that the auditor makes for
the longer term retention of that client.
12.6.5 Updating the audit approach and plan throughout the audit
The audit approach and plan (in other words, the auditor’s response to identified risks of
material misstatement) are updated as new circumstances come to the auditor’s attention,
making planning an iterative and continual process throughout the audit engagement. During
the audit process, information may come to the auditor’s attention that differs significantly
from the information that was available when the auditor initially planned the nature, timing
and extent of the procedures. Based on a revised consideration of the risk assessment at the
financial statement and/or assertion level for some or all of the classes of transactions, balances
or disclosures, the auditor re-evaluates the planned audit procedures.
For example, through performing interim tests of controls at a client, the auditor may
obtain audit evidence that indicates that reliance on internal controls, as was initially planned,
cannot be placed on specific controls and therefore additional substantive procedures are
required. Alternatively, while performing detailed substantive analytical procedures, results
may identify possible material misstatement in a class of transactions that was previously not
assessed. If this is the case, the audit plan needs to be updated accordingly to incorporate
substantive tests of details to respond to the increased risk.

The fifth and last phase of the planning process involves the auditor determining the level of
misstatement that will be acceptable to users of the financial statements. This figure can only
be properly determined once the auditor has:
• Fully understood the entity (and in particular has identified who the users of the financial
statements are likely to be);
• Assessed the inherent and control risk at financial statement level to determine the required
level of detection risk at this level; and
• Considered the auditor’s response to this required level of detection risk (in particular,
whether or not the auditor plans to alter the extent of testing across all assertions, which is
practically achieved by altering performance materiality).
12.7.1 Definition
ISA 320 (Materiality in planning and performing an audit) defines misstatements to be
‘material’ if:
Individually, or in the aggregate (i.e. together with other misstatements), they could
reasonably be expected to influence the economic decisions of users taken on the basis
of the financial statements.
Before this definition is unpacked, it is important to note that the ISA goes on to make two
further suggestions that assist in understanding when a misstatement is judged to be material.
First, the ISA suggests that judgements about materiality ‘are made in light of the
surrounding circumstances, and are affected by the size or nature of a misstatement, or a
combination of both’.
Second, the ISA suggests that where judgements are made about matters that may be
considered material to users of financial statement information, these judgements are ‘based on
a consideration of the common financial information needs of users as a group’. It goes on to
suggest that ‘the possible effect of misstatement on specific individual users, whose needs may
vary, is not considered’.
The above-mentioned ISA definition facilitates the identification of some important

characteristics of materiality:
• Although the auditor should consider individual misstatement as possibly being material, it
is important to recognise that while individual misstatements may not be material, when
viewed collectively, several individually non-material misstatements may together become
material.
• Materiality needs to be seen in light of decisions taken by users of the financial statement
information. Essentially, the auditor has to anticipate whether users might have made
different economic decisions on the basis of the financial statements had they been aware of
identified misstatements (individually or collectively). If the user would have made a
different decision, the misstatement(s) would have to be regarded as being material,
whereas if they would not have made a difference, the misstatement(s) would not be
regarded as being material. It is therefore important for the auditor to have an understanding
of who the primary users of the financial statement information are, and for what main
purpose these users are likely to be using the information.
• The materiality of a misstatement is not an automatic factual decision based on some
predetermined criterion. It is a judgement call made depending on the circumstances
surrounding the misstatement, the size (rand value) of the misstatement, and the nature
(type) of misstatement. The auditor could therefore regard something to be material even
though its rand value may be fairly inconsequential. Inappropriate or non-disclosure of an
important matter in the financial statements may be regarded as potentially affecting the
decisions taken by users even though the amounts involved may not be that significant.
Typical examples of balances that may fall into this category include all payments to
directors and/or any fraud committed by management. In both these cases, even if the
amounts involved were not significant, they would be regarded as being sufficiently
important to users of the financial statements that they would need to be corrected or fully
disclosed.
Typically, the auditor can classify misstatements identified during the audit into two broad
groups:
• Quantitatively material misstatements – the value of the misstatement is significant to
users’ decision; or
• Qualitatively material misstatements – the nature of the misstatement is significant to
users’ decision.
How misstatements identified during the audit are dealt with by the auditor is discussed in
Chapter 15.
• The auditor does not need to consider the possibility that individual users may make
personal economic decisions that are different to the main user group of which they are a
part. Typically, user groups fall into one of several different categories:
• Shareholders: This group has already invested money in the company and is looking to
decide whether they should retain their shareholding. This is likely to be influenced by
the ability of the company to generate acceptable profits and also possibly by the
potential for growth in the capital value of their investment. Profitability and potential
for growth are important to this group.
• Potential investors: This group is looking to invest their money in a viable investment
vehicle (often having the option to choose from several different opportunities). This
group would probably be most concerned with potential for capital growth and potential
for future returns, and would be looking for the company producing the best potential in
these two areas. As with shareholders, who are existing investors, this group is also
looking at profitability and potential for future growth.
• Debt funders: This group has either already advanced finance to the company or is
considering doing so. Their main concern and decision-making process is going to be
influenced by the ability of the company to meet its interest and capital repayment
commitments. Solvency and liquidity are going to be important to this group.
• Other groups: Naturally, there may be other groups that can be identified, each of which
also have their own decision-making needs when it comes to using the financial
statement information. Other groups could include the following:
• Government in awarding tenders or grants to companies;
• The South African Revenue Service (SARS) in reviewing the reasonableness of the
company’s tax compliance;
• Landlord – in entering into long-term rental arrangements with the company; and
• Suppliers in advancing credit to the company.
When making assumptions about the needs of a group of users of the financial statements, we
are entitled to assume the following:
1. They have a reasonable knowledge of business and economic activities and accounting,
and a willingness to study the information with reasonable diligence;
2. They understand the financial statements are prepared, presented, and audited to levels of
materiality;
3. They recognise the uncertainties inherent in the measurement of amounts based on the use
of estimates, judgement, and the consideration of future events; and
4. They will make reasonable economic decisions on the basis of the information in the
There are two different terms relating to materiality that will be elaborated on in the text below.
It is useful to start off with a high-level overview of these terms:
Materiality This refers to the level of acceptable misstatement for the financial
statements as a whole, as typically determined when establishing the
overall audit strategy. Materiality can also be set at differing levels
for particular classes of transactions, account balances or disclosures
if it is felt that misstatements of amounts less than materiality in
these instances might affect decisions taken by users of the financial
statements.
In practice, this calculation of materiality is often referred to as
‘Planning materiality’ because it is determined during the planning
process for an audit.
Performance This is an amount that is less than materiality and it is determined,

materiality and applied, to reduce to a sufficiently low level the probability that
the aggregate of uncorrected and undetected misstatements will
exceed materiality.
In practice, the determination of performance materiality is done
through applying a percentage to materiality. Performance
materiality is then used to assess the risks of material misstatement
and to determine the nature, timing, and extent of further audit
procedures.
12.7.2 Calculating materiality

12.7.2.1 The steps to follow when calculating materiality
Because these identified user groups are primarily making financial decisions, it is necessary
for the auditor to quantify a rand value that he or she believes (using his or her experience and
professional judgement) would be acceptable to (i.e. would not affect their decisions based on
the financial statements) the identified user group(s) of a company’s financial statements.
In practice, there are a series of steps that the auditor typically follows to arrive at this number:
1. Choose a set of financial statement figures (often referred to as the ‘base’)

The auditor generally chooses to use either the current year unaudited results or the prior year
audited results. The prior year is more reliable since it has been audited, but the current year
better reflects the current year’s results of operations.
Another alternative for the auditor is to base the calculation on the current year budgeted or
forecast results, where the current year figures are not yet available. The budget is generally
not as reliable as the prior year audited figures but it does present a better picture of what the
current year figures are likely to be.
It is fairly common for the auditor to base this calculation on the prior year audited
financial statements, but after making an adjustment (increase or decrease) to them (perhaps
using the current year budgets or forecasts to motivate the extent of the adjustment) to reflect
the change between the prior year’s and current year’s level of operations.
It is also necessary for the auditor to consider normalising figures (i.e. removing the effect
of isolated or non-recurring events or transactions) prior to using them to then determine
materiality. Whichever figures are used, they should most closely approximate the likely
current year figures and where there have been anomalies or abnormalities in prior years, for
example, consideration should be given by the auditor to making appropriate adjustments to
take them into account.
An example of an item that might be adjusted is an abnormal expense related to
termination benefits paid during a once-off retrenchment of staff in the prior year figures, and
used as a basis for the calculation of materiality for the current year’s audit.
2. Choose a component in the set of figures selected (often referred to as a ‘benchmark’)

Having decided on which set of financial statement figures to use as a base, the next step
involves choosing a component within those financial statements that best reflects the figures
that the identified user group(s) are likely to focus on. Typically, these components include:
• Revenue;
• Gross profit;
• Operating profit before tax;
• Assets; and
• Equity.
The auditor needs to choose the component that he or she believes users would be most
interested in when making decisions based on their user group. Operating profit is often an
important component to most user groups, but, given its possible relative instability from year
to year, it is often replaced by revenue or gross assets, which tend to be more stable.
The nature of the business also plays a part in choosing the most appropriate component. A
service company, for example, is unlikely to have a large asset base and assets are thus unlikely
to be used as a benchmark for this type of company. A manufacturing company, however, is
likely to have an extensive asset base, making the use of assets for this type of company
appropriate for consideration as a benchmark for materiality.
The entity’s ownership structure and how it is financed may also have a bearing on which
component is chosen. Where there is a lot of debt finance, lenders may be most interested in
the asset base, which represents their security in the event the entity is unable to repay them.
WHY? Why is the stability of a chosen component important when determining

materiality?
Materiality is used as a measure of the acceptable level of misstatement in the
financial statements as a whole. It should therefore be representative of the
whole and should change from year to year in line with changes to the whole as
opposed to one particular component.
Revenue and gross assets are often viewed as stable components because
they do not change dramatically from year to year – or, if they do, it is because
the entity as a whole has changed (the business has expanded or contracted).
Operating profit, however, does not always bear a direct correlation to the
revenue or gross assets figures.
You may have a situation where the entity has expanded and revenue has
increased, yet operating margins have suffered and the company has actually
made less profit than before. Does revenue or profit provide the best measure
of the whole picture in these circumstances?
What about a situation where a company makes an operating loss or only a
very small profit? Would it be appropriate then to use profit as a basis for
setting a materiality figure for the financial statements as a whole?
It is also possible to set different levels of materiality for different classes of transactions,
account balances or disclosures where misstatements that are less than materiality in these
specific elements might affect the decisions taken by the users of the financial statements. Take
a property-owning company for example: The Statement of Financial Position (SOFP) will
reflect a large rand value in terms of Property, Plant & Equipment and yet the Statement of
Other Comprehensive Income (SOCI) is only likely to include rental income and related
operating expenses, resulting in a relatively small operating profit. If gross assets were used as
the sole component in the materiality calculation, it is likely that none of the individual
amounts in the SOCI would be individually material! It may thus be more appropriate to
determine two materiality numbers – one (based on gross assets) that is applied to the SOFP
accounts and another (possibly based on rental revenue) that is applied to the SOCI accounts.
Note, however, that this is the exception rather than the rule.
3. Determine a range to apply to the component

The auditor now determines a range within which to establish the materiality figure for a
particular audit. This range includes a low point and a high point and naturally thereby also
enables the auditor to determine a midpoint.
The auditor then needs to determine where, within that range, he or she wishes to set the
level of materiality.
Although auditors are free to determine their own range, most auditing firms in South Africa
use some of the following ranges:
• If using revenue as a base: from ½% to 1% of revenue
• If using gross profit as a base: from 1% to 2% of gross profit
• If using operating profit before tax as a from 5% to 10% of operating profit
base: before tax
• If using gross assets as a base: from 1% to 2% of gross assets
• If using equity as a base: from 2% to 5% of equity
If, for example, the auditor has chosen to use revenue as the benchmark and the adjusted
revenue figure (based on prior year audited financial statements adjusted for a percentage
increase in current year trading activity) was R100 million, then the range within which the
auditor would set the level of materiality would be:
½% of R100m to 1% of R100m
R500 000 to R1 000 000
It should be noted that there is no prescription in ISA 320 regarding how to calculate
materiality and while most audit firms use the ranges and methodology taught in this text, there
will be audit firms whose materiality calculations differ from this. For example, some audit
firm do not calculate a range from within which to choose materiality. Instead they simply
specify a single % that must be used.
4. Calculate a materiality figure within the range

Given that materiality can be set anywhere within this range, the auditor must now consider
how sensitive the identified user group is likely to be to misstatement. How much are they
likely to care about any identified misstatements? Shareholders that are also managers of the
entity are likely to be less concerned about misstatements (usually because they already know
that they exist) than shareholders who are not involved in management. Shareholders who are
not involved in management entrust their investment to other people – they are therefore more
likely to be concerned if these other people (management) are not correctly accounting for the
entity’s business activities.
Individual investors in a company who are not involved in the day-to-day operations are
likely to be particularly sensitive to misstatement. If you have personally invested your money
in a company, how concerned would you be to discover that there are misstatements in that
company’s accounts and at what point would the level of those misstatements become
important (material) to you?
Should the auditor believe that the user group is sensitive to misstatements, he or she
should be more conservative with the level of misstatement to accept and so should choose to
set the materiality figure in the bottom half of the range. Conversely, should the auditor believe
that users are not that sensitive to misstatement and are likely to be prepared to accept lighter
levels of misstatement, the auditor should choose to set the materiality in the upper half of the
range.
Diagrammatically, the setting of materiality within a range can be represented as shown in
Figure 12.5.
images
Figure 12.5: Setting of materiality
The final setting of materiality becomes an exercise in professional judgement on the part of
the auditor (i.e. where in the range he or she will choose to set the materiality figure).
It is important to note that materiality is not adjusted based on the level of required detection
risk at financial statement level. Any desired changes to the extent of testing are effected
through modifications to the level of performance materiality (which is then based on the
calculated materiality determined as described above).
12.7.2.2 How does the auditor use materiality in the audit?

Having set the level of materiality for an audit, the auditor is then able to determine the level of
performance materiality which is then used by the auditor for several main purposes:
• To determine the significance of rand amounts when identifying potential misstatement –
smaller potential misstatements are less important than larger ones (risk assessment phase);
• To determine the significance of account balances, classes of transactions and disclosures
when designing planned responses to risks – smaller account balances are less significant
than larger account balances (response to risk phase);
• To determine the extent of substantive procedures – the lower the performance materiality
figure is, the greater the number of substantive procedures that will need to be done, and the
higher the performance materiality figure is, the smaller the number of substantive audit
procedures that will need to be done (response to risk phase); and
• To evaluate the significance of misstatements detected during the performance of
substantive procedures – misstatements (individually or collectively) above performance
materiality need to be dealt with promptly by the auditor because if they remain
uncorrected, they are likely to have an impact on the audit opinion (used during the
evidence-gathering phase of the audit).
12.7.2.3 Performance materiality and the level of misstatement to be regarded as

clearly trivial
The level of materiality is set to measure the cumulative effect of individual uncorrected
misstatements on the financial statements as a whole.
WHY? Why is it inappropriate to use this level of materiality when designing

procedures to test individual account balances, classes of transactions or
disclosures or when evaluating the significance of individual misstatements
identified during the performance of the audit?
If this were done, the cumulative effect of uncorrected misstatements would
be too likely to exceed the materiality level. For example, if materiality was set
at R100,000 and this was used as the measure of acceptable misstatement in all
individual account balances and classes of transactions, you may have a
situation in which a R95,000 error in one account balance becomes acceptable.
Now, if there were several such sized misstatements across several account
balances or classes of transactions, the cumulative effect of these misstatements
would significantly exceed the materiality level.
It would therefore be appropriate to set a lower level of acceptable
misstatement to use when designing procedures to test the various account
balances/classes of transactions/disclosures.
This lower level of materiality is referred to as performance materiality.
The auditor uses performance materiality when working on individual account balances,
classes of transactions or disclosures. This figure is lower than materiality and reduces the risk
that cumulative misstatement will significantly exceed materiality.
Typically, this figure is established through applying a fixed percentage to the materiality
figure. The setting of this percentage is an exercise in professional judgement by each auditing
firm and will therefore differ among the audit methodologies of different firms.
Auditing firms often apply a different performance materiality percentage based on
whether the audit is regarded as a high- or low-risk engagement. For them, this is therefore an
automatic response to the level of detection risk at financial statement level (e.g. the lower the
performance materiality is, the more items will need to be tested and the lower the level of
acceptable misstatement will be, thus reducing the level of detection risk).
EXAMPLE
The following options might be available to an audit firm in terms of adjustments to the
level of performance materiality dependent on the assessment of risk of material
misstatement (ROMM) at an overall/financial statement level:
• High ROMM – need to reduce overall DR, so use 70% of materiality when
calculating performance materiality
• Medium/normal ROMM – no need to adjust overall DR, so use 80% of materiality
when calculating performance materiality
• Low ROMM – need to increase overall DR, so use 90% of materiality when
calculating performance materiality.
There will be misstatements detected during the audit process that, even when considered
cumulatively with other identified misstatements, will never be significant enough in their own
right so that they will affect the decisions taken by users of the financial statements. These
misstatements are referred to as being ‘clearly trivial’.
The determination of this level of misstatement regarded as clearly trivial is again a fixed
percentage of materiality. As with determining performance materiality percentages, auditing
firms again use professional judgement to set this level as a fixed percentage of materiality.
The percentage is usually small to ensure that the misstatements it then excludes could never
be seen to be significant individually or cumulatively, together with other uncorrected
misstatements.
Should a clearly trivial misstatement be identified, the auditor can ignore it for the purposes
of considering the cumulative effect of identified misstatements on the financial statements.
Identified misstatements that are not clearly trivial are accumulated in a working paper called a
schedule of audit differences, which is discussed in detail in Chapter 15.
REFLECTION
Can a misstatement that is clearly trivial ever be seen to be material?
Yes, it is possible…
Clearly trivial is only a reference point to be used when considering quantitative
materiality and is not to be used when considering the qualitative nature of the
misstatement.
It is possible that a misstatement that is clearly trivial in terms of its rand value may
still be regarded as material to decisions taken by users of the financial statement
information due to its significant nature.
Consider fraud committed by a director as an example. Regardless of the amount
involved, this action is likely to be very important to users and may well affect their
decisions on whether they retain their investment or not. Shareholders, potential investors
and funders are all likely to become nervous should they discover that the very people
they have entrusted to look after their money, are embezzling it. The amount involved will
not be important to them – their decisions will be affected by the nature of the matter.
The application of the steps in the determination of materiality, performance materiality, and
clearly trivial figures discussed above are illustrated in the working paper that follows for the
audit of Ntsimbi Piping.
AUDIT WORKING PAPER
Client: Ntsimbi Ref: F1

Piping (Pty) Ltd
Prepared by: Financial year-end: 31 December 20X1
Audit senior
Date: 17 January Reviewed
20X2 by:___________________________________
Title: Date
Calculation of reviewed:_________________________________
materiality,
performance
materiality, and
clearly trivial
figures

To calculate the materiality, performance materiality, and clearly trivial figures
to be used in the audit of Ntsimbi Piping.
1. Choose a set of financial statement figures1
The unaudited 20X1 results (rather than, say, the prior year’s audited results)
will be used for the calculation for the following reasons:
• There is no reason to conclude that there is a high risk of material
misstatement in 20X1’s figures (no changes in the board; no major changes
in business activities); and
• The 20X1 draft figures are more likely than the prior year’s figures to
approximate the figures that will appear in the audited financial statements,
given the growth in the business.
2. Choose a component in the set of figures selected
Given that Ntsimbi Piping is a profit-oriented entity, it would be appropriate to
use components from the Statement of Comprehensive Income, – especially as
it is a tightly controlled company (the holding company is a significant
shareholder and would be interested in profitability), and third-party funding
(i.e. users who would be specifically interested in the solvency of the
company) is not that significant. The fact that Ntsimbi Piping is a labour-
intensive business (evident from the significant employee costs figures in the
financial statements) supports the use of a component from the Statement of
Comprehensive Income. Given that pretax profits and the gross profit
percentage are fairly volatile and currently possibly in a downward trend,
revenue will be used as the component on which to base the materiality
computation.
Note that it may also be a possibility to consider using a gure from the
Statement of Financial Position, such as assets, as a component on
which to base materiality, given that it is a manufacturing entity and uses
its asset base to generate its business (visible from the signi cant
property, plant and equipment gure in the Statement of Financial
Position – i.e., Ntsimbi Piping is a capital-intensive business).
3. Determine a range for the selected component
½% to 1% of R128,320,000 = R641,600 to R1,283,200
4. Calculate a materiality figure within the range
Sensitivity of users to material misstatement
Given that the owners of the business are likely to be quite closely involved in
the day-to-day operations of the business (it is a private company), they are
less likely to be particularly sensitive to misstatement. The parent company
(which is not involved in the day-to-day management of the company) may,
however, be a little more sensitive to misstatement. It has invested money in
the company and would want to be sure about its ability to get its investment
back as well as earn a decent return on it. Accordingly, it would probably be
appropriate to consider a figure towards the middle of the range.
5. Conclusion on materiality figure
Taking the sensitivity of users into account, it is probably appropriate to set a
materiality figure at the midpoint in the range. A materiality figure of
R962,000 has thus been selected for this audit.
6. Conclusion on performance materiality figure
Given that our planned response to the risks of material misstatement at
financial statement level incorporated a decision to marginally increase the
extent of substantive testing throughout the audit, 75% can be applied to the
materiality figure to arrive at performance materiality (assume that the
normal level of performance materiality for this audit rm is set at 80% of
materiality). A performance materiality figure of R721,500 has thus been
selected for this audit.
7. Clearly trivial matters
Clearly trivial matters will be those below R19,240 (2% of materiality –
assume that this is the level of clearly trivial used by this audit rm) unless
they are qualitatively material.
1 Note for the reader: For the purpose of this example, the assumption was made that the figures available at
the planning stage of the audit and those eventually appearing in the final audited financial statements are
materially the same, and that no material adjustments had to be made between the figures available at the
planning stage and the final figures.

There are a number of administrative aspects that would also need to be considered and
addressed to enable the audit to run smoothly. These form part of the audit planning process
and might include any of the following:
1. Clarifying the timelines and important dates around the audit engagement:
a) What is the deadline by when the auditors need to issue the report?
b) What are the other reporting requirements for this engagement, including the timing
of any feedback to those charged with governance at the entity about any significant
findings during the audit that the auditors might wish to draw to their attention (often
referred to as the ‘Final Report to Management’)?
c) When will the entity be ready for the auditors to commence the engagement (when
will required documentation be available)?
d) When is the inventory count taking place, and what are the timelines around this?
e) What are the milestones that need to be met in order to meet the final deadline (by
when do certain key activities need to have taken place, for example, by when do the
auditors need to confirm the appointment of any component auditors that they intend
to make use of)?
2. The determination of staffing requirements:

a) How many staff members are needed to conduct this audit?
b) What levels of staff (the degree of experience required) would be required to conduct
this audit?
c) Who are the specific staff members that will be assigned to this engagement, and are
they all available for the duration of the engagement, and is the engagement partner
satisfied that their assignment to the engagement will not give rise to unacceptable
threats to the fundamental principles (in terms of the Codes of Professional
Conduct)?
d) Does the auditor need to make use of any experts or component auditors, and if so,
who are these parties?
3. The scheduling of any meetings (internal or external) that might be required to facilitate
the process:
a) Dates and times of client planning meetings.
b) Dates and times of meetings to request, and discuss, required management
representations.
c) Dates and times of internal planning meetings (including a discussion on identified
risk of material misstatement and planned responses, specifically including any fraud
risk considerations).
d) Details of scheduled feedback meetings with the audit engagement partner/manager.
e) Dates of inventory count planning meetings with the client.
f) Dates of final sign-off meetings with the client to discuss the auditor’s findings and
any recommendations that they may have.
4. The setting of an audit budget that will guide the audit team’s work:
a) The determination of how long it would be expected to take to complete the various
sections of the audit and what this would likely cost (time x charge-out rate of staff
member concerned).
b) The determination of any additional costs that might be required (such as, travel and
accommodation costs if staff need to travel to other locations to perform procedures).
5. The negotiation of an acceptable fee for the auditor to perform the audit. Ideally, the audit
fee should not be negotiated with a client until the engagement partner has clarified the
scope of the engagement and completed the planning process so that the resultant costs to
discharge the auditor’s duties (e.g. in executing the audit strategy and audit plan) have
been determined.
1. ISQC 1 requires that auditing firms do not accept engagements for which they cannot
comply with relevant ethical requirements. (LO 2)
2. A consideration of whether or not the entity appears to be a viable going concern should
be undertaken during the pre-engagement phase of the audit. (LO 3)
3. An entity that processes a very large number of transactions on a daily basis would be an
example of a situation where substantive procedures alone could seldom be likely to
provide sufficient appropriate audit evidence. (LO 13)
For questions 4 to 18, select the correct answer(s). More than one answer is possible:
4. Which of the following activities do not form part of the pre-engagement process? (LO 3)
a) Deciding which audit staff members need to be assigned to the audit engagement
b) Determining whether or not it is likely that the auditors will be paid by the audit
client
c) Assessing the risk of material misstatement in the financial statements
d) Finalising the audit fee for the engagement with management
e) Reaching agreement on the scope of the audit engagement
5. Which of the following circumstances would have only limited impact on an auditor’s
decision on whether to accept an audit engagement? (LO 3)
a) The preconditions for an audit have not been met.
b) There are question marks about the integrity of the sales manager.
c) The industry is highly complex and systems are extensively computerised.
d) The previous auditor resigned from the engagement because of a dispute with the
financial director over who is the best driver in Formula 1 (it is obviously Fernando
Alonso but the financial director kept insisting it is Lewis Hamilton!).
e) The auditor and his or her staff do not have available capacity.
f) The financial director is a personal friend of the auditor (which is why the auditor
was given the opportunity to tender for the engagement).
g) All of the above
6. Why is it important for the auditor to document his or her understanding of the terms of
the engagement in an engagement letter prior to commencing with the audit work? (LO 4)
a) To avoid any misunderstanding when it comes to who is responsible for what in
relation to the audit
b) To set out the actual audit fee (and payment terms) in writing so that there is no
dispute about fees after the audit has been completed
c) To ensure that management do not have any misunderstanding when it comes to
what the scope of the audit encompasses
d) To make it clear to management that it is the auditor’s responsibility to prepare the
financial statements in terms of the applicable financial framework and that they
should not impose any restrictions on the auditor when it comes to having to meet
this requirement
e) All of the above
7. Which of the following statements are true? (LO 8)

a) Audit risk is the risk that the financial statements contain material misstatement.
b) The auditor must ensure that risk of material misstatement remains at acceptably low
levels.
c) Audit risk is influenced by the level of inherent risk.
d) Risk of material misstatement is influenced by the level of inherent risk.
e) Inherent risk, control risk, and detection risk together become the risk of material
misstatement in the audit.
f) Unless the risk of material misstatement is medium, the level of detection risk is
always the inverse of the level of risk of material misstatement.
8. Which of the following factors will result in an increase in inherent risk at an account
balance/class of transactions/disclosures level, but not at the financial statement level?
(LO 9)
a) The auditor has reason to believe that management lacks integrity.
b) There has been a history of error affecting the cut-off of revenue transactions.
c) The wage clerk is believed to be incompetent at his or her job.
d) There is poor segregation of duties in the purchases function.
e) Transactions in general are fairly simple and non-complex.
9. Which of the following factors would be likely to result in a requirement for the auditor to
reduce detection risk at financial statement level through substantive procedures? (LO 9)
a) The auditor has reason to believe that management lacks integrity.
b) The auditor has no reason to doubt the competence of the financial accountant.
c) The control environment is weak.
d) Control activities over the revenue and receipts cycle are well designed and have
been implemented throughout the year.
e The entity is seen to be a viable going concern.
10. Which of the following would not be classified as fraud from an audit risk perspective?
(LO 12)
a) Theft of petty cash by a junior employee (not regarded as management)
b) A decision made by management to cut off the processing of transactions early so as
to move transactions into the following financial year
c) A mistake made by management when determining the impairment adjustment for
inventory that resulted in profits being significantly overstated
d) An employee who ‘borrows’ an asset from the company but then ‘forgets’ to return it
e) A journal entry being processed by management to correct a classification error with
regard to the categorisation of various investments, this has the effect of improving
the ‘look’ of the financial statements.
11. Which of the following considerations would be classified as a response involving the
planned nature of testing? (LO 16)
a) Choosing to perform substantive tests of details prior to year-end as well as after
year-end
b) Choosing to perform a debtors’ circularisation rather than a subsequent receipts test
to conclude on the existence of accounts receivable
c) Choosing to extract a sample of items to test rather than choosing items haphazardly
d) Choosing to increase the number of items to be tested in detail from 25 to 35
Choosing to make use of an expert to assist with the valuation of plant and
e)
equipment at year-end.
12. Which of the following circumstances would have to be present for an auditor to choose
to adopt a combined audit approach? (LO 17)
a) Control activities have been adequately implemented by the entity.
b) It is necessary for the auditor to perform tests of control.
c) It is feasible for the auditor to perform tests of control.
d) A substantive approach must be more cost-effective than a combined approach.
e) Control activities have been well designed.
13. We refer to the 4 Ps when it comes to the various sources from which information about
the entity can be obtained. Which one of the following is not one of the 4 Ps? (LO 6)
a) Paper
b) People
c) Analytical Procedures
d) Premises
e) None of the above – each of them is one of the 4 Ps.
14. If inherent risk in the valuation assertion for inventory is regarded as being high and the
auditor has determined that it would not be possible to place any reliance on control
activities over this assertion, what would the likely level of detection risk for the valuation
assertion be? (LO 9)
a) Very high
b) High
c) Normal
d) Low
e) Very low
15. Which of the following conditions would not be indicative of a significant risk? (LO 10)
a) Transactions are complex.
b) There has been a significant change in taxation legislation.
c) A new accounting standard has been released.
d) A fraud risk has been identified.
e) None of the above – they are all indicative of a significant risk.
16. If detection risk at financial statement level is required to be high, which of the following
audit responses might be appropriate? (LO 14)
a) Increase the extent of partner involvement in the audit process.
b) Increase the level of performance materiality.
c) Increase the amount of professional scepticism to be adopted by the engagement
team.
d) Increase the amount of supervision over the audit process.
e) All of the above responses
f) None of the above responses
17. Choose which sequence of the following events is most correct when it comes to the
determination of performance materiality. (LO 19)
1. Determine the materiality figure to be used.
2. Consider your planned responses to overall financial statement level risk.
3. Choose a set of figures on which to base your calculation.
4. Consider how sensitive user groups of the financial statements are to misstatements.
5. Determine the performance materiality figure to be used.
6. Calculate the range within which you will choose the materiality figure.
7. Choose the component that best reflects users’ priorities.
a) 3 7 6 2 1 5
b) 7 3 4 6 2 1 5
c) 3 7 6 4 1 2 5
f) None of the above
18. Indicate which figure best represents the likely level of materiality under the following
circumstances: (LO 19)
• Revenue has been chosen as the most appropriate component.
• Prior year revenue (per the audited accounts) was R100,000,000.
• Your understanding of the entity reveals a 20% growth in sales in the current year.
• Users are not seen to be very sensitive to misstatement.
a) R2,000,000
b) R1,100,000
c) R900,000
d) R750,000
e) R500,000
19. Explain briefly what the main difference is between an overall audit strategy and an audit
plan. (LO 1)
20. Why is it important for an auditor to obtain a thorough understanding of the entity before
he or she commences his or her planning activities? (LO 5)
21. Why is it important for the auditor to understand any business risks present in the entity?
(LO 7)
22. Why is it important to consider the entity’s going concern status during the planning phase
of an audit? (LO 11)
23. How does the auditor respond to assessed inherent risk and control risk at the class of
transactions level for a particular assertion? (LO 15)
24. Explain how performance materiality is used in an audit. (LO 18)

Audit Procedures: Essential Concepts CHAPTER 13
Dana Nathan and Pieter von Wielligh
CHAPTER CONTENTS
Learning outcomes
Reference list
13.1 Where do audit procedures fit into the audit process?
Appendix
LEARNING OUTCOMES
1. Explain how audit risk can be reduced to an acceptable level.

2. Describe how the audit plan assists the auditor in reducing audit risk to an acceptable level.
3. Describe how the nature, timing and extent of the further audit procedures can be varied in an audit to
achieve an acceptable level of detection risk.
4. Develop an audit plan, or aspects thereof, in relation to specific facts and circumstances.
5. Discuss factors the auditor considers in determining the nature of the further audit procedures.
6. Explain the various types of audit procedures available to an auditor and the differences between these.
7. Explain which of these types of procedures are most appropriate in order to achieve specific audit
objectives.
8. Contrast tests of controls and substantive procedures.
9. Discuss the relationship between assertions, specific audit objectives and tests of controls performed by
the auditor.
10. Formulate audit procedures used by the auditor to evaluate the design and effectiveness of controls
(tests of controls).
11. Describe how the auditor concludes on the design and operating effectiveness of controls.
12. Discuss the relationship between assertions, specific audit objectives and substantive procedures.
13. Explain how the auditor uses the assessment of risk of material misstatement in classes of transactions
and balances to design appropriate substantive procedures to detect potential misstatements.
14. Describe and apply a general framework and principles that the auditor follows for developing
substantive procedures for particular circumstances.
15. Formulate specific substantive procedures used by the auditor in performing substantive tests of details.
16. Discuss the nature of substantive analytical procedures as an effective form of audit testing.
17. Describe the considerations in determining the use and reliability of substantive analytical procedures to
provide audit evidence.
18. Formulate appropriate substantive analytical procedures for a particular fact set.
19. Discuss the factors the auditor considers in determining the timing of further audit procedures.
20. Describe the auditor’s considerations relevant to the use of interim testing performed during an audit.
21. Discuss the auditor’s considerations in determining the extent of further audit procedures.
22. Explain the use of audit sampling as applied when performing audit testing.
REFERENCE LIST
There are a large number of International Standards on Auditing covered in this chapter. What is listed here
are those Standards that you are expected to read in detail in conjunction with this text.
International Auditing and Assurance Standards Board (IAASB) (Dec 2009) International Standard on
Auditing (ISA) 330 The Auditor’s Responses to Assessed Risks.
Auditing (ISA) 500 Audit Evidence.
Auditing (ISA) 520 Analytical Procedures.
Auditing (ISA) 530 Audit Sampling.
Other Standards, not listed above, but referred to in the chapter, should also be consulted to understand fully
the requirements that apply to Registered Auditors in South Africa.
13.1 Where do audit procedures fit into the audit process?

As discussed in preceding chapters, in order to express an opinion on the fair presentation of financial
statements – the objective of the audit process – the auditor has to obtain reasonable assurance that the
financial statements are not materially misstated. This is only possible once the auditor has reduced audit risk
(based on the audit risk formula that was addressed in Chapter 12) to an acceptable level.
Reducing audit risk to an acceptable level can only be accomplished by obtaining audit evidence to
support the auditor’s opinion on whether the assertions made by the audit client’s management in the financial
statements are fairly presented. This is done by designing and performing further audit procedures in such a
way that detection risk (addressed in Chapter 12) is reduced to an acceptable level. These procedures have to
be designed to enable the auditor to obtain sufficient, appropriate audit evidence to be able to draw reasonable
conclusions with regard to classes of transactions, account balances and disclosures in the financial statements.
Consider what you learnt in Chapter 12 in respect of audit planning. In this chapter, we consider the stage
of the audit process where the auditor puts that planning into action. This intensive process of formulating the
further audit procedures to be performed requires the development of an audit approach and an audit plan to
respond to assessed risk of material misstatement at the assertion level in order to reduce audit risk to an
acceptable level. (These terms were explained in section 12.1 of Chapter 12. If you are not familiar with them,
read through that section before continuing with this chapter.) Chapter 13 addresses the essentials of the
nature, timing and extent of further audit procedures, while Chapter 14 focuses on specific considerations that
must be dealt with in formulating the audit approach.
Auditing is based on a risk-based approach, which entails the auditor identifying and assessing the risks
that could lead to the financial statements being materially misstated. The auditor then responds to these risks
in order to limit audit risk to an acceptable level by adjusting the nature, timing and extent of further audit
procedures (that are included in the audit plan) accordingly.
To develop the nature, timing and extent of audit procedures required to reduce audit risk to an acceptably low
level, the audit plan should deal with the following:
• The nature, timing and extent of risk assessment procedures (these procedures have been covered in
Chapter 12) in order to gather evidence on which to assess the risk of material misstatement at the financial
statement and assertion levels;
• The nature, timing and extent of further procedures to respond to the assessed risks of material
misstatement (such as tests of controls and substantive procedures – these are covered in this chapter); and
• The nature, timing and extent of other audit procedures that are required to ensure that the engagement
complies with ISAs (such as procedures to ensure that reliance can be placed on experts and internal
auditors where appropriate – these are covered in Chapter 14).
By now you are familiar with Figure 13.1 below that depicts the audit process. In this chapter, we focus on the
highlighted area.
The nature, timing and extent of the further audit procedures are discussed in detail in this chapter:
• Nature refers to the purpose of the procedures that the auditor chooses to perform (such as tests of controls
and substantive procedures) and to the types of procedures used for obtaining audit evidence (e.g. enquiry,
analytical procedures, third-party confirmation) (i.e. what to do).
• Timing refers to when the audit procedure is performed (e.g. performing testing at an interim period, year-
end stage, or at a specific date), as well as the period or date to which the audit evidence applies.
• Extent refers to the quantity (i.e. how much) of the audit procedures to be performed, therefore often
referring to the sample size used for an audit procedure, whether test of controls or substantive procedures.
Each of these critical auditing concepts is addressed in depth in this chapter in order to facilitate a detailed
understanding of their practical application and their relevance to the entire audit process. After first
introducing the concept of audit objectives, an extensive discussion about the nature of audit procedures
follows. The timing and extent of audit procedures respectively are dealt with in two sections that follow.

A sound understanding of the assertions that an entity’s management makes in its financial statements is vital
to the proper formulation of audit procedures. This is because the auditor’s objective with audit procedures is
to gather sufficient appropriate evidence that each assertion made by management is ‘true’ (or more
technically correct: free from material misstatement).
One can therefore formulate audit objectives as follows: ‘The auditor’s objective is to test that …’ (e.g. ‘…
all sales transactions have been completely recorded in the entity’s accounting records and none have been
omitted’ (the completeness assertion)). It should be clear from this formulation that audit objectives for a
particular class of transactions (and the related disclosures), account balance (and the related disclosures) or
other set of financial statement disclosures are derived directly from the applicable assertions.
Once the auditor has formulated audit objectives for each material class of transactions, account balance
and set of other disclosures, and assessed the risk of material misstatement related to each objective, he or she
will formulate the further audit procedures required to achieve the audit objective (i.e. to obtain the required
audit evidence to support management’s assertion). These can be substantive procedures only, or a
combination of substantive procedures and tests of controls.
Imagine an empty bucket representing a vessel that the auditor has to fill with audit evidence to support a
specific assertion (e.g. the completeness of sales) (Figure 13.2). The risk assessment procedures will inform
the risk assessment which will determine the size of the empty bucket (the higher the assessed risk, the larger
the bucket). The audit objective is (as above) to test that all sales transactions have been completely recorded
in the accounting records and none have been omitted. The auditor can achieve this objective and, in doing so,
gather the necessary audit evidence by performing:
• Tests on the operating effectiveness of controls over the completeness of sales (this will provide some of
the audit evidence required to fill the bucket, but more evidence from another source (substantive
procedures) will be required – see bullet below) (you will recall this from Chapter 12 as a controls-based
(combined) audit approach); and/or
• Substantive procedures on the completeness of sales:
• This will provide either the remainder of the audit evidence required (if tests of controls have provided
some already – see bullet above); or
• All the audit evidence required (if no tests of controls have been performed) (you will recall this from
Chapter 12 as a substantive audit approach).
Figure 13.2: Controls-based and substantive audit approaches
In the remainder of this chapter, we focus on the formulation of these two types of audit procedures.
CRITICAL THINKING
What is the difference between an audit objective and a control objective?
Control objectives were described as follows in section 4.4.2.1 of Chapter 4:
‘Each class of transactions that flows through the accounting system of an entity carries with it certain
risks, in other words, things that could go wrong in the execution of that particular class of transactions.
In order to address these risks, management and those charged with governance should formulate
objectives that they want to achieve for each class of transactions. This will prevent the risks associated
with that particular class of transaction from materialising, and, if they do materialise, to detect and
initiate corrective action to mitigate the resulting negative consequences. These objectives are called
control objectives.’
It is clear from the above that control objectives are management’s objectives with the controls that
they implement.
This is worlds apart from audit objectives that were introduced in this section – they are the auditor’s
objectives that are achieved by performing audit procedures (i.e. tests of controls and substantive
procedures).
Nature refers to the purpose of the procedures that the auditor chooses to perform and to the types of
procedures used for obtaining audit evidence (i.e. what to do).
As discussed in preceding chapters, the nature of the procedures that the auditor chooses to perform to gather
sufficient appropriate audit evidence relating to the financial statements depends on the purpose of the
procedures, being either tests of controls or substantive procedures. The nature of procedures also relates to
the types of procedures that would be appropriate in the circumstances, such as inspection, reperformance,
observation, enquiry, recalculation, analytical procedures and requesting third-party written confirmations. As
part of the audit plan, the auditor has to determine the appropriate combination of the audit procedures to be
performed to gather sufficient appropriate audit evidence about a particular assertion.
13.3.1 Determinants of the nature of the further audit procedures

Decisions on whether a controls-based or substantive audit approach is to be followed, as well as the types of
procedures to be performed, to gather audit evidence about a particular assertion are guided by several factors,
one of the most important being the assessed level of risk of material misstatement for the assertion. Other
factors include the feasibility of tests of controls (i.e. is there sufficient reason to believe that the system of
internal control related to the assertion is operating effectively), as well as the possibility of performing
extensive analytical procedures to obtain audit evidence, which may enable reduced substantive tests of details
being performed (thereby improving audit efficiency).
In responding to the assessed level of risk of material misstatement at the assertion level, the auditor must
decide whether to perform tests of controls (with limited substantive procedures) or whether to perform
substantive procedures exclusively. In making this decision, the auditor generally evaluates the following
(refer to section 12.6.4.3 of Chapter 12 for more details):
• The necessity of placing reliance on internal controls;
• The possibility of placing reliance on internal controls; and
• The desirability of placing reliance on internal controls.
The necessity of placing reliance on controls would arise if the auditor’s assessment of risk of material
misstatement at the assertion level includes an expectation that the controls are operating effectively.
Necessity also arises if substantive procedures alone cannot provide sufficient appropriate audit evidence
at the assertion level.
A test of controls-based audit approach may therefore be considered necessary because of the following:
• The nature of the business and the effect of information technology on the audit;
• Client dependence on a computerised system (some accounting data may only be available in
electronic format);
• A tight audit deadline; and/or
• Complexity of the computerised system or a large volume of information processed.
In evaluating the possibility, the system of internal control needs to be sufficiently strong to justify
reliance. The entity also has to allow the auditor access to the system for sufficient periods of time in
order for adequate testing to be performed. Furthermore, in a computerised environment, the client’s
systems also have to be compatible with the auditing firm’s audit software (used to perform audit
procedures on the client’s systems and data).
The desirability of a controls-based audit approach will often depend on whether it will be cost-
effective, considering the time to be spent on tests of controls versus the time to be saved on performing
substantive procedures. To perform tests of controls, the auditor may need to include the use of CAATs
(discussed in Chapter 14), as well as specialised computer personnel (experts), which may prove to be
extremely costly in relation to the benefits, such as time savings, to be obtained.
Whether or not a controls-based audit approach is desirable may also be affected by work performed
by other parties, such as internal auditors within the entity (internal auditors are addressed later in section
14.3.4 of Chapter 14).
Lastly, it should be borne in mind that there are certain audit procedures that are particularly well suited to
address specific areas of the financial statements. These include the attendance of a client’s inventory count or
wage payout (to gather evidence about the existence of inventory and occurrence of wages respectively),
performing debtors circularisations (to gather evidence about the existence of trade receivables) and
requesting written confirmations from financial institutions for bank balances (to gather evidence about the
assertions relating to the bank balance). These types of audit procedures are discussed in Chapter 14.
Now that we understand that the auditor has two broad categories of further audit procedures at his or her
disposal, let’s look at these in detail. We start off with tests of controls and then move on to substantive
procedures.
13.3.2 Tests of controls
Tests of controls are audit procedures that the auditor performs to obtain audit evidence regarding the
operating effectiveness of controls in place at the entity to prevent, or detect and correct, material
misstatements at the assertion level for the period subject to audit.
As transactions that occur within an entity are recorded on source documents and then are processed through
the accounting system, they are subjected to a range of internal control procedures. It is management’s
responsibility to ensure that these internal controls are properly designed and implemented and are operating
effectively and efficiently to prevent, or detect and correct, misstatements in the financial statements. If these
accounting systems and related internal controls prove to be sound and operating effectively, it improves the
reliability of the resultant balances and totals produced by the financial information systems. In other words, if
controls achieve the control objectives they are intended to achieve, management can make their assertions in
the financial statements with reasonable confidence. Refer to section 4.4.2.4 of Chapter 4 for a more detailed
explanation of the link between control objectives and assertions.
The auditor performs audit procedures (tests of controls) on the client’s internal control procedures on
which he or she wishes to rely, in order to obtain audit evidence that the controls have been operating
effectively for the period under audit. Should the auditor conclude that the controls tested can be relied on, it
suggests that there is a much lower probability that the assertions for the related classes of transactions,
account balances and other disclosures contain material misstatements. Having so concluded, the auditor can
therefore now spend less time on substantive procedures to obtain sufficient appropriate audit evidence that
the specific assertions are free from material misstatement.
Remember that testing the operating effectiveness of controls is different from gaining an understanding of
the design and implementation of the controls. In order to carry out an effective audit, the auditor always has
to first understand the client’s internal control system. Gaining an understanding of the design and
implementation of controls is done as part of the risk assessment procedures addressed in Chapter 12. Only if
the controls have been designed and implemented properly can testing of the controls be considered by the
auditor.
13.3.2.1 Performing tests of controls

When the auditor’s assessment of the risk of misstatement contains an expectation that a control is effective in
addressing the control objective it is intended to address (i.e. the preliminary assessment of control risk for an
assertion is lower than high), a test of controls must be performed on the particular control to provide audit
evidence that the control was in place and operating effectively for the entire period under review. Tests of
controls are therefore performed on those controls that the auditor has determined are suitably designed and
properly implemented to prevent, or detect and correct, a material misstatement in an assertion (i.e. before a
control is tested, there must be reason to believe that it is strong and it must relate to at least one assertion).
To test whether a particular control has operated effectively throughout the financial period to achieve the
control objective it is intended to address, various types of tests of control can be carried out. The nature of the
particular control influences the type of audit procedure required to be performed. For example, if operating
effectiveness is evidenced by documentation, the auditor will need to inspect the relevant documentation of
the control having been performed in order to obtain the required audit evidence.
Tests of controls can be carried out using one or a combination of the following types of procedures:
• Inspection: Inspecting source documents for evidence to verify whether or not the internal controls are
operating effectively (e.g. inspecting for the appropriate signature on an EFT authorisation to confirm that
the relevant management authorisation of the transaction was obtained, in order to verify the validity
(control objective)/occurrence (assertion) of the payment made);
• Enquiry: Questions directed at persons as to the internal control procedures that are in place, who performs
the procedure and what exactly they do, in order to confirm the operating effectiveness of a specific control
in operation (and thereby obtain evidence about the relevant control objectives and related assertions);
• Reperformance: Repeating the exact same internal control procedure as previously performed by the
entity’s staff (e.g. reperforming a control in place over the granting of credit to new customers that meet
certain criteria, in order to determine whether the control procedure was originally performed in the way it
should have been performed); and
• Observation: Observing a process or procedure being performed by an employee (e.g. observing the
process that the security guard performs when a delivery truck leaves the warehouse, such as inspecting the
goods in the delivery truck and comparing these to the accompanying delivery notes, to verify whether the
control is operating effectively to prevent theft of inventory (validity control objective), thus providing
audit evidence about the existence of inventory and accuracy/completeness of sales (assertions)).
CRITICAL THINKING
Why is the use of ‘observation’ as an audit procedure not very reliable?
Although observation provides evidence about the procedure, it is limited to the point in time when the
observation takes place. For example, the security guard, knowing he or she is being observed, will most
likely perform his or her duties correctly at the time, but may not do so for the remainder of the period
that is subject to the audit.
How could this test of control be made more reliable?

Observation of a control such as this will be more reliable if it is performed on an unannounced basis and,
if possible and practical, without the employee being aware that he or she is being observed. This will
increase the reliability of the evidence obtained from the test of the control.
Alternative tests of controls, such as enquiry, can also be used to corroborate the evidence gathered by
observation.
13.3.2.2 Formulating tests of controls

In this section, we learn how the auditor of Ntsimbi Piping formulates tests of controls for certain elements in
the revenue and receipts cycle (the cycle was explained in the case study in Chapter 6). It details some of the
key controls in the cycle (refer to section 4.4.3.2 of Chapter 4 for a discussion on which internal controls are
considered to be key controls), the control objective(s) and assertion(s) addressed by each key control, as well
as the typical tests of controls that can be applied by an auditor.
Note: The demonstration is not comprehensive and highlights only a selection of key controls and
corresponding tests of controls. Also, note that not all functional areas in the cycle are addressed. The
intention is to provide a range of examples of how tests of controls can be applied and should be formulated,
so that readers can apply the principles to any of the business cycles and their functional areas.
Table 13.1:Credit management
Table 13.2 Authorisation of sales orders

Table 13.3 Despatch and delivery of goods to customers
Table 13.4 Creating and recording of sales invoices

Table 13.5 Recording of sales in the accounting records
13.3.2.3 Tests of controls practicalities

When the auditor obtains evidence about the effectiveness of a control during the course of a period (i.e. at an
interim date), additional evidence for the remaining period may be needed in order to obtain sufficient
appropriate audit evidence. The timing of tests of controls is addressed in detail in section 13.4 of this chapter.
13.3.2.4 Results of tests of controls

13.3.2.4.1 Dealing with control deviations
The auditor has to react to control deviations found during tests of controls. Control deviations are instances
where the audit evidence obtained indicates that the control that was tested did not operate as it was intended
to operate in order to prevent, or detect and correct, material misstatement in the financial statements. For
example, the auditor may perform a test of controls on a control that comprises a second staff member
recalculating the calculations on an invoice that were performed by another staff member, and then signing the
invoice as evidence of having performed the recalculation. If the auditor finds an invoice without the signature
of the person who should have performed the recalculation, a control deviation has been identified.
Control deviations may be indicative of deficiencies in internal control. The auditor may react to them as
follows:
• Enquiring from management as to the reasons for the deviations identified;
Identifying compensating controls if applicable (addressed in Chapter 4) and possibly testing them, or
• alternatively setting control risk at a maximum level and adjusting the nature, timing and extent of
substantive procedures accordingly (see section 13.3.2.4.2 below); and
• Reporting the control deviations/weaknesses to management and, if appropriate, those charged with
governance of the entity.
13.3.2.4.2 Impact of the results of tests of controls on planned substantive procedures

The results and findings from tests of controls will determine the nature, timing and extent of the substantive
procedures to be performed on the assertions affected by the controls that have been tested (by means of tests
of controls).
Satisfactory results from tests of controls (i.e. results that indicate that the controls tested operated
effectively as designed for the entire period under audit) confirm the preliminary risk assessment for the
assertions affected. Therefore, no adjustments will be required to the planned nature, timing and extent of
substantive procedures to be performed. This will normally result in less time and effort being allocated to
substantive procedures, because the balances and totals generated by the accounting system will be considered
reliable.
Conversely, should tests of controls indicate that the control(s) tested did not operate effectively for the
entire period under review, control risk will have to be set at a maximum (unless effective compensating
controls can be identified and tested) and extensive substantive procedures will have to be performed.
Reliance on tests of controls therefore reduces the extent of substantive tests required, provides more
flexibility on their timing, and allows for less reliable evidence to be obtained from them, but will never
obviate the need for substantive procedures. The reasons for this are as follows:
• Internal controls may have been strong at the time that the auditor performed the tests of controls, but not
at other times during the year.
• Internal control systems have inherent limitations (as addressed in Chapter 4).
• The auditor’s assessment of risk (e.g. inherent risk) is judgemental and may not identify or take into
account all factors impacting on the risk of material misstatement. In other words, the nature, timing and
extent of tests of controls performed are responsive to the auditor’s risk assessment for the assertion, which
could be incorrect.
Therefore, some substantive procedures will always have to be performed on every material assertion in the
financial statements even if these procedures are confined solely to substantive analytical procedures.
13.3.2.5 Example of an audit working paper for tests of controls

You will recall from Chapter 11 that the auditor is required to document the audit work performed on audit
working papers. Tests of controls performed and the findings and conclusions from these have to be
documented on working papers. An example of such a working paper that resulted from a test of controls
performed on a control in Ntsimbi Piping’s revenue and receipts cycle is presented below.
AUDIT WORKING PAPER
Client: Ntsimbi Piping (Pty) Ltd Ref: WP R-006

Financial period: 31 December 20X1 Prepared by: Kevin Smit
Cycle: Revenue and receipts Date prepared: 29 Oct 20X1
Area: Credit management Reviewed by: Henry Nelson
Subject: Tests of controls (interim audit) Date reviewed: 2 Nov 20X1
Objective of this working

paper Ref. to sampling work
WP R-003
paper:
To perform tests of controls
on the validity of credit sales
transactions, i.e. sales Ref. to system description: WP R-004
transactions concluded with
debtors are authorised if the
debtors are considered by Ref. to walkthrough
management to be able to WP R-005
procedures:
settle their debts.
Assertions addressed
The valuation component of the accuracy, valuation and allocation of accounts receivable.
Audit procedures to be performed

1. For a sample of new debtor accounts opened during the financial period:
• inspect the sample of credit application forms for evidence of a credit limit having been
allocated to the debtor;
• inspect the form for evidence of approval of the credit limit and;
• inspect the supporting documentation such as a printout of the debtor’s credit status and
credit history (that should be attached to the application form) for evidence of the credit
check having been performed.
2. Enquire from management about any changes to the system of credit checking that might
have taken place during the year and observe the relevant staff member at the service
organisation performing a credit background check for a new credit customer to assess the
credit controller’s level of understanding of the control being performed.
3. Enquire from management whether the control is, in management’s view, sufficient to
ensure the recoverability of debt granted to credit applicants, and corroborate their opinion
with prior and current audit knowledge of the amounts of bad debts that were written off.
4. Reperform the credit background check for the sample of credit customers selected.
Record of work done and audit findings

1. Selected from the debtors master file the following sample of debtors that opened new
credit accounts during the 20X1 financial year:
NO. DEBTOR DEBTOR DATE APPLICATION CREDIT AUDIT

ACCOUNT NAME ACCOUNT FORM DATE LIMIT PROCEDURES
CODE WAS (20X1) ALLOCATED PERFORMED
ADDED (R) 1. 4.
TO
MASTER
FILE
(20X1)
1 DEB043 Kingstone 27-Jan 25-Jan 20,000 W, Q N/A

Construction
2 DEB089 Delkin 22-Mar 21-Mar 100,000 W, Q N/A

Plastics
3 DEB132 Buildpro 17-Apr 15-Apr 30,000 W, Q N/A
4 DEB166 ENH 14-June 13-Jun 18,000 W, X Z

Telecoms
5 DEB203 DIY World 3-Sep 03-Sep 40,000 W, Q N/A
6 DEB249 ADK Stores 28-Oct 28-Oct 120,000 W, Q N/A
W Inspected the customer’s credit application form and confirmed that a credit limit (as
documented above) appeared on the form as evidence of DebtACheck (Pty) Ltd having
allocated a credit limit to the applicant. Further inspected the form for evidence of
approval of the credit limit and noted on each form the signature of the credit
controller, Mike Milton.
Q For each debtor in the sample, attached to its credit application form was a ‘consumer
credit report’ showing the debtor’s current credit rating of either AA or BB and its
credit history, as prepared by DebtACheck, to verify the creditworthiness of the
customer.
X No consumer credit report was attached to the customer’s credit application form.
Enquiry from Mr Milton revealed that the credit background was performed, but that
DebtACheck never attached the supporting documentation to the credit application
form.
Z For the exception noted (see above: symbol ‘X’), and in terms of procedure (4), the
credit background check was reperformed by logging onto a credit bureau’s website
using the audit firm’s username and password. (Note that the audit firm has a standing
read-only account with a credit bureau who offers a paid-for service, allowing
subscribers to perform online credit checks and observe the credit limits allocated to an
entity by other entities in the past). The bureau’s name will be specified in the working
paper under the procedure performed.) It was noted that the applicant, ENH Telecoms,
has a clean credit record at query date and had been awarded limits by other suppliers
to a maximum of R20,000 in the past, in line with the limit of R18,000 awarded by
Ntsimbi Piping. The customer has an ‘AA’ credit rating.
N/A Procedure not applicable, as the consumer credit report from DebtACheck attached to
the application form is considered sufficient and appropriate for the purpose of testing
the effectiveness of the controls surrounding the verification of debtors’
creditworthiness.
2. With management’s permission, a visit to DebtACheck’s premises was arranged. Observed
on 28 October 20X1 the credit officer at DebtACheck assigned to Ntsimbi Piping
performing a credit background check on a new credit applicant named ADK Stores (no. 6
in the sample), by logging onto a national credit database, with his username and password
and entering the applicant’s business registration number. Based on the results of the credit
check and the credit rating of the applicant, the credit officer recommended a credit limit of
R120,000 for the applicant (by writing the limit on the application form). Enquired from
the credit officer about his understanding of the credit check process and it was determined
that his understanding is in line with the system description thereof (refer WP R-004).
Enquired from Mr Mike Milton (credit controller) and Mr James Khumalo (financial
3. manager) respectively whether the credit check control is, in management’s view, sufficient
to ensure the recoverability of debt granted to credit applicants and both replied that the
control is sufficient to this effect. Their view is in line with the results of audit procedures
performed on a comparison of actual bad debts written off for the year to date and the prior
year allowance for credit losses. (Note that a reference to the applicable working paper
where bad debts and the allowance were tested will be included here).
4. For each of the new credit customers in the sample, the credit background check was
reperformed by following the procedures as described under symbol ‘Z’ above and for each
of the customers it was noted that they had an ‘AA’ or ‘BB’ credit rating and that the credit
limit recommended by DebtACheck and approved by the credit controller is in line with
credit limits previously awarded to the customers by other entities.
Conclusion
Based on the audit procedures performed and the audit findings obtained for the sample
selected, it is concluded that the internal controls ensuring the approval of new debtor
accounts and the verification of customers’ creditworthiness lead to valid (authorised) sales
transactions in the financial records.
Note: The working paper above does not contain all the tests of controls that the auditor will carry out in
relation to the validity control objective for sales transactions. In line with the functional area ‘Authorisation
of sales orders’ previously illustrated in this chapter, additional tests of controls will be performed. Other
functional areas may also affect the validity control objective for sales transactions and have not been
illustrated here.
13.3.3 Substantive procedures
Substantive procedures, consisting of analytical procedures and tests of details (of classes of transactions,
account balances, and disclosures), are procedures that the auditor performs in order to obtain audit
evidence specifically designed to detect material misstatements at the assertion level. They are
specifically aimed at detecting material misstatements of amounts and disclosures.
In other words, the objective of substantive procedures is to verify directly whether an assertion (relating to a
class of transactions and events and related disclosures, an account balance and related disclosures, or other
disclosures) is free from material misstatement.
CRITICAL THINKING
How does this differ to the objective of tests of controls?
The objective of tests of controls is to evaluate the operating effectiveness of the internal controls in
preventing, or detecting and correcting, material misstatements for an assertion (i.e. did the controls work
or not? Did they work throughout the period?) and then relating the evidence obtained to the assertion
level, thereby providing indirect evidence about whether the related assertions are free from material
misstatement. The objective of tests of controls is therefore not to directly detect misstatements of
amounts and disclosures in the entity’s financial statements.
Three types of substantive procedures are discussed separately in this section, namely:
• General substantive procedures: These are substantive procedures that are performed on every audit in so
far as they are applicable.
• Substantive analytical procedures: These involve evaluations of financial information through analysis of
plausible relationships among both financial and non-financial data (e.g. ratio and trend analysis), as well
as the subsequent investigation of any unusual relationships identified.
• Substantive tests of details: These consist of inspection, enquiry, external (third-party) confirmation,
recalculation, and reperformance. (Note that observation of a process or procedure being performed cannot
serve as a substantive procedure, as it cannot provide audit evidence about an amount or disclosure. It can,
however, serve as a test of controls, as was described in section 13.3.2.1.)
In addition to general substantive procedures, a combination of substantive analytical procedures and

substantive tests of details are often performed during an audit.
13.3.3.1 Determining what substantive procedures should be performed

The desired level of detection risk related to each assertion for the class of transactions, account balance or
disclosure being audited directly influences the nature of substantive procedures performed by the auditor.
Substantive analytical procedures may be appropriate in situations where tests of controls have indicated
that effective internal controls are in operation, thereby reducing control risk to low. In these situations, as the
auditor can accept a relatively higher level of detection risk, limited audit evidence is required from
substantive procedures. Substantive analytical procedures may thus be sufficient to provide this limited
evidence.
Substantive tests of details may be required when there is a weak control environment (i.e. either a lack of
internal controls exists or tests of controls have indicated that little/no reliance can be placed on the controls).
However, in certain instances, even where effective internal controls do exist, the auditor may make a
conscious decision rather to perform substantive procedures instead of relying on internal controls. The
auditor chooses to do so based on consideration of the risk and materiality of the area being audited. This will
be the case where the auditor is of the opinion that performing substantive procedures will be more efficient
and cost-effective than performing extensive tests of controls and limited substantive procedures.
Moreover, in terms of ISA 315 and ISA 330, when significant risks (refer to section 12.5.4 of Chapter 12)
are identified, at least some substantive procedures responsive to each significant risk identified, have to be
performed.
13.3.3.2 General substantive procedures

Substantive tests of details that are performed on every audit, in so far as they are applicable, are the following
(illustrated in the general ledger account example provided on the next page):
1. Agreeing opening balances for accounts in the Statement of Financial Position with the prior year’s
audited annual financial statements and audit working papers. Also, inspecting the notes to the prior
year’s financial statements for the accounting policies used to derive the opening balances, and
comparing this to the corresponding accounting policies reflected in the current year’s financial
statements (subject to audit);
2. Agreeing closing balances of the general ledger accounts with the trial balance and then with the annual
financial statements;
3. Agreeing closing balances of general ledger accounts with underlying records. These underlying records
may include subsidiary ledgers (e.g. the debtors ledger/debtors master file) or schedules (e.g. a schedule
of depreciation per asset class), analyses (e.g. an analysis of development costs capitalised to an
intangible asset) and calculations (e.g. the calculation of a provision for a legal claim) prepared by
management;
4. Casting, cross-casting (see explanation below) and recalculating the above-mentioned underlying
records;
5. Examining general ledger accounts for provisions, reversals and other adjustments processed in accounts
that may have materially altered the amounts that are included in the financial statements; and
6. Examining general ledger accounts for unusual or suspicious transactions (often journal entries) or
transactions that fall outside the normal course of business and may therefore be indicative of fraud (i.e.
to verify the occurrence, accuracy, completeness and cut-off of these items).
What would ‘unusual or suspicious transactions’ consist of?

Possibly duplicated transactions, journal entries containing any round amounts, journal entries with
unusual or nonsensical descriptions, journal entries processed very close to (before and after) financial
year-end, and related party transactions (possibly not recorded on an arms-length basis). For further
examples refer to ISA 240.A43.
What is casting and how does this differ from cross-casting?

Casting is the term used for adding up a (vertical) column of figures (e.g. the total amount owing by trade
debtors at the end of the financial reporting period).
Cross-casting, on the other hand, refers to the adding up of the totals of a number of columns to see
whether the amount agrees with the grand total (e.g. adding up the totals of each of the current, 30 days,
60 days, and 90 days or more (vertical) columns in the debtors age analysis, to see whether the amount
agrees with the total amount owing by trade debtors).
EXAMPLE
Ntsimbi Piping (Pty) Ltd
General ledger account: Trade receivables
(Notes (1) – (6) illustrate the procedures discussed above)
Opening balance 15,264,073 Bank (customer xx xxx xxx

(1/1/20X1) (1) receipts)
Credit sales xxx xxx xxx Sales returns xxx xxx
Adjusting journals (5) xxx xxx Reversal adjustment (5) xx xxx

and (6)
Special discount (6) xx xxx
Closing balance 18,722,865

(31/12/20X1)
(2) & (3) & (4)

Additional substantive tests of details that are performed on every audit in so far as they are applicable, are as
follows:
7. Obtaining a written representation from management of Ntsimbi Piping (addressed in Chapter 14, section
14.3.2); and
8. Evaluating all disclosures in the annual financial statements in terms of prevailing accounting
standards/IFRS and other relevant legislation such as the Companies Act. (This includes reviewing
accounting policies in order to verify that they are appropriate, in accordance with IFRS and legislation,
as well as consistent with the prior year and, if not, whether the appropriate adjustments and disclosure
with regard to the effect of any changes have been made.)
What does the auditor have to verify in terms of disclosure?
• That all disclosures which should have been included in the financial statements, have been included
(completeness);
• That all disclosed transactions/events have occurred and pertain to the entity (occurrence);
• Financial and other information disclosed has been appropriately measured and described (accuracy,
valuation and allocation);
• Transactions, events and account balances have been recorded in the proper accounts (classification);
and
• Transactions, events and account balances are appropriately aggregated/disaggregated and clearly
described, and the related disclosures are relevant and understandable in the context of the
requirements of IFRS (or other applicable financial reporting framework).
13.3.3.3 Substantive analytical procedures
Substantive analytical procedures use comparisons and analyses of relationships among financial and
non-financial data to assess whether account balances and the totals of classes of transactions appear
reasonable in comparison to the auditor’s expectations (as per ISA 520 - Analytical procedures, addressed
previously in Chapter 12).
Substantive analytical procedures often involve, amongst others, ratio analysis, trend analysis and
comparisons of financial data (such as current year data versus the previous year, versus budget or versus
industry data) and non-financial data.
Examples include the following:

• Month-on-month analysis of a class of expense transactions that are considered to be incurred fairly
consistently during the financial year (i.e. fairly stable), such as telephone or salaries expenses;
• Analysis of financial statement amounts as a percentage of other directly related financial statement items.
For example, the depreciation expense can be analysed in relation to the asset’s carrying amount to which it
relates (based on the entity’s accounting policy) and interest expenses can be analysed in relation to the
interest-bearing loan balances to which they relate; and
• Month-on-month analysis of a financial statement item in relation to non-financial data, such as the total
wages expense in comparison to the number of workers employed by the entity (should this have changed
during the period).
13.3.3.3.1 Performing substantive analytical procedures

Before using substantive analytical procedures as a means of obtaining audit evidence, a key prerequisite is for
the auditor to be able to develop an expectation that is precise enough in the circumstances to enable the
detection of unusual results (i.e. potential material misstatements). The auditor should also be able to define a
limit beyond which fluctuations identified will have to be investigated further.
The auditor’s considerations when deciding on the suitability of using an analytical procedure as a substantive
procedure include the following:
• The assessment of the risk of material misstatement, as the higher the risk of material misstatement (and
consequently the lower the acceptable level of detection risk), the lower the reliance that should be placed
on substantive analytical procedures;
• The audit evidence that is available from other audit procedures (both tests of controls and substantive tests
of details) directed towards the same assertion; and
• The reliability of the data on which the analytical procedures will be performed (which is imperative, as the
underlying data has to be valid, accurate and complete to be capable of meaningful comparison and
analysis). This includes the following:
• The source of the data – whether it is internal or external information and from a reputable and credible
source;
• The comparability of the data – for example, in the case of industry data, certain ratios (such as gross
margins) may not necessarily be comparable, even between entities operating in the same industry;
• Controls applied over the preparation of the data – whether they are designed to ensure the reliability of
the information, that is, its completeness, accuracy and validity; and
• The ability of the auditor to develop sufficiently precise expectations for the substantive analytical
procedures to be performed (and against which the results from the analytical procedures will be
evaluated).
13.3.3.3.2 Evaluating results

A key requirement to enable the auditor to obtain sufficient and appropriate audit evidence from substantive
analytical procedures is that the auditor always has to evaluate and investigate unusual fluctuations and/or
information inconsistent with other relevant information, applying his or her understanding of the entity and
its environment in assessing the results. Unusual fluctuations occur when significant differences exist that
were not expected to occur, or when significant differences were expected but do not exist.
The auditor always has to consider whether his or her expectation is sufficiently accurate to identify
material misstatements and, if satisfied that this is so, should be satisfied that the difference between the
recorded result and the expected result does not give rise to a material misstatement. The auditor evaluates this
by considering corroborating evidence obtained through enquiry, confirmation and other relevant procedures.
If the auditor does not believe that the substantive analytical procedures have produced sufficient
appropriate audit evidence for the assertion concerned, further audit procedures (such as substantive tests of
details) have to be performed to obtain this evidence. Refer to the cycle case study below.
CYCLE CASE STUDY
Example of substantive analytical procedures

Extract from notes to Ntsimbi Piping’s 20X1 financial statements
14. Operating profit

Operating profit for the year is stated after accounting for the following:
20X1 R 20X0 R
20X1 R 20X0 R
Amortisation of intangible assets 20,160 19,595
Depreciation on property, plant and 2,144,373 1,611,974

equipment
Employee costs 7,392,144 6,672,819
Increase/(decrease) in allowance for 1,111,042 155,441

credit losses
Inventory write-downs 1,210,557 792,317
Loss on disposal of property, plant and 41,926 –

equipment
Motor vehicle and travelling expenses 700,106 624,262
Electricity and water account

In forming an expectation of the 20X1 expense, the auditor will use knowledge gained from Ntsimbi
Piping about any changes in the premises used (e.g. additional buildings used during the year or moving
to a new premises), increases in the company’s production levels, as well as the general increases in
South African utility costs during 20X1.
Based on the nature of this expense item, it is expected that, excluding the above factors, the cost should
remain fairly stable over the 12-month period. As no changes to the entity’s premises occurred during the
20X1 financial year, the auditor may thus perform substantive tests of details for one month of the year
and then form an expectation for the full 12-month period.
If July 20X1 is selected for the performance of substantive tests of details, the auditor will obtain and
inspect all relevant electricity and water invoices for this month.
This amount may then be annualised to form an expectation for the 20X1 financial year. If the total
amount audited for July 20X1 was verified as R208,295, and assuming a consistent level of production,
and taking into consideration that electricity and water costs increased by (say) 9% in August 20X1, the
amount for the 12-month period should then take this escalation into account and the annual amount can
then be expected to be in the range of (approximately) R2,593,273 – calculated as [R208,295 x 7] +
[(R208,295 x 109%) x 5].
The actual amount of R2,671,303 (per the 20X1 financial statements), compared to the estimated
calculation of R2,593,273, can be considered reasonable based on the fact that water and electricity
amounts fluctuate on a monthly basis and an exact estimation cannot be performed. The difference
(which is not material) is considered acceptable and no further testing is considered necessary in this
regard.
13.3.3.4 Substantive tests of details
Substantive tests of details drill down into the details of the transactions that make up a particular amount or
disclosure in the financial statements, with the objective of obtaining direct audit evidence to support the
amount or disclosure. These transactions would have been processed by the accounting system for a particular
business cycle. A sound understanding of the source documents and records used in the business cycle, as well
as the related accounting processes, is vital to be able to formulate substantive tests of details on the classes of
transactions, account balances and disclosures relating to the business cycle. In essence, this entails an
understanding of how the entity’s accountant would have gone about processing the relevant entries into the
entity’s financial records, including the documentation he or she would have needed and the parties he or she
would have needed to have spoken to in the process. Furthermore, a proper understanding of the relevant IFRS
and Companies Act requirements is required.
Substantive tests of details may comprise the following types of procedures:

• Inspection of relevant source documents or physical assets. For example:
• Inspection of a source document, such as a contract, is performed. The contract may be reviewed for
date (possibly verifying cut-off), the name of entity (verifying that it relates to the entity – occurrence),
the amount of the transaction (possibly verifying accuracy of the transaction or accuracy, valuation and
allocation of the account balance) having been signed by authorised signatories (verifying occurrence).
Any specific terms or conditions in the contract (such as security or penalties) may also be reviewed
and assessed and may provide evidence of various assertions.
• Inspection of an asset, such as inventory at an inventory count (addressed in detail in Chapter 14), or an
item of property, plant and equipment, such as a motor vehicle, is performed to verify the existence of
the asset. Inspection of the asset, however, will not provide sufficient appropriate audit evidence
regarding other assertions, such as the entity’s rights to the asset, although it may provide some
ancillary evidence regarding the accuracy, valuation and allocation assertion (such as when the asset
inspected appears to be in a poor condition, which may need to be reflected in its valuation through an
impairment charge).
• Reperformance, whereby the auditor repeats the exact same procedure as that previously performed by the
entity’s staff or computer system. For example:
• Reperforming a debtors age analysis or a bank reconciliation. Note that the key objective of such a
substantive procedure is to verify that the amounts and classifications included in the financial
statements are free from material misstatement.
CRITICAL THINKING
How will the use of reperformance be different when it is used as a test of controls as opposed to a
substantive test of details?
Guidance: Go back to section 13.3.2 and revise the objective or purpose of tests of controls and compare
that to the purpose of substantive procedures.
• External confirmation by obtaining direct written confirmation from external (third) parties, such as banks,
debtors, lawyers or consignees (in relation to inventory) (confirmations are addressed in detail in Chapter
14).
• Recalculation – by verifying that the arithmetical accuracy of source documents and accounting records is
correct. For example:
• Recalculating the depreciation expense in terms of the entity’s accounting policy (as has been disclosed
in the financial statements); and
• Recalculating the interest expense that should have been recorded on a loan, based on the interest
percentage verified in a loan agreement or a bank confirmation.
• Enquiry through discussions with internal parties (e.g. management or employees of the entity) and
external parties related to the entity (such as suppliers), thus verbally obtaining information as audit
evidence. For example:
• Enquiring from management regarding assumptions that have been used in calculating an estimate such
as an allowance for credit losses or obsolete inventory. (Remember that if audit evidence can be
obtained in writing and from third parties it is considered more reliable than verbal enquiries from
internal sources.)
13.3.3.4.1 Substantive tests of details – Classes of transactions

Substantive tests of details of classes of transactions are performed on material classes of transactions for key
business processes (such as the sales class of transactions in the revenue and receipts business cycle). These
tests can be performed to verify all the assertions (i.e. address all the audit objectives) applicable to classes of
transactions (i.e. completeness, occurrence, accuracy, cut-off, classification and presentation). Each test
addresses a specific audit objective.
You will recall that the assertions are described in ISA 315.A129. It is always a good idea to refer to this
paragraph when formulating substantive tests of details.
The auditor develops these substantive tests of details by following the four steps below:
Step 1:
Identify all classes of transactions impacting the revenue/expense account for which substantive
procedures are to be formulated. This is best achieved by drawing up the particular T-account in the
general ledger and indicating the various types of debit and credit entries that typically appear in the
account. Each type of debit and credit entry represents a class of transactions impacting the account. For
example, as shown in the T-account for sales below, a sales account will consist of (1) cash and credit sales
entries on the credit side (from the sales class of transactions) and (2) sales returns and other adjustments
entries on the debit side (from the sales returns and adjustments class of transactions).
The summarised sales account in the general ledger of Ntsimbi Piping is set out below:
SALES
Sales returns and other x xxx Credit sales xxx xxx xxx
adjustments
Trading account/profit 128,320,126 Cash sales xxx xxx

and loss (per note 13 to
the 20X1 financial
statements)
Step 2:
Formulate the audit objective(s) that has to be verified by means of the substantive procedures for each
class of transactions. For both the sales and sales returns and other adjustments classes of transactions,
these are to test the completeness, occurrence, accuracy, cut-off, classification and related presentation of
sales and sales adjustments.
Step 3:
Identify all relevant documents and client personnel 1 involved in each class of transactions (refer to
Chapters 6 to 10 in which the documents and people involved in each of the business cycles were
discussed). For credit sales, these would include the sales journal/transaction file, sales invoices and
delivery notes. For sales adjustments, these would include the sales adjustments journal/transaction file,
credit notes, goods returned vouchers, original sales invoices and the sales manager.
Step 4:
Select the type of procedure 2 to be performed (such as inspection, reperformance, recalculation as
addressed in the previous section) to achieve each audit objective for each class of transactions.
In developing the substantive procedures, the auditor always has to consider the risk of material misstatement
and be mindful of what could have gone wrong when the entity’s accountant recorded the transaction/s, based
on the documents, entity’s personnel and processes relevant to the recording.
Now let’s apply steps 2 to 4 above to formulate substantive tests of details on the credit sales class of
transactions identified in step 1 above.
Step 2 – Formulate the applicable audit objectives

The auditor’s objectives relating to credit sales are to test that:
a) All credit sales transactions that took place have been completely recorded in the accounting records and
none have been omitted and all related disclosures have been provided (completeness assertion);
b) Credit sales transactions that have been recorded in the accounting records or disclosed actually took
place/occurred and pertain to the entity (occurrence assertion);
c) Credit sales transactions have been recorded in the accounting records and disclosed at the correct
amounts and on the basis of correct calculations (accuracy assertion);
d) Credit sales transactions have been recorded in the accounting records in the accounting period to which
they pertain (cut-off assertion);
e) Credit sales transactions have been recorded in the proper accounts (classification assertion); and
f) Credit sales have been properly aggregated and clearly described and related disclosures are relevant and
understandable (presentation assertion).
Step 3 – Identify relevant documents and client personnel

The best way to do this is to think through the documentation (and personnel, if applicable) underlying a
transaction starting from the recording in the general ledger and working back through journals and source
documents. Another useful technique to achieve this is to imagine yourself being the accountant of the entity
and then thinking about the steps you would have followed to process the class of transactions in the entity’s
accounting records. Which source documents would you have needed and who would you have needed to
speak to in order to obtain the information required to process the transaction?
For credit sales, this audit trail is as follows:

It should be clear from the above that a sound understanding of the flow of documentation through a business
cycle and its underlying accounting processes is key to being able to formulate substantive tests of details on
the classes of transactions affected by the cycle.
Step 4 – Select the type of procedure

Now that the auditor knows what his or her objective with the audit procedure is and also what types/sources
of audit evidence (documents and client personnel) are available, the final step is to select the appropriate type
of procedure to address the audit objective and to apply the procedure to the available types/sources of audit
evidence.
This is accomplished by phrasing what has to be done as an instruction that always contains:
• A verb or verbs derived from the available types of procedures to describe the action to be performed (e.g.
the verb ‘inspect’ is derived from the procedure-type ‘inspection’); and
• The document/subject matter on which the verb has to be performed (e.g. an invoice).
Let’s do this for audit objective (a) in step 2 above:
Audit objective
All credit sales transactions that took place have been completely recorded in the accounting records and none
have been omitted and all related disclosures have been provided.
Substantive tests of details

1. Select a sample of hard copy sales invoices (document on which procedure is performed) from the copies
retained by the client and inspect (verb/action) the recording of each invoice in the sales journal/sales
transaction file (document on which procedure is performed).
2. Select a sample of hard copy customer-signed delivery notes (document on which procedure is
performed) from the copies retained by the client and inspect (verb/action) that a sales invoice (document
on which procedure is performed) has been issued for each delivery note.
Once the same process has been completed for each of the relevant audit objectives, the substantive tests of
details for the credit sales class of transactions will be complete and ready for inclusion in the audit plan.
REFLECTION
Can you formulate the substantive tests of details for the audit objectives (b) to (f) in step 2 above,
following steps 2 to 4 again?
Next, we discuss the audit of the revenue and expenses classes of transactions in more detail in order to
demonstrate some important principles in respect of substantive tests of details on classes of transactions.
1. Auditing revenue
Completeness: When auditing revenue, one of the main risks that the auditor has to focus on is that all revenue
that accrues to the entity in respect of goods sold, services rendered, and other income accrued/received during
the period, has been completely accounted for and that no revenue has been omitted, and all related
disclosures have been provided.
WHY? Why would revenue be intentionally understated?
Revenue may be understated by management in order to reduce the entity’s tax liability or
franchise fees (that may be calculated based on a percentage of revenue).
REFLECTION
Is completeness always considered a high risk assertion in the audit of revenue?
• In performing substantive tests of details for revenue or other income accounts, completeness has to
therefore be verified by auditing from source documents (such as invoices, sales contracts and agreements
of loans provided to a third party) to the accounting records of the entity, in order to test for the
understatement of revenue. It is, of course, first necessary to verify that the source documents are all
accounted for, in other words to verify that no transactions have taken place during the period subject to
audit without a source document having been prepared.
By performing the substantive procedure from source documents that are relevant to the revenue/income being
audited, the auditor will be able to detect any documents (thus revenue/income) that have not been recorded or
disclosed in the accounting records and has thus resulted in the class of transactions being audited, being
incomplete.
Occurrence: The auditor has to verify that all revenue that has been recorded or disclosed during the period
arises from transactions that actually occurred (are valid) and relate to the entity.
• In performing substantive tests of details on revenue, occurrence has therefore to be verified by auditing
from the accounting records to source documents (such as invoices, sales contracts, agreements of loans
provided to third parties, confirmations and minutes of meetings) and, when inspecting these source
documents, verifying that they relate to the entity (i.e. are in its name) in order to detect the overstatement
of revenue.
By performing the substantive procedure from the accounting records relevant to the revenue/income account
being audited, the auditor will be able to detect any recorded or disclosed revenue/income that is not valid (i.e.
for which a valid source document relevant to the entity does not exist) and has thus been invalidly recorded in
the accounting records, resulting in the class of transactions being audited, being overstated.
The ‘from’ and ‘to’ discussions above are referred to as the direction of testing.
WHY? Why is the occurrence assertion generally assessed as being high risk in the auditing of
revenue?
Think about whether this assessed risk of material misstatement would relate to error, fraud,
or both? Also consider any responsibilities in this regard in terms of ISA 240.
WHY? Why is it sometimes necessary for the auditor to evaluate whether the Companies Act
requirements have been complied with, and review the client’s statutory records, in auditing
the occurrence assertion?
This is addressed in detail in section 13.3.3.4.5.
Accuracy: In performing substantive tests of details, the auditor has to verify that transactions are recorded
and disclosed at the correct amounts.
• In performing substantive tests of details on revenue, accuracy needs therefore to be verified by confirming
(when inspecting source documents such as contracts and invoices) that correct data (such as quantities,
prices, interest rates, foreign exchange rates and other relevant data) has been used and that calculations
have been performed correctly.
Evaluating the accuracy of the transactions recorded in the accounting records, by verifying the amounts in the
underlying source documents and the correctness of underlying calculations, will enable the auditor to detect
any revenue/income that has been recorded in the accounting records (or disclosed in the financial statements)
at the incorrect amount and has thus resulted in the accounting records being either over or understated
(depending on the type of misstatement recorded).
Cut-off: In performing substantive tests of details, the auditor has to verify that all revenue transactions are
accounted for in the correct accounting period to which they relate. A high risk of revenue being recorded in
the incorrect period, either intentionally or unintentionally, should be considered, due to the complexity of the
nature of certain types of revenue.
• In performing substantive tests of details on revenue, cut-off will therefore have to be verified by selecting
transactions around financial year-end (just before and after) from the accounting records and tracing them
to the source documents (such as invoices, contracts and loan agreements), and also in the other direction
(i.e. from source documents to the accounting records), verifying that the revenue is recorded in the correct
financial period based on the dates of the documentation inspected (and/or possibly any specific terms or
conditions noted, relevant to transaction).
Verifying the relevant dates of transactions of revenue/income being audited, by inspecting the dates in the
underlying source documents, will enable the auditor to detect any revenue/income that has been recorded in
the accounting records in the incorrect period, thus resulting in the accounting records being either overstated
(if the revenue/income actually relates to the following accounting period) or understated (if revenue/income
relating to the current accounting period has not been recorded).
Classification: In performing substantive tests of details, the auditor has to verify that all revenue has been
recorded in the proper accounts according to its description.
Verifying the correct classification of revenue/income being audited will enable the auditor to detect any
revenue/income that has been recorded in the incorrect accounts in the accounting records (and is therefore
likely to be incorrectly classified in the financial statements).
2. Auditing expenses
Occurrence: Focusing on overstatement and thus the occurrence of the expense, the auditor has to verify that
all expenses that have been recorded or disclosed during the period are in respect of transactions that actually
occurred (are valid) and relate to the entity.
• In performing substantive tests of details on expenses, occurrence has therefore to be verified by auditing
from the accounting records to source documents (such as invoices, purchase contracts, loan agreements
and minutes of meetings) in order to test for overstatement of expenses, and when inspecting the relevant
documentation, verifying that it relates to the entity (i.e. are in its name). (Where applicable, it may be
necessary for the auditor to evaluate whether Companies Act requirements have been complied with, and
review the entity’s statutory records, to verify the validity of a transaction – for example, where Section 75
director’s personal financial interests is applicable to an expense transaction. This is addressed in detail in
section 13.3.3.4.5).
WHY? Why would management intentionally overstate expenses?
They may do so in order to reduce the entity’s profits for the period, in attempting to reduce
the entity’s income tax liability.
Why else could the entity’s expense accounts contain invalid transactions as a consequence
of other fraudulent activity?
Think, for example, about transactions recorded that may not relate to the entity but rather to
an employee’s or management’s personal expenditures…
By performing the substantive procedure from the accounting records relevant to the expense being audited,
the auditor will be able to detect any expense that is not valid (i.e. for which a valid source document relevant
to the entity does not exist) and has thus been invalidly recorded in the accounting records or disclosed in the
financial statements, resulting in the class of transactions (expense) being audited, being overstated.
Completeness: When auditing expenses, the auditor has to verify whether all expenses that occurred during the
period have been completely accounted for or disclosed and that nothing has been omitted.
• In performing substantive tests of details on expenses, completeness is therefore verified by auditing from
source documents (such as invoices, purchase contracts, loan agreements, confirmations and minutes of
meetings) to the accounting records of the entity. It is, of course, first necessary to verify that the source
documents are all accounted for (i.e. to verify that no transactions have taken place during the period
subject to audit without a source document having been prepared).
By performing the audit test from source documents that are relevant to the expense, the auditor will be able to
detect any documents that have not been recorded in the accounting records or disclosed in the financial
statements and have thus resulted in the class of transactions being audited (expenses) being incomplete.
Accuracy: In performing substantive tests of details on expenses, the auditor has to verify that expense
transactions are recorded and disclosed at the correct amounts.
• In performing substantive tests of details on expenses, accuracy has therefore to be verified by ensuring
(when inspecting source documents such as contracts, purchases transactions, and invoices) that correct
data (such as quantities, prices, interest percentages, forex rates and other relevant data) has been used and
that calculations have been performed correctly.
Evaluating the accuracy of the expense transactions recorded in the accounting records, by verifying the
amounts in the underlying source documents and the correctness of underlying calculations will enable the
auditor to detect any expense that has been recorded in the accounting records (or disclosed in the financial
statements) at the incorrect amount and has thus resulted in the accounting records being either over or
understated (depending on the type of misstatement recorded).
Cut-off: In performing substantive tests of details, the auditor has to verify that all expense transactions are
correctly accounted for in the accounting period to which they relate.
• In performing substantive tests of details on expenses, cut-off will therefore have to be verified by selecting
transactions around year-end (just before and after) from the accounting records and tracing them to the
relevant source documents (such as invoices, purchases transactions, contracts and loan agreements) and
also in the other direction, verifying that the expense is recorded in the correct accounting period based on
the dates of the documentation inspected (and/or possibly any specific terms or conditions noted, relevant
to transaction).
Verifying the relevant date of the expense transaction being audited by inspecting the dates in the underlying
source documents, will enable the auditor to detect any expense that has been recorded in the accounting
records in the incorrect period, thus resulting in the accounting records being either overstated (if the expense
actually relates to the following accounting period) or understated (if the expense relates to the current
accounting period and has not been recorded).
Classification: In performing substantive tests of details, the auditor has to verify that all expenses have been
recorded in the proper accounts according to description.
• This should include verifying that, for example, maintenance expenses recorded do not include
improvements of a capital nature that should instead have been included in an asset account, or vice versa.
Verifying the correct classification of expenses being audited will enable the auditor to identify any expense
that has been recorded in the incorrect account in the accounting records (and is therefore likely to be
incorrectly classified in the financial statements).
13.3.3.4.2 Substantive tests of details – Account balances

Substantive tests of details can be performed to verify the assertions (i.e. address the audit objectives)
applicable to account balances (i.e. existence, rights and obligations, completeness, and accuracy, valuation
and allocation, classification and presentation). Each test addresses a specific audit objective.
The auditor develops substantive tests of details for balances by following exactly the same four steps as in
tests for classes of transactions. These were discussed in the previous section (section 13.3.3.4.1). The only
difference is that the account balance on which the procedures are now performed is an account balance that
appears in the entity’s Statement of Financial Position. As a result, these account balances typically consist of
the following elements:
• An opening balance (not present in accounts that appear in the Statement of Comprehensive Income, such
as revenue and expenses);
• Classes of transactions (also present in accounts that appear in the Statement of Comprehensive Income,
such as credit sales and sales adjustments); and
• A closing balance (not present in accounts that appear in the Statement of Comprehensive Income, as these
accounts are closed off to the trading account at financial year-end and therefore have no balance).
A summary of the entries in the trade receivables general ledger account of Ntsimbi Piping is set out below:
GROSS TRADE RECEIVABLES
Opening balance 15,264,073 Bank (receipts from xxx xxx xxx

(1/1/20X1) debtors)
Credit sales xxx xxx xxx Sales returns and x xxx

adjustments
Closing balance 18,722,865

(31/12/20X1)
Recall that the opening balance in the general ledger account is always compared to the prior year’s financial
statements and audit working papers as part of the general substantive procedures that were discussed in
section 13.3.3.2. Therefore, what remains to be tested by the auditor are the classes of transactions in the
account and its closing balance.
When the auditor chooses to perform substantive tests of details in the audit of account balances, a
combination of tests is often performed as follows:
Substantive tests of details on the classes of transactions making up the year-end balance (e.g. the credit
• sales and cash receipts classes of transactions included in the trade receivables balance); and
• Substantive tests of details on the year-end balance (e.g. the trade receivables balance at year-end).
This differs from the substantive procedures that are performed to obtain audit evidence for classes of
transactions (these were discussed in section 13.3.3.4.1). When auditing a class of transactions in the financial
statements (such as sales), only substantive tests of details on the transactions3 are performed – there is no
need to perform substantive tests of details on the year-end total that appears in the Statement of
Comprehensive Income. This is summarised in Table 13.6 below.
Table 13.6:Types of audit procedures for different types of general ledger accounts
POSSIBLE FOR LINE ITEM IN POSSIBLE FOR LINE ITEM

STATEMENT OF IN STATEMENT OF
TYPE OF AUDIT PROCEDURE
COMPREHENSIVE INCOME? FINANCIAL POSITION?
(Y/N) (Y/N)
Test of controls Y Y
General substantive procedures Y Y
Substantive analytical procedures Y Y
Substantive test of details on classes Y Y

of transactions
Substantive test of details on N Y

account balance
Now let’s apply the four steps in the formulation of substantive tests of details to trade receivables (before
consideration of the allowance for credit losses), assuming that a substantive audit approach is followed in
respect of all classes of transactions that affect this account balance.
Step 1 – Identify applicable classes of transactions

This has already been done by analysing the T-account above. The applicable classes of transactions are credit
sales, sales adjustments and cash receipts from debtors.
Step 2 – Formulate the applicable audit objectives

The auditor’s objectives relating to trade receivables are to test that:
a) All trade receivables that are included in the account balance at year-end actually exist (existence of trade
receivables assertion);
b) All trade receivables that are included in the account balance at year-end pertain to trade debtors against
which Ntsimbi Piping has a valid claim to receive payment (rights to trade receivables assertion);
c) All trade debtors that owe money to Ntsimbi Piping at year-end are included in the account balance and
none has been omitted and all related disclosures have been provided (completeness of trade receivables
assertion);
d) Trade receivables are included in the account balance at year-end at the appropriate amounts and any
adjustments thereto (i.e. for debtors’ balances where the recovery is remote) have been appropriately
recorded, and related disclosures have been appropriately measured and described (accuracy, valuation
and allocation of trade receivables assertion);
e) Trade receivables and related adjustments have been recorded in the proper accounts (classification of
trade receivables assertion); and
Trade receivables and related adjustments have been appropriately aggregated or disaggregated and
f) clearly described and related disclosures are relevant and understandable (presentation of trade
receivables assertion).
Step 3 – Identify relevant documents and client personnel

The audit trail for each of the classes of transactions in the trade receivables account is identified in the same
way as for sales demonstrated in section 13.3.3.4.1. For credit sales recorded in the trade receivables general
ledger account, this audit trail is as follows (notice that it is exactly as for credit sales in section 13.3.3.4.1):
For receipts from debtors, the audit trail will be as follows:
In the case of an account balance, we also have to think about whether there are any documents or records that
underlie, support or provide details of the composition of the account balance at year-end. In the case of trade
receivables, these are the following:
It should be clear from the above that a sound understanding of the flow of documentation through a business
cycle and its underlying accounting processes is key to being able to formulate substantive tests of details on
the account balances affected by the cycle.
Step 4 – Select the type of procedure

The substantive tests of details to be performed on the credit sales, sales adjustments and cash receipts from
debtors classes of transactions are formulated as demonstrated in section 13.3.3.4.1, as these are the classes of
transactions involved in the trade receivables account balance.
What remains is the formulation of substantive tests of details to be performed on the balance on the
account at year-end (recall that this was not applicable in the case of the sales account in section 13.3.3.4.1, as
the sales account is closed off to the trading account at year-end and therefore has no balance).
Let’s do this for audit objective (c) in step 2 above:
Audit objective
All trade debtors that owe money to Ntsimbi Piping at year-end are included in the account balance and none
has been omitted and all related disclosures have been provided.
Substantive tests of details

1. Select a sample of trade receivables from the debtors subsidiary ledger (document on which procedure is
performed) and inspect (verb/action) the debtors listing (document on which procedure is performed) to
ensure that it has been included in the debtors listing.
2. Inspect (verb/action) the balance of the trade debtors control account in the general ledger (document on
which procedure is performed) to ensure that it agrees to the total of the debtors listing (document on
which procedure is performed), and enquire (verb/action) from management (party being spoken to)
about any differences (this may already have be done as part of general substantive procedures – refer to
section 13.3.3.2).
Note: Do not lose sight of the fact that most of the evidence for this assertion is obtained from testing the
completeness of the sales class of transactions and the occurrence of the receipts of debtors and sales returns
and other adjustments classes of transactions (i.e. the classes of transactions making up the account balance at
year-end).
REFLECTION
Can you formulate the substantive tests of details for the audit objectives (a), (b) and (d) to (f) in step 2
above, following steps 2 to 4 again?
A more comprehensive demonstration of the formulation of substantive tests of details for the trade
receivables balance of Ntsimbi Piping is provided in the cycle case study at the end of section 13.3.3.4.3
below.
Next, we discuss the audit of account balances in more detail in order to demonstrate some important
principles in respect of substantive tests of details on classes of account balances.
Auditing account balances (i.e. assets and liabilities)
Existence: When auditing the existence of an account balance, the auditor has to focus on whether all assets
and liabilities recorded by the entity at year-end are valid and thus exist.
• In performing substantive tests of details, existence has to be verified by selecting balances from the
accounting records and agreeing the balances to source documents (purchase invoices or contracts), third-
party confirmations, or by physical inspection, if applicable.
• Agreeing to a source document may, for example, be the inspection of a contract for the purchase of an
intangible asset, such as an operating licence.
• Confirmations obtained from third parties may, for example, be from debtors, banks, or consignees in
relation to inventory being held on consignment, confirming the balances reflected in the accounting
records. All of these are addressed in Chapter 14.
• Physical verification of tangible assets may include inspecting the entity’s furniture, machinery or
inventory on hand to verify that they do exist.
By performing the substantive procedure from the accounting records relevant to the balance being audited,
the auditor will be able to detect any asset or liability recorded in the entity’s records that is invalid (i.e. does
not exist at year-end, is possibly fictitious) and has thus resulted in an overstatement of the asset or liability
balance being audited.
Rights and obligations: In performing substantive tests of details, rights in respect of assets and obligations in
respect of liabilities have to be verified by confirming that the entity holds or controls the rights to the assets
and is obliged to settle the liabilities recorded in the accounting records. Procedures are required to verify
ownership of assets (ensuring that no assets are encumbered, unless otherwise disclosed) and to verify the
entity’s liability obligations. Audit procedures to be performed thus include, among others:
• Reviewing title deeds for property owned by the entity;
• Enquiry of third parties and obtaining third-party confirmations from banks (e.g. for bank account
balances), the entity’s lawyers (for legal liabilities) and consignees (for inventory), addressed in Chapter
14.
• Review of minutes of meetings of the entity for any possible discussions and decisions with regard to the
entity not remaining the legal owner of any assets or not being liable for any of its liabilities; and
• Review of the terms, conditions and other pertinent information in contracts (such as lease contracts, or
contracts for intangible assets) and other relevant entity correspondence.
The auditor performs these substantive procedures to verify that the entity has the legal right to recorded assets
(or obligation for recorded liabilities), thus detecting any account balances that have been incorrectly recorded
in the accounting records or inadequately disclosed in the notes to the financial statements (e.g. encumbrances
on assets) and have thus resulted in the balance being audited, being overstated (assets), understated
(liabilities) or inadequately disclosed.
Completeness: When auditing the completeness of an account balance, the auditor has to focus on whether all
assets owned by the entity and liabilities that exist at year-end have been accounted for and all related
disclosures are provided in the financial statements and that nothing has been omitted. In performing
substantive tests of details, completeness has therefore to be verified by auditing from source documents (such
as invoices, contracts, bank statements, minutes of meetings, third-party confirmations) to the accounting
records of the entity, in order to test for understatement. This will include, among others, procedures such as:
• Performing an unrecorded liabilities test whereby significant payments in the bank statement for a period
shortly after year-end are identified and investigated to ascertain if they relate to entity liabilities that
existed at year-end and, if so, were appropriately recorded as such;
• Obtaining bank and lawyer confirmations (addressed in Chapter 14) and ensuring that any
assets/liabilities/provisions identified therefrom are appropriately recorded; and
• Reviewing minutes of meetings of the governance structures of the entity (such as board of directors, audit
committee) and entity contracts and confirmations (such as lease agreements and loan agreements) and
ensuring that assets/liabilities identified therein have been appropriately recorded.
By performing the substantive procedure from source documents that are relevant to the account balance being
audited, the auditor will be able to detect any amounts that have not been recorded in the accounting records
(or disclosed in the financial statements) and have thus resulted in an incomplete balance being audited.
Accuracy, valuation and allocation: In performing substantive tests of details, the auditor verifies that all assets
and liabilities are included at year-end at the appropriate amounts and any adjustments thereto in respect of
valuation or allocation, have been appropriately recorded, and related disclosures in the financial statements
have been appropriately measured and described.
Substantive testing for the accuracy, valuation and allocation of inventory, includes, for example, detailed
testing of management’s allowance for inventory obsolescence to gain an understanding thereof, and
evaluating the calculation for reasonableness based on any assumptions applied. Also, if possible, a review of
post-year-end sales or signed sales contracts has to be performed (to determine if inventory on hand at year-
end is saleable and, if so, at what amount). Net realisable value testing should also be undertaken to evaluate
the need for possible write-downs in terms of IFRS requirements. The possible use of an expert in complex
inventory situations (i.e. for the valuation of art works) may also need to be considered (the use of an expert is
addressed in Chapter 14).
WHY? Why are estimates and provisions regarded as high risk by the auditor?
In answering this question, consider the nature of these balances and how they are
calculated. Also refer to section 14.3.3 of Chapter 14.
The auditor performs this substantive procedure by verifying that items in the accounting records relating to
the account balance being audited have been included at the correct amount at year-end and appropriately
disclosed (in terms of the measurement requirements of the applicable financial reporting framework (e.g.
IFRS)), thus detecting any amounts that have been incorrectly calculated in the accounting records (and/or
incorrectly disclosed) resulting in the account balance being either under or overstated.
13.3.3.4.3 Substantive tests of details – The ‘presentation’ assertion and other disclosures in the financial
statements
The same four-step process used for classes of transactions and account balances is followed to formulate
substantive tests of details on the presentation assertion and other disclosures in the financial statements (notes
to the financial statements).
For example, in Ntsimbi Piping’s 20X1 financial statements, the following is disclosed in Note 23
Contingent Liabilities:
Litigation is in process against the company relating to a dispute with the Competition Commission,
which alleges that the company has been involved in price fixing in the industry. The information
usually required by IAS 37 Provisions, Contingent Liabilities and Contingent Assets is not disclosed
on the grounds that it can be perceived to be prejudicial to the outcome of the litigation. The directors
are of the opinion that the claim can be successfully defended by the company.
In relation to this contingent liability note, the auditors of Ntsimbi Piping have to verify the existence of this
contingent obligation to the entity, that all the necessary disclosures in regard to this possible obligation have
been provided and that they are relevant and understandable. This includes verifying whether the description is
clear and adequate in the circumstances and that the explanation as to why no amounts have been provided is
reasonable and acceptable. Moreover, the auditor has to obtain sufficient appropriate audit evidence that there
are no other contingent liabilities other than the one disclosed.
In addition to evaluating whether disclosure complies with prevailing accounting standards/IFRS and other
relevant legislation, the auditor verifies accounting policies to confirm that they are consistent with the prior
year, and if not, whether the appropriate adjustments and disclosure in regard to the effect of the change have
been made.
13.3.3.4.4 Substantive tests of details – Incorporation of accounting pronouncements

The way in which items in the financial statements are recognised, the amounts at which they are measured,
and the manner in which they are disclosed are all determined by the applicable financial reporting framework
and related accounting standards (such as IFRS and IAS). As was discussed previously in this chapter, the
objective of substantive procedures (including tests of details) is to test whether these amounts and disclosures
are ‘true’ (or free from material misstatement). It then follows logically that substantive procedures also need
to test whether the requirements of accounting standards have been complied with in the financial statements.
An accounting standard typically includes definitions, recognition requirements, measurement
requirements and disclosure requirements. By means of, among other things, substantive tests of details, the
auditor seeks to determine whether all these requirements have been complied with. It stands to reason that the
accounting standards play an integral part in the formulation of substantive tests of details.
Let’s use some of the elements of IAS 2 Inventories to demonstrate how the auditor should incorporate the
relevant accounting standard when he or she formulates substantive tests of details.
The definitions in an accounting standard determine whether an item must be recognised, as only items
that meet a definition may be recognised.
IAS 2.6 defines inventories as ‘assets (a) held for sale in the ordinary course of business; (b) in the process
of production for such sale; or (c) in the form of materials or supplies to be consumed in the production
process or in the rendering of services.’
Ntsimbi Piping certainly held two types of inventory at its 20X1 year-end, namely raw materials and
finished goods (note 4 to the financial statements). Let’s consider only finished goods for discussion purposes.
In order to test that the recorded finished goods are actually inventories, the auditor would have to test that
they meet the IAS 2 definition of inventories. He or she would therefore have to obtain evidence that the
recorded goods are assets that are held for sale in the ordinary course of business. This can be done by, for
example, selecting recorded finished goods items and physically inspecting the inventory (e.g. PVC piping) to
ensure that it is an economic resource held by Ntsimbi Piping that will generate future economic benefits
(sales revenue) (i.e. that it is an asset). Furthermore, from his or her understanding of the business, the auditor
will know that Ntsimbi Piping sells PVC piping and that therefore the finished goods are held for sale in the
ordinary course of business. This provides audit evidence that the finished goods actually exist (existence
assertion) and that they have been correctly classified as finished goods and not as raw materials
(classification assertion).
You should note from the above that, by testing that Ntsimbi Piping has complied with the definition of
inventories in IAS 2, the auditor actually ‘automatically’ also tested that the inventory exists and has been
correctly classified.
The recognition requirements in an accounting standard determine how and by when an item that meets
the definition must be recognised.
IAS 2.6 requires inventory to be recognised as an asset until it is sold. According to IAS 2.34 ‘[w]hen
inventories are sold, the carrying amount of those inventories shall be recognised as an expense in the period
in which the related revenue is recognised.’
In Ntsimbi Piping’s case, this figure is presented as cost of sales in the Statement of Comprehensive
Income.
Ntsimbi Piping’s auditor would have to test that the abovementioned requirement in IAS2.34 has been
met. Ntsimbi Piping makes use of a perpetual inventory system, which means that each time a product is sold,
the cost of that product is recorded as cost of sales. The auditor can therefore select a sample of sales
transactions that occurred throughout the year and for each transaction inspect the inventory records and
general ledger for the transfer of the cost of the item from inventory to cost of sales.
You should note from the above that, by testing that Ntsimbi Piping has complied with the recognition
criterion of inventories in IAS 2.34, the auditor actually ‘automatically’ also tested that the inventory exists
(items that are no longer inventory because they have been sold are no longer shown as inventory) (existence
assertion) and have been correctly classified (as cost of sales as opposed to inventory) (classification
assertion).
The measurement requirements in an accounting standard determine the amount at which an item must be
recognised.
In the case of inventories, measurement comprises two key aspects, namely cost and net realisable value.
We shall only consider cost for the purpose of this example. Also, let’s consider only raw materials inventory
here.
IAS 2.10 states that ‘[t]he cost of inventories shall comprise all costs of purchase, costs of conversion and
other costs incurred in bringing the inventories to their present location and condition.’
Ntsimbi Piping’s auditor would have to test that the costs of purchase have been accurately included in raw
materials inventory (accuracy, valuation and allocation assertion). This can be done by, for example, selecting
a sample of raw material items and inspecting the corresponding purchase invoices to ensure that all costs of
purchase have been included in the cost of raw materials.
Raw materials by definition have no costs of conversion (this cost category would apply to finished
goods). The auditor would, for example, inspect the raw materials inventory records to test that no costs of
conversion have indeed been recorded for this inventory (accuracy, valuation and allocation assertion). A
similar test would be performed in respect of other costs.
You should note from the above that, by testing that Ntsimbi Piping has complied with the measurement
criteria for inventories in IAS 2.10, the auditor actually ‘automatically’ also tested the accuracy, valuation and
allocation assertion in respect of the raw materials inventory.
The disclosure requirements in an accounting standard determine how an item must be disclosed in the
financial statements. Refer to section 13.3.3.4.3 of this chapter, where the application of substantive tests of
details to disclosures is discussed.
13.3.3.4.5 Substantive tests of details – Incorporation of the requirements of the Companies Act
If there are Companies Act requirements that have to be complied with in order for a transaction or event to be
valid and therefore to have occurred (occurrence assertion) (for example approval by shareholders and the
board of directors for a loan to a director) or where the Companies Act contains requirements for items to be
disclosed in a particular way in the financial statements (presentation assertion), the auditor uses substantive
tests of details to test that these requirements have indeed been complied with, in order to obtain audit
evidence to support the respective assertions.
Assume that Ntsimbi Piping granted financial assistance in the form of a loan to one of its directors at the
beginning of the financial year being audited and that the assistance was not part of an employee share
scheme. Section 45 of the Companies Act applies to the provision of financial assistance to directors and
allows such financial assistance, provided that a number of requirements have been met and provided that the
Memorandum of Incorporation does not contain other requirements in this regard. Let’s assume that Ntsimbi
Piping’s Memorandum of Incorporation is silent on this matter and that therefore section 45 of the Companies
Act applies.
Section 45(6) states that the granting of the abovementioned loan would be void if the requirements of
section 45 for the granting of the loan have not been complied with. Consequently, in order to obtain audit
evidence that the loan asset exists, the auditor would have to obtain audit evidence that the relevant
requirements of section 45 have been complied with.
The auditor would have to determine all the Companies Act requirements to have been complied with for
the company to legally grant the loan. Then he or she would have to design substantive tests of details to
verify that each of these requirements have been complied with.
By way of example, below we look at only some of the relevant requirements of section 45 and the related
substantive tests of details that the auditor could use to obtain audit evidence of compliance with them:
• Section 45(3)(a)(ii) requires a special resolution (by shareholders) approving the provision of such loans to
directors to have been made within two years prior to the granting of the loan. For such special resolution
to have been made by the shareholders, the requirements for valid special resolutions contained in section
65 have to have been complied with. These requirements include that proper notice of the shareholders
meeting involved had to have been given (to test this, the auditor can inspect the notice of the meeting),
that a quorum was present at the meeting (to test this, the auditor can inspect the approved minutes of the
meeting and recalculate whether a quorum was present) and that at least 75% (unless the Memorandum of
Incorporation requires a different percentage) of the shareholders who voted was in favour of the granting
of the loan (to test this, the auditor can inspect the approved minutes of the meeting and recalculate
whether the 75% of shareholders indeed voted to approve the granting of the loan).
• Section 45(3)(b)(i) requires that the board must be satisfied that the company would meet the solvency and
liquidity test (refer to section 4 of the Companies Act) immediately after the granting of the loan. The
solvency and liquidity test has various components of which one is that the assets of the company must
equal or exceed its liabilities, fairly valued, based on financial statements that meet the requirements of the
applicable financial reporting framework. The auditor could test that this requirement has been met by
obtaining the relevant workings of the directors, comparing amounts used therein to Ntsimbi Piping’s
financial statements and accounting records and inspecting that the result of the workings is indeed that
assets equal or exceed liabilities.
Note that, as companies are legal entities as opposed to natural persons, key decisions have to be taken by
directors and/or shareholders. These individuals can only make decisions by means of meetings. Such
meetings have to be properly convened by means of, for example, proper notice and the presence of quorums,
in order for decisions that have been made to be valid. It follows that the auditor would have to test that every
meeting at which a decision that is relevant to the audit had been taken, was indeed properly convened. The
first bullet above provides an example of how the auditor can test this.
CYCLE CASE STUDY
Demonstration: Substantive tests of details for the accounts receivables

account balance
This demonstration is based on Ntsimbi Piping’s revenue and receipts cycle as explained in the case
study in Chapter 6.
It is essential that you are familiar with this cycle prior to working through the demonstration below. If
this is not the case, this is a good time to revise first the revenue and receipts cycle in Chapter 6, but also
the other cycles covered in Chapters 7 to 10. As mentioned before, a sound understanding of the flow of
documentation through a business cycle and its underlying accounting processes is vital to be able to
formulate appropriate substantive tests of details on the classes of transactions, events and the related
disclosures and the account balances and related disclosures affected by the cycle.
This demonstration details some of the key substantive tests of details in relation to trade receivables, the
audit objective(s) and assertion(s) addressed by each procedure and explanation as to how each
procedure was developed.
Note: The substantive procedures included in the table are only examples of the types of procedures that
could be performed. It is not a comprehensive list of substantive procedures to be performed in respect
of each audit objective. The intention with this demonstration is to provide an overview of how
substantive procedures should be formulated, so that the reader can apply the principles to any of the
classes of transactions, events and related disclosures; account balances and related disclosures; or other
disclosures that may be found in an entity’s financial statements. This approach is considered superior to
merely providing lists of substantive procedures for each material component of the financial statements.
EXAMPLES OF TYPES OF
AUDIT OBJECTIVE ASSERTION SUBSTANTIVE TESTS OF
DETAILS TO BE PERFORMED
To test that all amounts included Existence A debtors circularisation process

by Ntsimbi Piping in the account will be performed with the
balance at year-end actually exist. relevant debtors selected for
testing in order to confirm material
balances making up the year-end
account balance.
The detailed procedures for
performing a debtors
circularisation are addressed in
Chapter 14, section 14.3.1.6.
To test that Ntsimbi Piping holds Rights Inspect contracts with funders to
the rights to all amounts included identify any ceding of the debtors
in the account balance at year-end. book that has taken place.
Evidence may also be obtained
from procedures performed in
other areas of the audit, such as the
review of minutes of board
meetings, and external
confirmations from financial
institutions.
To test that all trade receivable Completeness This is usually not a high risk for
amounts owing to Ntsimbi Piping trade receivables. Among others,
at year-end have been accounted procedures to be performed
for and nothing has been omitted, include:
and all related disclosures in • Inspecting the audit work
respect of trade receivables that papers for the results of the
should have been included in the audit procedures performed to
financial statements, have been verify the completeness of
included. revenue class of transactions;
• Inspection of the file of
correspondence with all debtors
(if available) for invoices not
raised at year-end; and
Subsequent receipts testing
post-year-end (inspecting
deposits on the bank statement
after year-end and verifying
that there was a corresponding
•
debtor balance raised at year-
end – if not, it must be verified
that this deposit relates to a
sales transaction that genuinely
occurred after year-end).
The auditor also needs to inspect

the annual financial statements to
confirm the completeness of
disclosures with regard to:
• Trade receivables on the face
of the statement of financial
position;
• The accounting policy in
relation to trade receivables;
and
• The trade receivables notes to
the financial statements.
To test that trade receivables have Accuracy, valuation and To test the accuracy of the gross
been included in the account allocation amount of the trade receivables
balance at year-end at the balance, testing will need to be
appropriate amounts and any performed on the mathematical
adjustments thereto (i.e. for accuracy of invoices/contracts of
debtors’ balances where the sale. This will include
recovery is considered doubtful) reperforming all calculations
have been appropriately recorded, relevant to the sale, including any
and all related disclosures have VAT and discount calculations and
been appropriately measured and foreign exchange conversions,
described. where applicable.
Detailed testing needs to be
performed on the recoverability of
the balance, including on the
reasonability of the allowance for
credit losses (of R1,519,842),
which has been recorded at year-
end against the gross trade
receivables amount.
The detailed procedures in with
regard to this process are
addressed in Chapter 14, section
14.3.3.
The auditor also needs to inspect
the annual financial statements to
verify the appropriate
measurement and description of
of the statement of financial
position;
• The accounting policy in
relation to trade receivables;
and
• The trade receivables notes to
the financial statements,
including all amounts and
details.
To test that all balances have been Classification Inspect the year-end debtors list,
recorded in the proper accounts. which has been agreed to the
balance on the debtors control
account, to ensure that it contains
no credit balances (as these should
be reclassified as part of
‘payables’).
To test that trade receivables and Presentation The auditor needs to inspect the
related adjustments have been annual financial statements with
appropriately aggregated or regard to:
disaggregated and clearly
described, and related disclosures of the statement of financial
are relevant and understandable in position;
the context of IFRS. • The accounting policy in
relation to trade receivables
and the allowance for credit
losses;
• The trade receivables and
allowance for credit losses
notes to the financial
statements, including all
relevant disclosures; and
• Ensuring that these disclosures
are described in a manner that
is clear, understandable and
relevant.
REFLECTION
Using the four steps, can you formulate the substantive tests of details to be performed on the following
financial statement items of Ntsimbi Piping?
• Historical cost of plant and machinery (note 2) – Refer to the Appendix to Chapter 13 for suggested
substantive tests of details for this account balance.
• Trade payables (note 11)
• Electricity and water expense (note 14)
• Employee costs (note 14)
• Interest received on trade receivables (note 15).
13.3.4 Dual purpose audit procedures

The formulation or wording of certain tests of controls is the same as that of a substantive test of details.
However, while the audit procedures may be the same, the objectives of the procedures and the evidence
obtained from them are different. This is demonstrated in the following example of the auditor reperforming a
bank reconciliation:
• The objective of the test of controls is to verify that the bank reconciliation has been properly performed
(daily/weekly/monthly) and signed as evidence of review (i.e. that the control has operated effectively and
is therefore achieving the related control objective).
• The objective of the substantive procedure is to verify the accuracy and completeness of the bank
reconciliation for the year-end bank balance in order to ensure that the bank balance, as included in the
financial statements, is free from material misstatement (i.e. to obtain audit evidence directly that the
account balance is free from material misstatement).
If tests of controls are performed on the bank reconciliation at year-end, this will also serve as a substantive
procedure – hence it will serve a dual purpose (i.e. audit evidence is obtained about the internal control
system, but also directly about possible material misstatements in the bank balance at year-end).
13.3.5 Revision
At this point, let’s briefly revise the differences between tests of controls and substantive procedures. Table
13.7 sets out these differences.
Table 13.7:The differences between tests of controls and substantive procedures
TESTS OF CONTROLS SUBSTANTIVE PROCEDURES
Test the operating effectiveness of a control activity. Test directly the correctness of the rand values
(amounts) of account balances or classes of
transactions and whether related and other
disclosures in the financial statements are free from
Results justify assessed levels of control risk. Results justify levels of detection risk being
achieved.
The result will always be a ‘yes’ or ‘no’ answer. ‘Is The result will always provide a measure of the rand
the control operating effectively – yes or no?’ value of the misstatement that exists in an assertion
Does not enable the auditor to conclude on the rand relating to an account balance/class of transactions.
value effect of misstatements in the account
balance/class of transactions.
The number of errors found does matter when The number of misstatements does not matter – it is
reaching a conclusion about operating effectiveness only the rand value effect of these misstatements that
of a control activity. The rand value (and materiality) is important when reaching a conclusion about
of these misstatements is irrelevant. whether an assertion contains a material
misstatement.
Results of tests of controls will always have an Results of substantive testing never have any impact
impact on the related substantive procedures – if on the amount of control testing to be performed.
controls are operating effectively, less substantive
Tests of controls (if any) are always performed prior
audit evidence is required and if controls are not to substantive procedures in order for the level of
operating effectively, more substantive audit control risk to be established, so that the level of
evidence will be required. detection risk can be determined. This level of
detection risk then drives the nature, timing and
extent of substantive audit tests.
Incorporates only the one type of procedure: tests of Incorporates two types of procedures (in addition to
controls. general substantive procedures): substantive
analytical procedures and substantive tests of details.
Having addressed the nature of further audit procedures in detail in the first part of this chapter, the second
aspect of the audit plan refers to the timing of performing further audit procedures.
Timing of an audit procedure refers to when it is performed, or the period or date to which the audit
evidence applies.
Timing thus includes consideration of performing testing at an interim or year-end stage, or at a
specific date.
The timing of audit procedures is addressed in ISA 330 (The auditor’s response to assessed risks).
13.4.1 Determinants of the timing of further audit procedures

Generally, the most common factor that affects timing of further audit procedures is the assessment of the risk
of material misstatement in the class of transactions, account balance or disclosure being audited. The higher
the assessed risk, the more likely auditors are to perform procedures at or after the end of the financial
reporting period.
CRITICAL THINKING
How can the timing of audit testing be used to address a high fraud risk?
The auditor may choose to perform audit procedures at times that are unpredictable to the client’s
management and staff and/or on a completely unannounced basis.
However, the timing of audit procedures is also frequently influenced (sometimes even dictated) by practical
factors that make it necessary (or more efficient) to conduct tests at a particular time. These include the
following:
• The involvement of other parties, such as internal auditors and experts (e.g. planning to use an expert will
have to be done several weeks or even months before year-end);
• Non-negotiable dates that the client has set – such as for an inventory count or visits to other branches of
the entity with operations throughout South Africa or even the world;
• A tight reporting deadline – which may require the performance of as many audit procedures as possible at
an interim date; and
• The availability of both audit and client staff:
• Availability of key management and staff at the entity (who may only be available at certain times);
• The audit team may be less busy at certain periods of the year (as many audit clients may have the same
year-ends) and it may thus prove to be efficient to use such periods in order to plan the audit and/or
conduct interim testing; and
• The availability of IT staff at the client may affect the timing of when CAATs are performed in the
audit.
13.4.2 Interim tests of controls

In addition to the factors discussed in section 13.4.1 above, an auditor may choose to test certain controls at an
interim date because, for example, the controls may have proved effective in prior audits. If interim testing of
controls is performed, it is vital for the auditor to perform additional audit procedures, relating to the period
subsequent to the interim testing and up to year-end, in order to obtain evidence that the controls tested at the
interim stage operated effectively for the entire period being audited.
CRITICAL THINKING
From a practical perspective, how does testing controls at an interim date improve the efficiency of the
audit?
It assists the auditor to identify the controls that are not operating effectively, and thus gives the auditor
more time to assess the control risk at the client and modify the audit plan accordingly.
It also allows the auditor time to inform management of the client of control weaknesses, so that
likely misstatements in the financial statements can be identified and corrected before the remainder of
the audit is performed. This will result in a more efficient audit being performed.
In determining the nature and extent of audit work to be performed for the remaining period after interim
testing, the auditor should consider factors such as:
• The evaluation of the design, implementation and operation of the relevant controls;
• The results of tests of controls at the interim period – if the relevant controls have been assessed to be
operating effectively up to the date of interim testing, less detailed further audit testing of the controls may
(under certain circumstances) be required for the remaining period to year-end;
• The materiality of the assertion(s) related to the controls being tested – the more material an assertion is,
the greater the need for further testing;
• Whether changes were made to these controls subsequent to them having been tested – should this have
occurred, the nature and extent of additional testing will have to be increased accordingly;
• The length of the remaining period – shorter periods between the interim testing date and year-end may
reduce the need for detailed audit testing to be performed at/after year-end; and
• The planned substantive procedures to be performed on the class of transactions, account balance or
disclosure – should detailed substantive testing be planned, this may alleviate the need for additional
detailed tests of controls to be performed at year-end.
At a minimum, the auditor would have to obtain an understanding, usually by enquiry (of entity management
or employees), about the nature and extent of changes in policies, procedures or personnel relevant to the
controls tested that occurred subsequent to the interim testing.
13.4.3 Interim substantive procedures

If the auditor considers performing substantive procedures on a particular class of transactions, account
balance or disclosure at a date prior to year-end, he or she has to consider the following factors:
Remember that substantive procedures aim to provide direct evidence about the entity’s year-end
balances. By performing this testing at an interim date, a potential problem arises with the appropriateness
of the audit evidence gathered. To address this problem, roll-forward procedures have to be performed by
the auditor, between the date of interim testing performed and the financial year-end.
• The objective of the substantive procedures to be performed – the more critical the audit objective is, the
less likely the auditor may be to consider detailed interim testing;
• The assessed risk of material misstatement in the account balance – the higher the risk is, the more likely
the auditor may choose to perform the majority of testing at or after year-end as opposed to an interim date,
in order to address this risk adequately;
• The control environment and relevant controls – the stronger the control environment is, the more likely it
is that the auditor may be to consider performing interim substantive testing;
• The nature of the class of transactions, account balance and relevant assertions – the more volatile and
unpredictable the class of transactions, account balance and specific assertion(s) is, the less likely the
auditor may be to consider detailed interim testing;
• The availability of information necessary for the auditor’s procedures at a later date – for example,
information may be stored electronically for a limited period of time, therefore should this be apparent,
interim substantive testing will be considered essential; and
• The auditor’s ability to reduce the risk that the audit procedures performed to cover the remainder of the
period to year-end do not detect material misstatements – in other words, sufficient reliable evidence of the
transactions that took place in the period between the period considered for interim testing and the entity’s
year-end can be gathered, which allows the auditor to reduce detection risk sufficiently.
Should the auditor perform substantive procedures at a date prior to year-end, selected additional substantive
procedures will generally need to be performed to cover the remaining period. These roll-forward procedures
involve comparing the year-end account balance/total with the account balance/total audited at the interim date
and performing substantive procedures on the movement in the account balance.
CRITICAL THINKING
What will substantive roll-forward procedures entail?
• Inspecting journals and ledgers to identify large or unusual transactions within the account in the roll-
forward period, and performing substantive tests of details on them; and/or
• Performing analytical procedures on the changes in the balance during the roll-forward period to
identify large or unexpected variances, requiring the conducting of further tests of details.
If, while conducting substantive procedures at an interim date, material misstatements are identified, the
auditor may need to:
• Revise the assessed risk of material misstatement for the class of transaction and related disclosure or
account balance and related disclosure;
• Revise the planned substantive procedures for the remaining period; or
• Perform additional substantive procedures at year-end.
13.4.4 Relying on audit evidence obtained in prior audits

It is possible, although only in specific circumstances, for the auditor to use audit evidence about the operating
effectiveness of controls obtained in prior year audits in the current year’s audit, but only after establishing its
continuing relevance (i.e. that there has been no change in the design of the control from prior years, and no
change was necessary due to a change in circumstances). It is further important to note that if the auditor
intends to rely on controls that address a significant risk, those controls have to be tested in the current year’s
audit – reliance on tests of these controls in prior audits is therefore not allowed in this instance. If the auditor
wishes to rely on evidence of control effectiveness from previous audits, evidence that the controls have not
changed is needed.
Where the above criteria are met, it is a matter of professional judgement for the auditor to decide whether to
rely on audit evidence obtained in previous years’ audits for controls. Factors to consider in respect of the
degree of this reliance are:
• The risk of material misstatement for the assertions affected by the control;
• The effectiveness of the entity’s control environment and other general controls; and
• Whether the control is automated or manual.
The auditor is required to test controls on which he or she intends to rely and to which there have not been
changes, at least in every third audit. Moreover, the operating effectiveness of certain key controls must be
tested on each audit. In other words, the auditor cannot rely on the previous years’ audit evidence for the
operating effectiveness of all the entity’s controls.

The third and last aspect of the audit plan is the extent of further audit procedures.
Extent refers to the quantity of audit procedures (i.e. the amount/‘how many’) to be performed. Extent
therefore often refers to the sample size used in an audit procedure, whether test of controls or substantive
test of details.
The extent of audit procedures is addressed in ISA 330 (The auditor’s response to assessed risk).
Generally speaking:
• The extent of tests of controls increases as the importance/significance of the control to the audit and the
degree of reliance the auditor intends to place on the control increase; and
• The extent of substantive tests of details increases as the risk of material misstatement increases.
(Therefore, the higher the assessed risk of material misstatement is, the larger the sample sizes are on
which the substantive tests of details must be performed.)
CAATs (addressed in Chapter 14) are useful for increasing the extent of audit procedures as they enable more
extensive testing by harnessing the processing power of computers. Selecting items for audit testing can be
done as follows:
• Selecting key or problem items for performing audit procedures. Auditor judgement is used to select items
that may include, among others, unusual items (e.g. items that have unusual characteristics), high-value
items, items prone to higher risk (e.g. specific debtors for which credit checks were never performed when
credit was initially granted), items recorded at a specific point in time (e.g. very close to financial year-end)
or types of items in which errors were identified in previous audits; and
• Selecting all items over a certain rand amount (key items). This may be used when attempting to verify a
large proportion of the population (e.g. all assets in the fixed asset register in excess of a specified rand
amount will be selected for physical inspection) in order to verify their existence. By selecting the largest
rand-value items, the auditor may thus verify this assertion as efficiently as possible (thus saving both time
and audit costs).
Note, however, that by performing the above methods of selecting items for audit testing, the auditor is only
able to conclude on the assertion in relation to the specific items selected for testing – no conclusions can be
drawn about the items that were not selected for testing.
In order to overcome this problem, the auditor should also consider making use of audit sampling, where
possible, when selecting items for testing.
13.5.1 Audit sampling
Audit sampling involves the application of audit procedures to less than 100% of items in a class of
transactions or account balance, enabling the auditor to obtain and evaluate audit evidence about some
characteristic of the items selected. By doing so, the auditor should be able to draw a reasonable
conclusion concerning the entire population from which the sample is drawn.
Audit sampling is addressed in ISA 530 (Audit Sampling).
13.5.1.1 Why is sampling used in audits?

An auditor providing an opinion on an entity’s annual financial statements expresses reasonable assurance, as
opposed to absolute certainty, as to the fair presentation of the financial statements. Key concepts underlying
the nature of an audit are thus audit risk and materiality. The auditor does not attempt to identify all
misstatements (including immaterial ones), or aim to reduce audit risk to zero – and accordingly he or she
does not test every single transaction that occurred during the financial reporting period. To do so would be
virtually impossible and unnecessary, due to feasibility, cost and time constraints. Consequently, when
gathering evidence to meet the objectives of an audit procedure, auditors can rely on sampling when designing
audit procedures.
Therefore, the challenge for auditors is to gather sufficient appropriate audit evidence as efficiently and
effectively as possible in order to form a basis for expressing an opinion on the annual financial statements.
Various methods are used by different auditing firms to select and evaluate samples used in the audit
process. However, there are certain general principles that apply to all sampling methods. The general
principles of sampling are therefore addressed in the remainder of this chapter, rather than the detailed (and
complex) application of various statistical sampling methods.
13.5.1.2 The population from which the sample is selected
The population is the entire set of data (records or documents) from which the sample is selected and
about which the auditor wishes to draw conclusions.
The application of audit procedures (both tests of controls and substantive procedures), such as inspection,
confirmation, recalculation and reperformance, involves the selection of items from a population for testing.
All of the items within a class of transactions (such as salaries or revenue for the financial year) or within an
account balance (such as the inventory or accounts receivable balance – or a listing of the items making up the
balance – at year-end) constitute a ‘population’.
The objective as well as the type of audit procedure to be performed is important in identifying the
population to be used. For example, if the auditor’s objective is to test the existence of accounts receivable, the
population could be defined as the detailed accounts receivable listing at year-end. When testing the
completeness of accounts receivable, the population is not the accounts receivable listing, but rather
populations that provide evidence of completeness of the balance (i.e. that nothing has been omitted).
If a population is not homogenous (i.e. the items in the population vary significantly), it may be stratified
by grouping similar items together in smaller subpopulations. Stratification of the population is usually
performed based on factors such as monetary value or nature and characteristics of the population items. This
enables the auditor to focus specifically on population items exposed to a higher risk of material misstatement
as a result of, for example, their monetary value or nature. Each of these subpopulations (or strata) is then
examined separately as part of an audit procedure.
An example of this during the performance of substantive tests of details on the accounts receivable
balance is where the balance consists of several large debtors as well as many small debtors’ balances. The
total population may be stratified (divided) into two strata, namely high-value debtors’ accounts and low-value
debtors’ accounts, so that positive confirmations can be sent to a sample of debtors in the high-value stratum
and negative confirmations to a sample of those in the low-value stratum (debtors confirmations are addressed
in 14.3 in Chapter 14).
CAATs (addressed in Chapter 14) can be used to sort and stratify populations in accordance with specified
criteria.
CRITICAL THINKING
What other kind of criteria do you think the auditor may consider in using CAATS to stratify a
population?
Think of all the different possibilities of characteristics of the items in a population e.g. dates, names of
other parties …
13.5.1.3 Sample sizes
13.5.1.3.1 Substantive test of details

Sample sizes for substantive tests of details are directly affected by the level of detection risk the auditor is
prepared to accept (see discussion of audit risk model in Chapter 12 section 12.5.1):
• The lower the detection risk is that the auditor is willing to accept, the greater the sample size will have to
be for audit testing.
• An increase in the auditor’s assessment of inherent or control risk will increase the sample sizes needed for
substantive procedures.
An increase in the use of other substantive audit procedures directed at the same financial statement assertion
will decrease sample sizes needed.
13.5.1.3.2 Tests of controls

Sample sizes for tests of controls are affected by the importance/significance of the control to the audit and the
degree of reliance the auditor intends to place on the specific control – the more important the control and the
higher the degree of intended reliance are, the larger the sample size will be.
REFLECTION
CAATs (addressed in Chapter 14) allow for the possibility of examination of 100% of items in a
population.
Is this still considered to be ‘audit sampling’?
13.5.1.3.3 Expected and tolerable errors

For both tests of control and substantive tests of details, the sample size will also be influenced by both the
expected error in the population as well as the tolerable error set by the auditor.
The auditor’s assessment of the expected errors that are likely to be present in the population is based on
previous experience with the client and on the results of the risk assessment procedures performed during
audit planning (e.g. the auditor may become aware of a newly implemented control, and this may give rise to
higher levels of expected errors due to likely teething problems from its implementation). The greater the
expected error, the larger is the sample size for testing the population.
Tolerable error is used by the auditor in the testing of controls (known as the tolerable rate of deviation)
and in the performance of substantive tests of details (known as tolerable misstatement). It is the maximum
percentage of deviations (in tests of controls) or the monetary amount (in tests of details) in the population that
the auditor is willing to tolerate and still conclude that the audit objective has been met. The greater the
tolerable error, the smaller the sample size for testing the population.
13.5.1.4 Sampling risk relevant to audit procedures
Sampling risk is the possibility that the auditor’s conclusion, based on a sample selected, may be different
from the conclusion that would be reached if the entire population were subjected to the same audit
procedure.
From tests of controls, the auditor may erroneously conclude as the result of using sampling:
• That control risk is lower than it actually is (i.e. that controls are more effective than they actually are),
which may lead to inappropriate conclusions being drawn and ultimately to an inappropriate audit opinion;
or
• That control risk is higher than it actually is (i.e. that controls are less effective than they actually are),
which may negatively affect audit efficiency as additional and unnecessary audit work will be performed.
From substantive tests of details, the auditor may erroneously conclude as a result of using sampling:
• That a class of transactions and relevant disclosure or account balance and relevant disclosure is free from
material misstatement, when in fact it does contain material misstatement, which may lead to inappropriate
conclusions being drawn and ultimately to an inappropriate audit opinion; or
• That a class of transactions and relevant disclosure or account balance and relevant disclosure contains a
material misstatement when in fact it does not, which may affect audit efficiency, as additional and
unnecessary audit work will be performed.
CRITICAL THINKING
How can sampling risk be reduced?
For both tests of controls and substantive procedures, sampling risk can be reduced by increasing the
sample size. (How will this reduce sampling risk?)
Can sampling risk be reduced to zero?
13.5.1.5 Selecting a sample of items from the population

Since the purpose of sampling is to provide a reasonable basis for the auditor to draw conclusions about the
population from which the sample is selected, it is important that the auditor selects a sample that is
representative of the population. This is necessary to to avoid bias and minimise the risk of drawing erroneous
conclusions about the population. With statistical sampling, sample items are selected in a way that each
sampling unit (i.e. item) has a known probability of being selected. With non-statistical sampling, judgement
is used to select sample items.
Although selection of sample items should be made on a random (or random-like) basis, there are various
methods of selecting samples that may be used (e.g. systematic or monetary unit selection). The auditor uses
his or her understanding of the entity, of the assessed risk of material misstatement within the class of
transactions or balances being tested and of the characteristics of the population being tested to decide on an
appropriate selection method.
13.5.1.6 Methods used – statistical and non-statistical sampling

Audit sampling can be done by means of either a statistical or a non-statistical approach – both are allowed by
ISA 530.
Statistical sampling – Random selection of a sample whereby all units have a chance of selection and
probability theory is used to evaluate the sample results.
Non-statistical sampling – Using judgemental reasoning, rather than probability theory concepts, for the
determination of sample size, the selection of the sample items, and/or the evaluation of the sample
results.
Statistical sampling techniques require the sample size, sample items selected from the population and the
evaluation of sample results all to be done statistically.
CRITICAL THINKING
What are the advantages of using statistical sampling instead of judgemental sampling?
It results in higher objectivity, less likelihood of over or under-auditing, better audit documentation and
greater confidence in conclusions drawn on the basis of the sample (thus allowing stronger justification to
management should a material misstatement be identified).
What do you think some audit firms consider to be a disadvantage of using statistical instead of
judgemental sampling?
The sampling method that the auditor determines to be most appropriate to use will depend on the particular
circumstances, for example:
• When auditors suspect serious error or manipulation in a class of transactions or year-end balance, they
will use their professional judgement (rather than probability theory) to select a directed judgement sample,
as this method will be more effective in addressing the assessed risk of material misstatement.
• In tests of controls, identifying and analysing the nature and cause of errors (i.e. why they arose, how they
arose) may be more valuable than statistically analysing the presence or absence of a particular control.
(Note, however, that when using statistical sampling for tests of controls, the analysis of the nature and
cause of errors identified is still a necessary and valuable step, in addition to the statistical quantitative
evaluation).
• In substantive tests of details, a statistical analysis and extrapolation of the projected error may be
considered a more appropriate method to use than judgemental sampling, owing to the difficulty in
projecting rand misstatements found in a sample to the entire population, which is facilitated by statistical
sampling techniques.
13.5.1.7 Evaluating results

When using sampling in performing tests of controls, the auditor is concerned with the rate of errors (control
deviations) in the population tested.
In evaluating results of a sample, the auditor needs to:

• Evaluate the sample results in comparison to the rate of error in the population that would be considered
acceptable (sometimes called ‘tolerable error’). If the sample results are higher than the tolerable error, the
objective has not been achieved; and
• Ascertain whether the nature and cause of deviations identified in the internal control procedures, detected
in the sample items, indicate a potential for material fraud or error to have occurred.
If the evaluation indicates that there is a possibility of a control not operating effectively:
• Evaluate the possible impact of this on the fair presentation of the financial statements of the entity; and
• Consider adapting the nature, timing and extent of substantive audit procedures accordingly.
13.5.1.7.2 Substantive procedures

When using sampling in performing substantive tests of details, the auditor is concerned with the expected
rand amount of misstatement in the population tested.
In the case of misstatements identified in a sample, the auditor should:

• Project monetary errors found in the sample (i.e. the rand value of the error) to the entire population to
assess the likely error amount in the population as a whole;
• Evaluate the projected results in comparison to the amount of error in the population tested that the auditor
would consider acceptable (i.e. is willing to tolerate);
• Evaluate the results qualitatively (i.e. consider the nature and cause of the misstatements identified). Even
if not considered quantitatively material, misstatements that are identified may be intentional and may thus
indicate the possibility of fraud in the entity, or in a certain process/function in the entity (i.e. evidence of a
weak control environment to have enabled the fraud to have occurred); and
• Conclude, based on the foregoing, on the effect of this evaluation on the particular audit objective and on
other areas of the audit.
1. When an auditor increases the assessed level of control risk due to some control procedures having been
determined to be ineffective, the auditor would most likely increase one of the following: (LO 1 & 5)
a) The planned level of detection risk
b) The planned level of substantive tests
c) The level of inherent risk
d) The extent of tests of controls
e) The audit fee
2. Procedure(s) that would most probably be used by an auditor when he or she performs tests of controls on
a control that involves segregation of duties and that leaves no audit trail is: (LO 10)
a) Reconciliation
b) Inspection
c) Reperformance
d) Observation
e) Enquiry
3. When using substantive analytical procedures, for which of the following accounts is the auditor most
likely to form a reliable expectation of what the total/balance should be at year-end, based on predictable
relationships? (LO 16)
a) Accounts payable
b) Advertising and marketing expense
c) Interest expense
d) Cash and bank
e) Revenue
4. In determining the nature of audit procedures to be performed, the auditor considers the following
factor(s): (LO 5)
a) The necessity of placing reliance on controls
b) The possibility of placing reliance on the internal control system in the entity
c) The desirability of relying on the system of internal control
d) The assessed risk of material misstatement
e) All of the above
f) None of the above
5. Sampling risk can be reduced to zero: (More than one answer is possible) (LO 22)
a) Always
b) Never
c) When the auditor plans the audit appropriately
6. With regard to tests of controls and substantive procedures: (More than one answer is possible) (LO 8)
a) Tests of controls test the operating effectiveness of a control activity.
b) Tests of controls enable the auditor to conclude on the rand-value effect of misstatements.
c) Tests of controls test the correctness of the rand values of balances and related disclosures or classes
of transactions and related disclosures.
d) Substantive procedures enable the auditor to conclude on the rand-value effect of misstatements.
e) Substantive procedures test the correctness of the rand values of balances or classes of transactions
or disclosures.

7. Tests of controls relate to the design and operation of a control. (LO 11)
8. There is a difference in the quality of audit evidence yielded by different types of audit procedures
performed. (LO 7)
9. Results of sampling should be analysed both quantitatively and qualitatively. (LO 22)
10. Substantive analytical procedure is a type of substantive procedure that can be used in the audit of all
classes of transactions, account balances and disclosures. (LO 17)
11. Interim audit testing may increase the effectiveness and efficiency of the year-end audit. (LO 20)
Generally speaking, the extent of substantive procedures increases as the risk of material misstatement
12. increases. (LO 21)
13. The objective of substantive procedures is to verify directly whether the assertions relating to the class of
transactions and related disclosures, or the account balance and related disclosures, are free from material
misstatement. (LO 12)
14. The only types of audit procedures available to an auditor to obtain audit evidence are tests of controls
and substantive tests of details. (LO 6)
15. If the auditor performs tests of controls and obtains evidence that the controls tested are operating
effectively, this increases the likelihood that the assertions applicable to the affected class of transactions
and related disclosures, account balance and related disclosures are likely to be free from material
misstatement. (LO 9)
16. The auditor seeks to eliminate detection risk by determining the nature, timing and extent of the
substantive procedures to be performed. (LO 2 & 3)
17. The audit plan assists the auditor in reducing audit risk to an acceptable level by setting out the nature,
timing and extent of further audit procedures to be performed by the audit team. (LO 2)
18. Describe the circumstances in which the auditor is required to follow a controls-based (combined) audit
approach in an audit of financial statements. (LO 7)
19. Explain for what purpose the auditor would use substantive analytical procedures during an audit and the
circumstances in which it would be appropriate to use these procedures. (LO 17)
20. In auditing accounting estimates, explain the auditor’s approach to designing appropriate audit
procedures. (LO 13 & 15)
21. What factors should be considered by the auditor in determining whether to perform substantive
procedures prior to the year-end date? (LO 19)
22. Why would an auditor consider making use of audit sampling? (LO 22)
23. How will a high assessed risk of material misstatement regarding the appropriateness of the going
concern basis of accounting used in the preparation of the entity’s financial statements affect the audit
plan? (LO 4)
24. Describe the steps that the auditor follows to formulate a substantive test of details. (LO 14 & 15)
Appendix
This additional example is based on Ntsimbi Piping’s investment and financing cycle (as explained in Chapter
10) and illustrates the substantive tests of details to be performed. It is essential that you are familiar with that
cycle prior to working through this illustration. Should this not be the case, it is suggested that you first revise
Chapter 10.
This illustration contains some of the key substantive tests of details in relation to the cost component of
Ntsimbi Piping’s property, plant and equipment (PPE) account balance, and the audit objective(s) and
assertion(s) addressed by each procedure.
Note: The substantive procedures provided below are not intended to be a comprehensive list of all the audit
procedures to be performed in respect of each audit objective, but merely examples of the types of procedures
that can be performed. The principles applied below in formulating the substantive procedures for the PPE
account balance (and explained earlier in this chapter), can be applied equally to any of the classes of
transactions, events (and related disclosures), the account balances (and related disclosures), or other
disclosures that may be found in an entity’s financial statements. Also, the procedures exclude the general
substantive procedures described in section 13.3.3.2 of this chapter.
To test that all assets included by Existence Select a sample of assets from
Ntsimbi Piping in the property, plant Ntsimbi Piping’s fixed asset
and equipment account balance at register, and physically inspect these
year-end actually exist i.e. the assets assets on the company’s premises,
are not fictitious. agreeing each asset inspected to the
description (and serial number) in
the register.
For additions that occurred during
the 20X1 financial year, inspect the
related purchase agreements (or
contracts/invoices), verify the
validity thereof, the details of the
assets purchased, and other relevant
information (e.g. the terms and
conditions of purchase).
When inspecting the above
purchase documentation, note the
descriptions of items which may
identify transactions that should
have been expensed (e.g.
transactions of a repairs and
maintenance nature which have
been erroneously capitalised).
For assets purchased during the
20X1 financial year, inspect bank
statements for confirmation of
payments made.
Perform a search for unrecorded
disposals of property, plant and
equipment items by, for example,
reviewing the cash receipts journal
for receipts of a capital nature, and
by inspection of correspondence
with the entity’s insurance company
to identify any fixed assets that have
been removed from the list of
insured items during the financial
year. Also, review disposals listed in
the entity’s 20X1 capital budget and
reconcile these to the assets that
have been removed from the fixed
asset register during the year.
To test that Ntsimbi Piping is the Rights For property owned by the entity,
party entitled to the rights of inspect title deeds for evidence of
ownership for the assets making up Ntsimbi Piping’s legal ownership
the account balance (e.g. they do not thereof.
belong to another entity and any For other asset additions, inspect the
assets pledged as security for purchase agreements/invoices for
obligations are disclosed). the name of Ntsimbi Piping and for
other relevant information,
including the terms and conditions
of purchase.
For motor vehicles, inspect the
registration documents and licence
renewals for the name of the
company.
For right-of-use assets, inspect the
lease agreements for the name of
Ntsimbi Piping and for other
pertinent terms and conditions of
the lease agreements to ensure that
the risks and rewards of ownership
have effectively passed to Ntsimbi
Piping (in accordance with IFRS
16).
Refer to the results from procedures

performed in other areas of the
audit, such as the review of minutes
of board meetings, and external
confirmations from banks and other
financial institutions – to obtain
evidence of any encumbrances on
PPE (that require disclosure in the
notes to the financial statements).
To test that all assets deemed to be Completeness Inspect Ntsimbi Piping’s approved
property, plant and equipment of capital budgets for items of a capital
Ntsimbi Piping at the end of the nature that were budgeted to be
financial reporting period are acquired during the 20X1 financial
accounted for and nothing has been year, and compare to those actually
omitted, and that all related recorded in the company’s fixed
disclosures that should have been assets register.
included in the financial statements, Inspect the entity’s minutes of board
are included. meetings authorising the acquisition
of items of property, plant and
equipment, and compare to those
actually recorded in the company’s
fixed assets register.
Inspect repairs and maintenance
account(s) in the general ledger for
material items which may represent
acquisitions of assets, but have been
erroneously charged as an expense.
When physically inspecting assets
(for existence), select a sample of
fixed assets on Ntsimbi Piping’s
premises and trace these to the fixed
asset register, agreeing all details
(including description and serial
numbers).
Inspect all lease agreements for
evidence of any assets which have
been leased, but which have not
been capitalised when so required
by IFRS 16.
Inspect the annual financial
statements to confirm the
completeness of IFRS 16
• The accounting policy in relation
to PPE; and
• The PPE notes to the financial
statements.
To test that all items of property, Accuracy, valuation and Inspect purchase documentation to
plant and equipment have been allocation verify that the cost of the asset
included in the account balance at includes the correct cost price,
the end of the financial reporting import duties, shipping charges,
period at the appropriate amounts installation (and any other relevant)
and any adjustments thereto (e.g. for costs. Verify, by inspection, that
possible impairment) have been VAT has been appropriately dealt
appropriately recorded, and all with in determining the cost of an
related disclosures have been asset.
appropriately measured and Reperform the mathematical
described. accuracy of all calculations on
purchase documentation.
If the asset is imported, reperform
the conversion of the foreign
currency amount into rands at the
spot rate on transaction date (after
confirming the exchange rate on this
date with a reliable third party).
Inspect the annual financial
statements to verify the appropriate
measurement and description of
• PPE on the face of the statement
of financial position;
• The accounting policy in relation
to PPE; and
statements, including all
amounts and details.
Note: As the illustrative audit
procedures are provided for the cost
component of the PPE account
balance, the procedures for auditing
the depreciation charges, and other
adjustments (including impairment)
are not provided here.
To test that all property, plant and Classification For a sample of additions during the
equipment have been recorded in financial year, agree the descriptions
the proper accounts. of items from purchase
agreements/invoices to the accounts
in the general ledger to verify that
the additions have been recorded in
the proper accounts.
To test that property, plant and Presentation Inspect the annual financial
equipment and related adjustments statements with regard to:
have been appropriately aggregated • PPE on the face of the statement
or disaggregated and clearly of financial position;
described, and related disclosures • The accounting policy in relation
are relevant and understandable in to PPE, including the IAS 16
the context of IFRS. model that has been adopted by
Ntsimbi Piping; and
statements, including making
sure that all relevant disclosures
(e.g. the detailed breakdown of
the balances reflecting the
different classes of PPE), have
been made in a manner that is
clear, understandable and
relevant.
1 These documents and personnel will be used in the performance of the substantive procedure.
2 This will be formulated as a verb/action, as the auditor is performing a task.
3 Note, however, that depending on the chosen audit approach, instead of or in combination with substantive tests of details, the auditor may also
have used substantive analytical procedures and/or tests of controls to obtain audit evidence about the classes of transactions.
Audit procedures: Speci c CHAPTER 14
considerations
Dana Nathan, Pieter von Wielligh and Gerrit Penning
CHAPTER CONTENTS
Learning outcomes
Reference list
14.1 Introduction
14.2 How do we formulate the nature of further audit procedures for specific classes of
transactions or account balances?
14.3 What are the requirements of International Standards on Auditing for dealing with
specific complexities that may be encountered when performing audit procedures?
14.4 What are computer-assisted audit techniques (CAATs)?
LEARNING OUTCOMES
1. Describe the nature of the audit procedures required to deal with the attendance at an
entity’s wage payout and inventory count.
2. Describe the nature of the audit procedures required to reduce the risk of failing to
detect fraudulent activity in cash and bank to an acceptably low level.
3. Describe the nature of the audit procedures to reconcile the creditors and bank
balances recorded in the auditee’s records to the external counterparty’s records.
4. Discuss the audit considerations applicable to the use of specific methods of obtaining
audit evidence through the use of confirmations from debtors, financial institutions,
lawyers or management.
5. Discuss the audit considerations applicable to the use of specific methods of obtaining
audit evidence through the use of the work of other parties, such as internal audit,
experts and other auditors.
6. Describe the nature of computer-assisted audit techniques (CAATs) and how they are
applied in the audit process.
7. Explain the purpose of using CAATs.
8. Describe the various approaches that can be followed by an auditor in auditing in a
computerised environment and describe the advantages and disadvantages of each
approach.
9. Describe the relationship between CAATs and audit procedures.
10. Describe the various CAAT tools and functions that auditors have at their disposal.
11. Identify the circumstances in which it will be necessary, possible or preferable to use
CAATs on an audit.
12. Identify and describe the type of CAATs that an auditor would apply in a particular
audit approach.
13. Describe how CAATs can be used during each stage of the audit process.
14. Briefly describe the steps that an auditor should follow when planning and performing
CAATs.
REFERENCE LIST
ere is a large number of International Standards on Auditing covered in this chapter.

What is listed here are those Standards and Practice Statements that you are expected to
read in detail in conjunction with this text.
Standard on Auditing (ISA) 505 External Confirmations.
International Auditing and Assurance Standards Board (IAASB) (June 2018)) International
Standard on Auditing (ISA) 540 Auditing Accounting Estimates, Including Fair Value
Accounting Estimates and Related Disclosures.
Standard on Auditing (ISA) 580 Written Representations.
Standard on Auditing (ISA) 610 Using the Work of Internal Auditors.
Standard on Auditing (ISA) 620 Using the Work of an Auditor’s Expert.
Independent Regulatory Board for Auditors (IRBA) (Oct 2005) South African Auditing
Practice Statement (SAAPS) 4 Enquiries Regarding Litigation and Claims.
Independent Regulatory Board for Auditors (IRBA) (July 2013) South African Auditing
Practice Statement (SAAPS) 6 External Confirmations from Financial Institutions.
Other standards and pronouncements not listed above, but referred to in the chapter,
should also be consulted to fully understand the requirements that apply to Registered
Auditors in South Africa.
14.1 Introduction
As discussed in Chapter 13, in order to develop the nature, timing and extent of audit
procedures required to respond to the risk of material misstatement, the audit plan should
deal with the following:
• e nature, timing and extent of risk assessment procedures (these procedures have been
covered in Chapter 12);
• e nature, timing and extent of further procedures to respond to the assessed risks of
material misstatement (such as tests of controls and substantive procedures – these are
covered in this chapter); and
• e nature, timing and extent of other audit procedures that are required to ensure that the
engagement complies with ISAs (such as procedures to ensure that reliance can be placed
on experts and internal auditors, where appropriate – these are covered in this chapter).
In this chapter, we continue focusing on the same area as introduced in Chapter 13 (i.e. the
highlighted area in the Audit Process Overview Diagram).
However, this chapter contains guidance in order to formulate the nature of audit procedures
in relation to specific classes of transactions and account balances, and to deal with the
requirements of specific ISAs that have been issued to deal with complex areas that the
auditor is likely to encounter when formulating audit procedures. e chapter also explains
how the auditor can use computer technologies to assist in gathering audit evidence.
14.2 How do we formulate the nature of further audit

procedures for speci c classes of transactions or
account balances?
While audit evidence about many of the assertions relating to wages, cash and bank,
inventory and creditors can be gathered using the steps outlined in Chapter 13, certain
aspects of the audit procedures required to gather sufficient appropriate evidence about
these classes of transactions and account balance require further explanation. is section
aims to provide such explanation.
14.2.1 Wages: Attendance of a wage payout

In order to gather audit evidence about the occurrence of wages, it is often necessary to
attend and observe the wage payout (i.e. the payment of wages in cash to employees of the
entity).
Controls over wage payouts were discussed in Chapter 9. Make sure you review that
discussion before reading this section, which focuses on the auditing aspects of wage
payouts.
When attending and observing a wage payout, the auditor should arrive at the client’s
premises after the wage pay packets have been prepared, but before the actual payout takes
place. erefore, the audit process begins after the cheque for wages for the week has been
drawn or, if applicable, the pay packets have been received from the security company.
Note 1: Surprise attendance can be used by not providing the entity sufficient time to prepare
for the auditor’s attendance. However, the practicalities of arriving on a complete surprise
basis are often difficult, if not impossible, to manage and thus not commonly used in practice.
Note 2: When the auditor is in possession of pay packets/cash relating to the wage payout, he
or she should exercise extreme care to ensure that procedures are in place so that the auditor
cannot be accused of stealing some of the money (e.g. by ensuring that the entity’s staff are
present at all times that pay packets are being handled by the auditor).
e auditor should then perform the procedures described below.
Before the payout, the auditor should:

• Take custody of all the pay packets and obtain the week’s payroll in order to compare and
agree the following:
• Payment details, such as the names of payees and wage amounts;
• e total number of pay packets into which wages have been placed.
• Select a sample of pay packets, open them, count the money in them, agree the amount
with the employee payslips and the week’s payroll printout and reseal the packets.
• Select a sample of employees from the payroll for the week and:
• Compare and agree the details recorded on the payroll to the relevant employee details
as recorded in the employee master file;
• Inspect the employees’ personnel records, such as their employment contract, UIF,
medical aid and union details, to confirm their actual existence; and
• Inspect evidence that authorised clock cards, or employee ID cards that grant access to
the entity’s premises electronically, exist for the employees selected.
WHAT What if the entity has various locations where payouts occur?
Ntsimbi Piping’s distribution, for example, takes place from multiple
IF? locations and warehouses in South Africa and wage payouts may take place
at all these locations.
If it is considered necessary, the auditors of Ntsimbi Piping must assign
auditing staff to all of the payout points (this should be considered in the
overall audit strategy and audit plan).
These audit staff must travel with the client’s staff involved in
distributing the wages and the pay packets to each of the payout points, in
order to perform the relevant audit procedures.
During the payout the auditor should:

• Observe the paymaster’s process of identification of each employee, as well as the
payment of their pay packet; and
• Verify that the following occurs as the paymaster distributes the wages:
• Positive identification of each wage earner is inspected; and/or
• e use of biometric fingerprint authentication is used and appears to be operating
effectively.
After the count, the auditor should:

• Observe whether pay packets that were not collected (i.e. unclaimed wages) are
appropriately recorded on the payroll and in an unclaimed wages register;
• Observe the unclaimed pay packets being delivered to the entity’s cashier;
• Inspect the unclaimed wages register for the period since the last payout, for example, for
the previous week (if wages are paid weekly) for evidence of proof of collection during the
period;
• Identify whether any employee names appear regularly in the unclaimed wages register –
if any names do appear regularly, inspect employee personnel records to investigate and
confirm their existence in order to identify possible fictitious employees;
• Verify that unclaimed wages are banked within a reasonable period of time, by inspection
of the necessary entries in the unclaimed wages register, bank deposit slips and bank
statements; and
• Inspect the signatures of the persons responsible for paying out the wages on the payroll.
WHY? Why have wage payouts become a less frequent occurrence in practice?
Due to the high security risk of wage payouts in cash, more and more
South African entities are choosing to pay wages directly into their
employees’ bank accounts instead of paying them in cash at a wage
payout.
However, since cash payments are preferred by many South African
employees, wage payouts continue to occur, albeit to a much lesser degree
than in the past.
REFLECTION
Think about how the auditor would verify the occurrence of wages if all payments were
made directly into the bank account of employees.
14.2.2 Cash and bank

In one way or another, cash and the bank accounts are affected by all the entity’s business
processes and accounting transactions. As the recording of cash and cash equivalents
generally relates to accounting activities in the revenue and receipts cycle, purchases and
payments cycle, human resources cycle and investment and financing cycle (addressed in
previous chapters and illustrated in Figure 14.2), audit procedures performed during the
audit of these cycles should address the risk of material misstatements in relation to the cash
and cash equivalent balances of the entity.
erefore, from a practical perspective, on most audits the audit procedures for cash
receipts and cash disbursements are conducted in conjunction with the tests of controls and
substantive tests of details relating to the various other business cycles (because the cash and
bank balance is the net ‘result’ of all of these transactions).
However, the risk of cash misappropriation/fraud having occurred is a major
consideration in the audit of the cash balance. is risk has to be considered and, if
necessary, addressed by the auditor, by way of performing further audit procedures to
address the assessed risk of material misstatement specifically in this regard, as detailed
below.
14.2.2.1 Designing further audit procedures

e nature and extent of the substantive tests of details that the auditor performs in relation
to cash and cash equivalents is affected by the assessed risk of material misstatement of the
balance. ey are also affected by the existence and effective operation of the entity’s
controls over cash receipts and cash disbursements to prevent theft or fraud.
To gain an understanding of the operating activities in relation to cash and cash
equivalents, the auditor reviews the control environment and management processes in
place. If this evaluation suggests that the risk of material misstatement relating to cash
transactions is high as a result of inadequate controls in place, or the suspicion that cash
theft or fraud has occurred by an employee or management, the auditor may consider it
necessary to extend the normal audit procedures over cash and cash equivalents.
e auditor develops the audit procedures aimed at uncovering the potential theft or
fraud based on the evaluation of the nature of the internal control deficiencies identified, the
type of cash misappropriation likely to result from the deficiencies, and the specific audit
procedures that will be most effective in uncovering the misappropriation.
Figure 14.2: Cash and bank
14.2.2.2 Misappropriation of cash

e risk of theft or fraud occurring, either before or after the recording of cash in the entity,
affects the occurrence and completeness of significant cash receipts transactions and the
existence and completeness of the year-end cash balance.
WHY? Why is cash misappropriation usually dif cult to detect?

Fraudulent acts relating to cash misappropriation are often dif cult to
detect, as they arise from theft of the entity’s assets usually accompanied
by false records or documents. These documents are often created by
circumventing controls in order to conceal the missing funds and often
involve the collusion of more than one staff member of the entity, thus
increasing the dif culty of detection.
How can this be addressed in the audit approach?
Auditors should modify the nature of the audit procedures to obtain more
reliable audit evidence and increase the extent of audit testing in areas
where they identify either a lack of controls or the possibility that collusion
or override could have occurred. They should also apply increased
professional scepticism and perform more unpredictable testing in areas of
high risk.
14.2.2.3 Audit procedures with regard to cash misappropriation

Various cash misappropriation techniques are addressed in Chapter 6 in section 6.4.2.2.
Lapping (i.e. the rolling of cash) is a fraudulent act that involves concealing the theft of cash
in an entity by its employees (as explained in section 6.4.2.2.1). e auditor needs to take
cognisance of the possibility of these activities occurring, especially when the necessary
controls to prevent theft from occurring were not designed or implemented, or were not
operating effectively for the period.
Controls that should be in place to prevent/detect such thefts were discussed in Chapter
6. e auditor may perform the testing described below to identify possible instances of the
rolling of cash undertaken by employees (including management) of the entity.

As part of the audit process, the auditor has to identify and understand the specific controls
that management of the entity have designed and implemented to address the potential
fraud risk relating to cash and cash equivalents.
e auditor should be aware that controls over the receipting and depositing of cash
involve primarily manual control activities and monitoring procedures and that automated
controls usually only exist from the time the transactions are recorded.
e auditor should therefore understand and test the controls that the management of the
entity has designed and implemented:
• is usually includes evaluating the segregation of duties that is in place in the cash
process – the person receiving cash should not also be responsible for recording it or for
banking it.
• Other controls, such as management involvement in the process, management review
and oversight of cash recording and processing, should also be evaluated and, if
appropriate, tested by means of tests of controls.
• All other manual controls of audit importance in relation to the recording of cash
transactions should be evaluated and, if appropriate, tested by means of tests of controls.
is will include controls that management has implemented with regard to ensuring
that:
• All cash received is recorded immediately (e.g. receipts are issued to customers when
the cash is taken);
• All cash received is banked within a short period of time (in line with an entity policy),
avoiding cash on hand for long periods;
• All cash that is received and banked is recorded in the accounting records of the entity
within a short period of time; and
• In addition to segregation of duties, isolation of responsibility is evident in regard to all
of the above processes.
• All automated controls of audit importance in relation to the recording of cash
transactions (as per above) should be evaluated and, if appropriate, tested by means of
tests of controls.
In addition to the testing of controls as above, further substantive audit procedures to be
performed by the auditor as part of the approach to identify instances where lapping has
occurred include, amongst others, the testing of the accounts receivable balances, for
example by means of external confirmations (refer to the debtors circularisation procedures
as per section 14.3.1.6). In evaluating the responses from debtors, the auditor needs to be
alert to instances where queries are reported in respect of payment dates (e.g. the debtor
indicates that payment was made on a date before that on which it is recorded on the debtors
statement) – as this may indicate that the entity’s staff are engaging in the lapping of cash
takings.
Substantive procedures in regard to the testing of bank and cash balances (as addressed
in the sections that follow), may also assist the auditor in identifying instances where the
lapping of cash has taken place.
IN THE NEWS
Employee fraud
• Counting coins: A former Canadian bus driver stole almost $375,000 from a
public transport company over the course of seven years. He did this by hiding
coins in his bag and taking them home. He stole an average of $200 per day in
quarters, dimes and nickels before he was caught.
• Bookstore embezzlement: At an independent bookstore in North Carolina, the
bookkeeper managed to embezzle $348,975. The bookkeeper had sole oversight
of the company books, and so she would write – and cash – cheques written out to
herself without any oversight.
• Security expert goes rogue: A large communications company hired a former
‘professional’ thief as a theft-prevention specialist, because of his real-life
expertise in the security eld. In this case, the ‘security expert’ found a loophole
where he could write himself cheques (signed using a signature stamp of a co-
worker), cash the cheques, then destroy the cancelled cheques that were returned
to the company by the bank. He made false entries in the company’s accounting
records to cover his actions. Before he was caught, he managed to steal the hefty
sum of $1,138,334.
In evaluating the incidents of employee fraud above, it becomes clear that the following
weaknesses allowed the employees to perform the fraudulent activities:
• First, a lack of proper recruitment processes in the entity may have allowed these
questionable employees to have been recruited.
• Second, a significant lack of segregation of duties provided the bookstore bookkeeper and
the communications company employee their opportunities to commit fraud.
• ird, a lack of controls with regard to the recording of cash and the banking thereof
facilitated the theft of coins at the bus company.
• Finally, a lack of proper independent review of all the employees’ work allowed the thefts
to not only occur, but also go unnoticed for long periods of time.
If the auditor had identified these control weaknesses, the fraudulent activity in all three
instances (if material), would have been identified through the further audit procedures
performed.
14.2.2.3.2 Surprise cash counts

In instances where significant amounts of cash are kept on hand at an entity, the auditor may
choose to perform surprise cash counts at year-end in order to verify the amount on hand
and identify any material discrepancies. It is important that all cash be counted by the audit
staff simultaneously – otherwise the same cash can be presented by the entity’s staff for
counting more than once to conceal shortages.
A surprise cash count is a procedure that should be performed in the presence of the
entity’s cashier, by the auditor counting the physical cash on hand and comparing the
amount counted with the theoretical cash that should be on hand according to the
supporting documentation (e.g. receipts and payment/petty cash vouchers), therefore
identifying any possible cash shortages. The performance of this procedure may be
regarded as a dual-purpose test.
Audit working paper F1 (on the next page) will be used by the auditors of Ntsimbi Piping to
perform a cash count at 31 December 20X1 in order to confirm the ‘Cash on Hand’ balance
as per the year-end financial statements.
14.2.2.3 Auditing bank reconciliations
A bank reconciliation is a reconciliation prepared and reviewed by entity personnel

(who are independent of the handling and recording of cash receipts and
disbursements) and which ensures that the entity’s bank balance (per its accounting
records) reconciles with the balance per the bank’s records, by identifying and
considering reconciling items.
Depending on the size and nature of the entity and its cash/bank accounts and
the number of related transactions, this reconciliation is prepared on a daily, weekly
or monthly basis.
e preparation of bank reconciliations by the entity is a key control directly affecting the
audit of cash and bank. erefore, if the entity has in place effective bank reconciliation
procedures performed in a timely manner, the auditor will often choose to test these
reconciliation procedures using tests of controls. If the controls are found to be effective, this
will reduce the extent of the audit work required on the closing balance on the bank account
at year-end. Audit evidence provided by this testing will relate to the assertions related to the
year-end bank balance, most specifically the accuracy, valuation and allocation of the year-
end bank balance.
erefore, when performing tests of controls on the bank reconciliation, the auditor will
test the controls relating to the bank reconciliations (prepared during the entire financial
year subject to audit) in addition to obtaining an external confirmation of the bank account
balances and related information from financial institutions at year-end (i.e. a substantive
procedure is addressed in section 14.3.1.7 of this chapter).
When relying on the controls relating to the bank reconciliation, the auditor could decide
to reperform a bank reconciliation that has been prepared by the entity personnel, thereby
evaluating the control procedures and the effectiveness thereof. e auditor also inspects
evidence (e.g. signature on the reconciliation) that the reconciliation was reviewed by entity
management and that any necessary reconciling items have been adequately investigated (to
ensure their validity, accuracy and completeness).
14.2.2.3.1 Substantive procedures

When auditing the bank reconciliations on the year-end bank balances, the auditor tests that
the account balances in the entity’s records at year-end have been properly reconciled to the
balances on the related bank statements and, in doing so, obtains substantive audit evidence
of the entity’s bank balance(s) at the end of the financial reporting period.
When reviewing the year-end bank reconciliation(s) as part of substantive procedures,
the auditor reviews and evaluates the reconciling items for validity (i.e. whether they should
be on the reconciliation) and accuracy (i.e. are the amounts reflected for the reconciling
items correct). e auditor will, for example, have to investigate the reasons for long-
outstanding items on the reconciliation, such as any outstanding payments (e.g. cheques
and EFTs) to ascertain if they are genuine, and obtain evidence to verify that the amount
reflected is correct.
For entities using EFTs primarily, reconciling items is normally considerably less
prevalent than in cheque-based systems, as transfers and payments typically take place
simultaneously or within a short period of the items being recorded by the entity in its
records.
e auditor should perform the following substantive tests of details on bank reconciliations:
• Agree the bank statement balance and general ledger balance reflected in the
reconciliation to the monthly bank statement and the bank account in the general ledger
respectively;
• Reperform all castings and calculations on the bank reconciliation;
• Review all reconciling items, assessing for logic and reasonableness;
• Review subsequent bank reconciliations the following week or month (depending on the
frequency of preparation) in order to verify that the reconciling items have since been
resolved and thus no longer appear as reconciling in the subsequent reconciliation;
• Where reconciling items are material, obtain and inspect the relevant supporting
documentation, such as outstanding payment documentation and proof of deposits
(either electronic or manual) to verify that they should appear in the reconciliation, and
are reflected in the correct amounts; and
• Verify, by inspection of the adjusting journal entries, that errors or omissions identified in
the bank reconciliation that relate to the accounting records of the entity have
subsequently been corrected in its accounting records.
WHY? Why is the testing of bank reconciliations often referred to as a ‘dual-

purpose test’?
In answering this question, rstly consider the nature of a dual-purpose
test. Also consider the auditor’s purpose for testing the reconciliations (i.e.
what evidence is the auditor attempting to obtain?).
14.2.2.3.2 Professional scepticism and performing other audit procedures

An attitude of heightened professional scepticism should always be maintained during the
performance of audit procedures on bank reconciliations, as entity personnel engaging in
fraudulent activity may very often use the year-end bank reconciliation to cover cash theft.
Hiding the theft in the bank reconciliation usually occurs by manipulating the reconciling
items and/or including fictitious reconciling items.
e auditor should follow the following procedures:

• To address this risk and to identify cash shortages as part of the audit process, the auditor
should always obtain a cut-off bank statement.
A cut-off bank statement is a bank statement required by the auditors, usually for a
period of 7 to 10 days after the end of the reporting period, in order to test
reconciling items present in the bank reconciliation and the clearing of these items.
A cut-off bank statement is also used in performing an unrecorded liabilities test
(referred to previously in Chapter 13) in auditing the completeness of liabilities and
accruals recorded in the entity’s nancial statements.
• To identify long-outstanding and suspicious items, the auditor should also consider
extending the audit procedures on the bank reconciliation to examine the reconciling
items in prior months’ bank reconciliations and compare these to those of the current
month. is may provide evidence of items that have remained outstanding for a length of
time and are thus indicative of matters that may require further audit investigation.
• Any journal entries processed to the bank account in relation to items that appear to be
reconciling have to be thoroughly investigated and corroborating evidence obtained.
• In an entity that has a number of bank accounts (such as Ntsimbi Piping), the risk of the
fraudulent misstatement of the bank balances through transfers between the various
bank accounts is a matter that the auditor has to consider, as well as the possibility of
misstatements resulting from transfers of funds that have occurred from or to bank
accounts of related entities.
Below is the bank reconciliation for one of Ntsimbi Piping’s bank accounts (‘Bank Balances’
in note 7 of its 20X1 annual financial statements). It is important to note that a bank
reconciliation would also have been prepared by Ntsimbi Piping’s staff for the company’s
‘bank overdraft’, although not provided in this text.
NTSIMBI PIPING (PTY) LTD RECONCILIATION OF REALITY BANK CURRENT ACCOUNT

AT 31 DECEMBER 20X1
NTSIMBI PIPING (PTY) LTD RECONCILIATION OF REALITY BANK CURRENT ACCOUNT
AT 31 DECEMBER 20X1
R
Closing balance as per 11,367

cash book – 31 December
20X1 (A)
Add: Outstanding payments 3,150

(C)
Cheques
Chq 564 R2,360
Chq 581 R790
Less: Outstanding deposit (5,230)

(D)
Balance as per Bank 9,287

Statement – 31 December
20X1 (B)
In auditing the above reconciliation, the auditors have to perform the following audit
procedures:
• Reperform the casting of all amounts/totals in the reconciliation to ensure accuracy
thereof;
• Agree the amount per (A) to Ntsimbi Piping’s cash book, trial balance and annual
financial statements;
• Obtain Ntsimbi Piping’s bank statement for the period ending 31 December 20X1 and an
external confirmation from the bank at 31 December 20X1, and agree these to the balance
per (B);
• Obtain Ntsimbi Piping’s bank statement for January 20X2 and inspect that the amounts
per (C) have cleared after year-end. Follow up by inspecting supporting documentation to
verify the accuracy and validity of the reconciling items for any items that do not appear
on the January 20X2 bank statement;
• Obtain Ntsimbi Piping’s bank statement for January 20X2 and inspect that the deposit per
(D) is reflected within the first few days after year-end (to verify that it relates to a cut-
off/timing difference); and
• Verify, by inspection of the deposit/EFT receipt documentation, that the effective deposit
date for the deposit per (D) is before year-end. Follow up on any discrepancies in this
regard.
14.2.3 Inventory: Attendance of inventory counts

In order to gather audit evidence about the existence and completeness of inventory, it is
generally necessary to attend and observe the inventory count performed by the entity at the
end of its financial reporting period.
Inventory counting procedures were discussed in Chapter 8. Make sure you review that
discussion before reading this section, which focuses on the auditing aspects of the inventory
count.
WHY? Why is the client’s inventory count relevant to the audit?

If inventory is material to the client’s nancial statements, unless
impractical, the auditor should attend and observe the client’s year-end
inventory count, as this is an important audit procedure to obtain suf cient
appropriate evidence of the existence of inventory on hand at year-end (by
inspecting quantities and type of inventory on hand at year-end). Some
evidence about the completeness of inventory is also obtained as well as
about the valuation of the inventory (by the auditor inspecting the condition
of the inventory to identify where the net realisable value of the inventory
may be below its cost).
The auditor’s involvement in an inventory count is addressed in ISA 501
(Audit evidence – Speci c considerations for selected items).
14.2.3.1 Audit evidence obtained when the auditor attends a client’s inventory
count
e auditor observes the client’s staff undertaking the inventory count in order to determine
whether inventory recorded in the accounting records at the end of the reporting period is
correctly counted by the entity’s staff, and hence actually exists. Depending on the auditor’s
risk assessment, the planned audit approach and the nature of the specific audit procedures
carried out during the attendance of the count, the audit procedures performed may serve
as:
• Substantive procedures, providing direct evidence of the existence of inventory and
possibly its completeness and valuation (depending on the nature of the entity and its
inventory); and also
• Tests of controls providing evidence of the operating effectiveness of management’s
controls over the inventory count.
CRITICAL THINKING
Is the auditor responsible for conducting the inventory count?
No – the management of an entity establishes procedures under which inventory is
physically counted, at least once a year (sometimes more regularly) in order to
determine whether the existence and completeness of the inventory that will be
included in the nancial statements and, if applicable, to ensure the reliability of the
entity’s perpetual inventory system (refer to Chapter 8 for the details of these
procedures). Therefore, the entity is responsible for undertaking an accurate physical
inventory count by planning, performing and recording the count.
14.2.3.2 Audit considerations

Obtaining an understanding of the client’s industry and nature of the business is vital when
planning to attend the physical inventory count as the nature of inventory obviously varies
significantly for different entities (e.g. a client in the agricultural industry producing maize
versus a client in the retail clothing industry).
In addition, the auditor should also consider:

• e inherent risks of material misstatement with regard to the inventory account balance;
• Whether the entity maintains a perpetual inventory system or a periodic inventory system
(refer to section 7.1.7 of Chapter 7 for a description of these two systems);
• e nature of the internal controls around inventory; and
• e locations at which inventory is held (e.g. at various branches, factories or mines),
including:
• e significance of the inventory at each location;
• e risks of material misstatement at the various locations (should the inherent and
control risk factors differ between locations); and
• Whether the storage facilities are those of the entity or a third-party storage provider
(who also holds inventory for other entities).
14.2.3.3 Audit procedures in respect of the inventory count
14.2.3.3.1 Audit procedures before the count

e auditor begins by obtaining and evaluating management’s instructions and procedures
for recording and controlling the results of the inventory count and assessing whether these
are adequately designed and appropriate in the circumstances. Among other things, the
auditor should determine whether the count will be performed by competent staff,
preferably counting in teams of two or more people, whether there will be proper controls
over stationery/count sheets and whether all items counted will be properly marked as such
by the counting teams.
e auditor should gain an understanding of the warehouse or area where the inventory
is kept by taking a tour beforehand if possible, observing and noting how inventory is packed
and identifying items that may be difficult or impractical to count, in order to discuss
promptly any alternative arrangements with management.
14.2.3.3.2 Audit procedures during the count

To draw audit conclusions about the physical inventory on hand, the auditor observes and
evaluates the following count procedures of the client to ensure that the count is performed
competently and in compliance with management’s count instructions.
e following will be focused on specifically:

• e issuing of sequentially numbered count sheets to the respective staff members, the
signing thereof and the recording of the numbers in a register;
Whether the counts are being done in teams of two, with one person counting and the
•
other recording the results of the count;
• at supervision and control is exercised by senior staff with tests on the counts
performed by the count teams and that senior staff authorise and sign all changes on the
count sheets;
• at there is control over the completed physical inventory count sheets, accounting for
unused physical inventory count sheets, and count and recount procedures;
• Whether there are controls in place over cut-off and the movement of inventory between
areas and dispatch and receipt of inventory before, during and after the count – in other
words, that no movement of work-in-progress or finished goods occurs during the count
or, if this is not possible, that any movement is closely monitored; and
• at all inventory items, once counted, are marked with stickers or other identifying
means as having been counted.
e auditor performs test counts to corroborate the effectiveness of the controls performed
by the client’s staff during the count. Test counts are carried out as follows:
• Tracing a sample of items selected from the entity’s inventory count records and
inspecting the physical inventory items (and agreeing the quantities) to verify their
existence;
• Tracing a sample of items selected from the physical inventory on hand to the entity’s
inventory count records (and agreeing the quantities) to verify the completeness of
counting and recording; and
• Based on the above findings, advising management of any differences noted.
Note: When using the inventory count as a substantive procedure to provide audit evidence of
the existence of inventory and not merely as a test of controls (attending the count may be a
dual-purpose audit test), the auditor should include items in the sample that are high in value
and/or high risk (in order to obtain the sufficient appropriate evidence required in relation to
the year-end inventory balance).
e auditor during his or her attendance at the inventory count must be on the lookout for
slow moving, obsolete or damaged items of inventory.
WHY? Why is being on the lookout for slow-moving, obsolete or damaged items
of inventory important?
This may indicate areas where write-downs or write-offs of inventory are
required and where obsolescence allowances have to be raised (as
required by IAS2) which will provide evidence about the accuracy, valuation
and allocation of inventory assertion. (Such allowances may not have been
raised or may be over or understated.)
CRITICAL THINKING
What should the auditor look at to identify slow-moving, obsolete or damaged
items of inventory?
There are various possibilities depending on the nature of the inventory items, for
example:
• Use-by dates that have expired on inventory items (such as foodstuffs or
medications);
• Products that may have been damaged by water or other means (such as dented
food tins) and may not be saleable or may need to be sold at reduced amounts;
• Items that may be cracked or chipped (such as glass or ceramic items);
• Rust on inventory items (such as metal items and locks); and
• Inventory that may be old stock and therefore obsolete, (such as technological
items – older model cellular phones, tablets and other computer-related
inventory).
In the Ntsimbi Piping audit, with the company’s principal products being pipes and
mouldings, in attending its year-end inventory count on 31 December 20X1, the auditors will
have to be aware of possible damaged pipes and mouldings that may need to be written down
or written off completely due to their net realisable value being below cost.
When auditing a manufacturing entity, the auditor should be alert to work-in-progress (i.e.
inventory items that are still in the process of manufacture) at year-end. e auditor should
utilise his or her understanding of the business to assess the risk associated with this
component of the inventory balance, and determine the appropriate audit response.
However, with the auditor sometimes having insufficient specialist knowledge of these items,
it is not always easy and possible to identify the quantity of work-in-progress and/or its stage
of completion. In such cases, assistance of an auditor’s expert (or management’s expert) may
be considered in obtaining sufficient appropriate audit evidence. e use of experts is
discussed in section 14.3.4.2.1 of this chapter.
Reliance on the work of an expert may also be required where estimating of the physical
quantities of completed inventories (finished goods) is complex and requires specialised
knowledge, for example estimating the physical quantity of items in the agricultural and
mining industries.
If any material inventory is held by a third party such as by an agent on consignment,
external confirmation of the balances on hand may be required by obtaining representations
from the third party. Depending on the risk of material misstatement, the significance of this
inventory and the integrity and objectivity of the third party, the auditor may also have to
obtain further audit evidence regarding the existence and condition of this consignment
inventory.
CRITICAL THINKING
What other procedures are available to verify the existence and condition of
consignment inventory?
Depending on the circumstances, further audit procedures may include:
• Attending the third party’s physical inventory count;
• Arranging for another auditor to attend the third party’s inventory count;
• Obtaining an audit opinion from the third party’s auditors to verify the adequacy of
the internal controls for ensuring that inventory is properly counted, and
adequately safeguarded to protect from both theft and damage, at the third party;
and
• Inspecting documentation, such as consignment contracts and warehouse
receipts, regarding inventory held by third parties.
14.2.3.3.3 Audit procedures in concluding the count

In practice, many auditors obtain copies of management’s completed physical inventory
count records/count sheets to avoid the possibility of these being altered after the count. is
allows the auditor to perform subsequent audit procedures to determine whether the entity’s
final inventory records (as per the inventory master-file) accurately reflect the actual
inventory count results.
e auditor should document any observations made during the count process, noting
any weaknesses in the inventory count procedures and report these to management.
CRITICAL THINKING
Does the auditor verify the rights assertion for the inventory account balance at
the count?
The inspection of inventory by the auditor does not provide evidence about the
entity’s ownership of the inventory at year-end.
The auditor must be alert to the possibility that some inventory on hand at year-
end (evident at the count) may be held by the entity on consignment and should not
form part of the entity’s year-end inventory balance.
This must be considered as part of the inventory count audit procedures. The
same applies for inventory already sold but still on the entity’s premises awaiting
collection by customers.
14.2.3.4 Other audit considerations
14.2.3.4.1 If inventory is held in multiple locations

In many instances, inventory may be held at multiple locations (retail outlets/factories). If it
is determined that attendance at these other locations is necessary, this will have to have
been considered as part of the overall audit strategy. e overall audit strategy may state that:
• It is necessary for audit staff to visit these other locations to perform inventory counts;
and/or
• Other auditors are to be appointed to attend inventory counts at specified locations on
behalf of the entity’s auditor (e.g. should the locations be in remote areas where it is
impractical to send an audit team). Reliance on the work of other auditors is addressed in
section 14.3.4.3 of this chapter.
14.2.3.4.2 If the auditor cannot attend the inventory count

If attendance at the physical inventory count is absolutely impractical, for example, if
significant inventory is held in an area that may pose a threat to the safety of the auditor,
alternative procedures to obtain sufficient appropriate audit evidence about the existence,
completeness and condition (valuation) of inventory will have to be performed. is may
include verifying the subsequent sale of material inventory items that were on hand at the
time of the client’s physical inventory count, to obtain evidence of the existence and
valuation thereof. In order to test the completeness assertion, audit procedures may include,
amongst others, selecting samples of purchase documents and agreeing these to the
financial records, and investigating any material write-offs of inventory balances.
If, however, other procedures are not possible or do not provide sufficient appropriate
audit evidence about the existence, completeness and/or condition of the inventory, the
effect of this scope limitation on the auditor’s report will have to be considered (as addressed
in section 15.5.3 of Chapter 15).
WHAT What if the auditor is only appointed as auditor of the entity after the end
of the nancial period subject to audit (therefore after the inventory
IF? count has occurred)?
It has to be considered whether suf cient appropriate audit evidence can
be obtained by alternative audit procedures, such as possibly counting on a
later date and performing roll-back procedures, in terms of which material
changes in inventory in the intervening period are veri ed in order to
recreate the inventory balance at year-end.
If, however, suf cient appropriate audit evidence cannot be obtained,
the effect of this matter on the auditor’s report will have to be considered.
Note: The above audit approach may also be necessary if the entity’s physical
inventory count is conducted at a date other than the end of the nancial
reporting period.
14.2.4 Creditors reconciliations
A creditors reconciliation is prepared by the entity’s staff in order to reconcile the

balance on the statement of account of an individual supplier with the balance on the
supplier’s account in the entity’s creditors ledger.
14.2.4.1 e creditors reconciliation process

Supplier statement reconciliations (also known as creditors reconciliations) were discussed
in Chapter 7. Make sure you review this before reading this section, which focuses on the
auditing aspects of creditors reconciliations.
14.2.4.2 Auditing creditors reconciliations

As part of the audit procedures to be performed on trade payables, the auditor will gain an
understanding of the creditors reconciliation process and related controls, and, if deemed
appropriate, test any relevant controls over it and select and test a sample of creditors
reconciliations prepared by the entity’s staff.
Reconciling items (which will be reflected in the creditors reconciliation) may arise for the
following reasons:
• e creditor may have prepared his or her statement on a different date from the date for
which the entity is performing the reconciliation. is is common in practice as many
suppliers close off their monthly accounts several days before the end of the calendar
month (e.g. on the 25th of the month), and this balance may therefore differ from the
balance on the supplier’s account in the creditors ledger on the last day of the month
(which is used for the entity’s financial reporting purposes).
• Transactions may not have been recorded by either the entity or the creditor due to
timing differences or errors:
• Invoices may have been omitted or recorded incorrectly.
• Credit or debit notes may have been omitted or recorded incorrectly.
• Amounts paid to the creditor or discounts allowed may have been omitted or recorded
incorrectly.
• Arithmetical errors may have occurred.
• Interest may have been charged by the creditor for an overdue account, but not been
recorded by the entity.
• Creditor balances may have been materially misstated by the entity as a result of
fraudulent activity, thus resulting in invalid reconciling differences.
WHY? Why would creditor balances have been intentionally materially

misstated?
Think about if:
• Management wishes to create a better nancial picture of the entity; or
• An employee/management has purchased items (such as inventory or
stationery) for personal use through the entity.
Would the creditor balance(s) be overstated or understated as a result of
each of the above?
14.2.4.2.1 Audit procedures – Tests of controls

In auditing the reconciliations, the auditor should first evaluate the appropriateness of the
design and implementation of the system, that the entity has in place in regard to creditor
reconciliations.
In order to evaluate this, the following risk assessment procedures should be performed:
• Assess, by enquiry and observation, the competence and efficiency of the creditor’s clerk
in order to evaluate the probability of the prevention of errors occurring;
• Evaluate, by inspection of the organisational chart and enquiry, the segregation of duties
among members of the accounting department to verify that one person serves as a check
on another;
• Evaluate, by enquiry, management’s involvement in the process, for example, the extent
of management review of the reconciliations prepared, as well as their follow-up of
material reconciling items; and
• Evaluate whether, if applicable, an internal audit function in the entity conducts reviews
of the reconciliation process.
If these controls are in place, and then tested for operating effectiveness through tests of
control (such as enquiry of management, inspection of reconciliations, inspection of the
work of internal audit, if applicable) and found to be effective, this will ensure accuracy of
calculations and entries recorded, thus minimising the possibility of fraud or error. e
extent of substantive tests of details required to be performed on the reconciliations will thus
be reduced.
14.2.4.2.2 Audit procedures – Substantive tests of details

e auditor should perform the following substantive tests of details on creditors
reconciliations:
• Agree the balance per ledger and balance per creditor statement amounts reflected in the
reconciliation with the balances on the creditor’s statement and the creditor’s account in
the creditors ledger at the end of the reporting period respectively.
• Reperform all castings and calculations on the reconciliation.
• Inspect all reconciling items, assessing for logic and reasonableness.
• Inspect subsequent creditor reconciliations the following week or month (depending on
the frequency of preparation) in order to verify that the reconciling items have since been
resolved and thus no longer appear as reconciling in the subsequent reconciliation.
• Where reconciling items are significant and it is assessed to be necessary, obtain and
inspect the relevant supporting documentation for dates, amounts and details, such as:
• Proof of EFT, cheque or cash payments that were made and recorded by the entity
before the end of the reporting period but are not reflected on the creditor’s statement;
• Invoices/GRNs for items purchased and recorded by the entity before the end of the
reporting period that were not reflected on the creditor’s statement; and
• Debit notes passed for items returned and recorded by the entity before the end of the
reporting period that were not recorded as such on the creditor’s statement.
• Ensure that errors or omissions identified in the reconciliation that relate to the
accounting records of the entity have since been corrected in its accounting records, by
inspecting any journal entries recorded in respect of these.
• With regard to arithmetical errors, omissions or duplications that have been made by the
creditor on the creditor’s statement, inspect the relevant correspondence sent to confirm
that the client has notified the creditor so that the necessary corrections can be made by
the creditor.
14.3 What are the requirements of International

Standards on Auditing for dealing with speci c
complexities that may be encountered when
performing audit procedures?
14.3.1 External confirmations
Rather than relying only on evidence obtained from the auditee itself (e.g. the auditee’s
records and staff ), or by the auditor himself (e.g. physical inspection and reperformance),
the auditor may wish to confirm/corroborate some of the information contained in the
auditee’s records with knowledgeable third parties. ISA 505 directs the auditor as to how to
go about performing external confirmations.
An external con rmation is a written response obtained directly from a third party, in
paper or electronic format, that may be used by the auditor as an effective way of
obtaining suf cient appropriate audit evidence about items such as the entity’s
account balances, contracts, terms of agreements and speci c arrangements with a
third party.
Yielding audit evidence that is ordinarily more reliable than that obtained from the entity’s
management and staff, third party external confirmations are commonly used in practice by
auditors to confirm or request information in respect of items such as bank balances,
accounts receivable balances, loans from/to third parties and inventory held by/for other
entities on consignment. Also, where complex or unusual transactions may have been
entered into, the auditor may attempt to confirm the third parties’ understanding of the
terms and conditions in order to verify whether their client has correctly accounted for and
disclosed the transactions.
14.3.1.1 Design of the confirmation request

When designing the confirmation request, the auditor should consider the specific
assertions being addressed and tailor the request accordingly. Depending on the nature and
content of the confirmation being sought, external confirmations may provide audit
evidence to support various assertions, such as existence, rights and obligations and, in
some circumstances, accuracy, valuation and allocation and completeness. Other factors to
consider during the design of the confirmation request include the specific identified risks of
material misstatement, the nature of the information being confirmed, and the intended
response.
14.3.1.2 Types of requests

Positive confirmation requests ask the respondent to reply in all cases, by indicating either
agreement or disagreement with the information presented (e.g. a debtor’s outstanding
balance), or by providing information (e.g. about the respondent’s understanding of contract
terms). A negative confirmation request requires a response only if the respondent
disagrees with the information presented.
erefore, negative confirmation requests yield less persuasive audit evidence than
positive confirmation requests. Although in comparison, positive confirmation requests will
result in additional audit work should they not be returned, they are expected to provide
better quality and thus more reliable audit evidence. e auditor chooses which type of
request is the more appropriate in the particular circumstances on the basis of the desired
level of detection risk and consequently the nature and extent of audit evidence required.
14.3.1.3 Sending the confirmation request

When requesting written confirmations from respondents, the auditor should retain full
control over the process in order for the audit evidence to be reliable, by excluding
involvement from the entity’s management and staff. However, prior to a confirmation
request being sent by the auditor, management authorisation must be obtained and this
should be indicated in the request, in order for the third party to have the right to disclose the
information directly to the auditor.
Owing to the ever-increasing use of technology in the current day business environment,
confirmations may be sought in an electronic format, such as by email.
CRITICAL THINKING
What audit concerns arise in regard to con rmations received in electronic format?
Using this format may reduce the reliability of responses (e.g. obtained via email), as
responses may have been intercepted and amended in the process. The auditor
therefore has to be sure that such process is properly secured and controlled
through various electronic systems and controls, such as encryption of the data, use
of secure data transmission lines, and the use of digital signatures.
14.3.1.4 Responses to the confirmation request

Exceptions identified from the responses received from third parties, as well as non-
responses to confirmations, must be considered, as these may indicate misstatements
and/or previously unidentified risks of material misstatement. In these instances, the
assessed risk of material misstatement and planned audit procedures may have to be
modified accordingly. For example, in the case of loan confirmations being returned by third
parties with material differences identified between the amounts confirmed and the entity’s
records, the auditor will increase the assessed risk of material misstatement in relation to the
account balance and may modify the nature and/or extent of further audit procedures to be
performed (e.g. by extending the sample size originally used for the confirmation process).
If responses are received but yield insufficient audit evidence to address the risk of
material misstatement, or if no response is received and alternative evidence cannot be
obtained by any other audit procedures, the auditor has to consider the effect on the
auditor’s report.
WHY? Why must the auditor consider the relationship of the respondent to the
entity?
As all con rmation responses received have to be assessed for reliability of
audit evidence, the auditor should not merely accept con rmations without
consideration of the competence and objectivity of the respondent and the
con rmation process followed.
The auditor should therefore, for example, ascertain that the
respondent is not related to the entity, and that the entity’s management
had no involvement in the response.
If this is not done, a con rmation of a loan balance received from a
related party, may state that the balance is correct even though it is
materially misstated and/or material information was intentionally withheld.
In other words, the auditor would fail to detect a material misstatement in
14.3.1.5 If external confirmations cannot be performed

Given that third parties to whom the confirmation request is directed will respect the
confidentiality of the auditee’s information, and given the auditor’s duty to respect the
confidentiality of information obtained during the audit, the auditor should obtain the
permission/support from the auditee’s management to undertake the external confirmation.
If the auditee’s management asks the auditor not to send confirmation requests to certain
third parties, the auditor has to exercise professional scepticism in considering whether this
request is valid and reasonable. is is because there is the risk that management may be
attempting to deny the auditor access to audit evidence that could possibly reveal fraud or
error.
What happens if the auditor is asked by management not to carry out the confirmation
and does not accept the validity of management’s request? If sufficient appropriate audit
evidence cannot be obtained through alternative audit procedures, the auditor will have to
consider the effect on the audit report and the implications for risk assessment and the
remainder of the audit process. (is would be considered to be a scope limitation, addressed
in section 15.5.3.2 of Chapter 15).
14.3.1.6 Illustration of an external confirmation: Debtors circularisation

A debtors circularisation is a substantive test of details often performed as part of
the audit procedures on the year-end accounts receivable balance. Some, or all, of
the debtors of the auditee making up the balance are requested to con rm their
outstanding balances directly to the auditor through written con rmation, verifying
that the recorded debtors’ amounts outstanding are correct, or if the debtor
disagrees, assisting the auditor in identifying areas of difference.
14.3.1.6.1 How is this procedure performed?

e overall approach to a debtors circularisation is described below (the process is
addressed in more detail in the remainder of this section).
e auditor will do the following:

1. Obtain the client’s consent to perform a debtors circularisation (i.e. to send
confirmation requests to debtors of the entity).
2. Select the date at which the debtors’ circularisation is to be performed (generally at the
end of the financial reporting period unless early verification procedures are being
adopted – e.g. due to a tight deadline).
3. Select the type of confirmation requests that will be utilised for the circularisation, either
positive or negative confirmation requests.
4. Prepare the confirmation requests, which will be addressed from the entity to the
debtor, with a request that the debtor replies directly to the auditor.
5. Select the debtors that the auditor wishes to circularise and obtain the entity
management’s acceptance thereof.
6. Send the confirmation requests to the debtors that have been selected.
7. Monitor responses, and send reminders (or second requests) to non-repliers, or follow
up with other methods of contact, such as telephonically.
8. Evaluate the replies received. is will entail:
a) Comparing the amount acknowledged in the debtor’s reply with the amount
recorded in the client’s debtors ledger/master file; and
b) Following up on and investigating any differences noted.
9. Conclude whether the audit objectives of the debtors circularisation have been
achieved.
10. Perform alternative audit procedures on balances for which no replies were received.
A positive debtors confirmation request (including the response by Ntsimbi Piping’s
debtor, Jembo Piping) is illustrated on the next page.
12 February 20X2
Dear Sir/Madam
Please examine the accompanying statement of balance outstanding as at 31

December 20X1 and con rm its correctness. Should you disagree with the
balance, please report any differences.
The above should be done by reporting directly to our auditors, who are currently in
the process of auditing our nancial statements, namely:
Nolands Inc.
Registered Auditors
Cape Town
Your prompt attention to this request would be appreciated. Please use the
enclosed envelope to submit your reply.
Yours sincerely
L Losper
Financial director
_______________________________________________________________________
Con rmation:
The balance of R836,544, owed by us as at 31 December 20X1, is correct except
as noted below:
Our EFT payment made on 30 December 20X1 in the amount of

R23,500 is not reflected in the balance
Jembo Piping
Respondent’s name: Freddy Hudson

Respondent’s position: Senior creditors clerk
Date 19 March 20X2
Although the entity subject to audit is required to provide the auditor with contact details of
its trade debtors, as well as provide letterheads on which the confirmation requests are
prepared, the auditor should maintain full control over the debtors circularisation process to
avoid any room for management manipulation.
CRITICAL THINKING
Which audit objectives/assertions does the debtors circularisation address?
An accounts receivable con rmation will provide evidence of the existence of the
trade debtor and the occurrence, accuracy and cut-off assertions of the classes of
transactions making up the debtor’s balance.
Why is the valuation component of the accuracy, valuation and allocation assertion
not addressed by the con rmation?
Evidence of recoverability of the outstanding balance is not obtained – the debtor is
merely con rming that they owe the amount stated at the speci c date, not that they
can and will pay the full amount owing – the valuation thereof is not con rmed by
means of a con rmation.
Why is completeness not addressed by the con rmation?
Due to the nature of a con rmation request, it is unlikely that a debtor will advise of
understatement of the balance that has been provided to them for con rmation (i.e.
as a result of omissions/errors that the client has made).
Why is the rights assertion not addressed by the con rmation?
The con rmation does not provide evidence that the client has the right to the asset
– the amount may have been provided as security for a loan or ceded, and the debtor
will not be aware of this.
Other auditing procedures need to be conducted in order to obtain suf cient
appropriate audit evidence relating to the above assertions.
14.3.1.6.2 How does the auditor decide which and how many trade debtors to select?
CAATs (addressed in section 14.4 of this chapter) are often used in practice to select
the sample that is required for the debtors circularisation process.
e key factors that affect the auditor’s selection decision are the magnitude of the total
accounts receivable balance, the risk of material misstatement (both inherent and control)
relevant to the existence of the accounts receivable balance, and the number and size of
individual debtor accounts. When selecting accounts, the auditor will want to include the
accounts most likely to contain material misstatement. e emphasis will usually be on
selecting larger and long-outstanding balances for confirmation, as the existence of these
balances will need to be confirmed to verify that the balance is not overstated either
fraudulently or in error.
e effectiveness of using confirmations as a means of obtaining audit evidence, as well
as the availability of other audit evidence relating to the existence of debtors assertion, are
other key factors for the auditor to consider in determining the number of trade debtors to
select.
14.3.1.6.3 Types of confirmation requests that can be utilised

Either positive or negative debtors confirmation requests may be used. Positive
confirmation requests, in terms of which the debtor is requested to confirm the balance
outstanding (whether in agreement or not), provide better quality audit evidence. However,
risks exist, first confirmation requests not being returned, and second that a respondent may
reply without actually verifying that the information presented by the auditor in the
confirmation request (e.g. the outstanding balance) is correct. Using confirmations that do
not reflect the balance outstanding (i.e. this has to be filled in by the debtor) addresses this
risk, but these are not commonly used in practice because they often result in significantly
lower response rates.
Negative confirmation requests require a response from respondents only if they
disagree with the information presented to them. Negative confirmation requests provide a
less reliable source of audit evidence, and for this reason this type of confirmation request is
less commonly used by auditors.
WHY? Why do you think that negative con rmation requests are a less reliable
source of audit evidence?
Guidance: Consider what the auditor would conclude, should no response
be received. Will this conclusion always be correct? Why is this so?
How does the auditor decide on the type of con rmation to use?
Negative confirmations are a more effective method for the auditor to use when:
• e risk of material misstatement of the accounts receivable balance is lower;
• e total balance consists of a large number of small balances relating to debtors that are
not businesses (i.e. the debtors are individuals);
• A large number of errors is not expected; or
• e auditor does not believe that the respondents will disregard the confirmation
requests.
Negative confirmations are therefore typically used in audits in which accounts receivable
are due from the general public, such as in the banking, medical (hospital) and retail
industries. If, for example, the client is a clothing retailer that sells to the general public on
credit, and has a large number of individually small amounts owing by its customers who are
unlikely to maintain formal records of their accounts, the likelihood of receiving a high rate
of responses is low. Practice has shown that few individuals actually take the trouble to reply
to the confirmation requests.
However, if the entity’s customers comprise mainly other business entities with relatively
large outstanding balances that are likely to have appropriate records of accounts payable
and are thus in a position to respond to a confirmation request, a positive confirmation
request will be utilised. Although, this having been said, it also has to be considered whether
the debtors to whom the confirmations are sent pay on invoice, as, should this be the case,
they will not be in a position to confirm outstanding balances, but rather only individual
invoices outstanding.
Auditors may, and often do, use a combination of these confirmation types where a small
number of large debtors balances and a large number of small debtors balances exist at the
date to which the confirmation pertains. Positive confirmation requests are sent to debtors
with large balances and negative confirmation requests to debtors with small balances.
14.3.1.6.4 Practicalities of the debtors circularisation process

e evidence obtained from confirmations is most reliable when the requests are sent as
soon as possible after the end of the reporting period. However, receiving confirmations back
timeously is usually a challenging task for auditors. It frequently requires various types of
follow-up procedures, including second and even third request letters, as well as other
possible forms of communication, such as telephonic and email contact, to remind the
respondents to respond.
erefore, the confirmation requests may be sent before the financial year-end, for
example, where the client has a reporting deadline that is very close to the year-end – so as to
enable the audit team to meet the tight deadline.
However, if this method (early verification) is adopted, the auditor will have to reconcile
the accounts receivable balance at the confirmation date to that at the end of the reporting
period. is is usually done by means of performing roll-forward procedures in terms of
which material movements in the account balance are verified by means of additional audit
procedures.
CRITICAL THINKING
What procedures does roll-forward entail?
The auditor obtains evidence about the nature and extent of any signi cant changes
in internal controls over accounts receivable during the period after the date of the
con rmation and the end of the reporting period and performs tests of controls to
test their operating effectiveness during the roll-forward period, where necessary.
The auditor starts with the debtors balance that has been con rmed (thus audited)
at the date of the con rmation and then performs substantive roll-forward procedures
that may include selecting:
• Material credit sales transactions recorded during the period and agreeing them to
the relevant supporting documentation (such as invoices);
• Material receipts recorded during the period and agreeing them to bank
statements; and
• Other adjusting journals and entries and agreeing them to the relevant supporting
documentation (e.g. credit notes).
CRITICAL THINKING
How should the auditor maintain professional scepticism in the circularisation
process?
With regard to a low response rate or no responses on material balances:
• The auditor should always bear in mind that there is the risk that the client has
fraudulently altered a debtor’s address provided to the auditor.*
• The auditor may therefore consider it necessary to test the correctness of
debtors’ addresses by:
• Reference to any recent correspondence with the debtors;
• Agreeing the debtor’s details appearing on the monthly statement to the details
on the debtors master le; and
• Other means, such as internet searches or visiting the debtor’s website
address, to verify the contact details that the client has provided.
* (WHY might the entity have altered one or more of the debtors addresses provided
to the auditor? In answering, think about the risk of the fraudulent overstatement
of debtors’ balances).
With regard to responses that are received:

• The auditor should also always consider the reliability thereof. This includes an
evaluation of the respondent’s authority to respond on behalf of their entity, his or
her objectivity (in relation to the entity being audited), and whether he or she is a
related party to the auditee. These factors may affect the reliability of the
con rmation as audit evidence.
14.3.1.6.5 Exceptions noted in the returned confirmations

e auditor must first distinguish between actual exceptions (errors) versus timing
differences that are reported by respondents (when responding to confirmation requests).
Exceptions (errors) may include amounts that have been erroneously recorded by the
entity (e.g. the incorrect amount for a sales transaction or payment received) and for which
an adjustment should be made by the auditee. It is also possible that the respondent is
actually incorrect in his or her response, and that there is no misstatement in the auditee’s
records.
Timing differences, however, do not give rise to misstatements of the auditee’s records.
For example, a payment may have been made by the debtor just before year-end but may not
yet have been recorded by the auditee as it would only be reflected on the auditee’s bank
statement in the first few days of the next financial year.
Since those exceptions that require adjustment in the auditee’s records indicate
misstatements in the financial statements, the auditor should always consider the reasons for
these (applying professional scepticism) and the frequency thereof. If necessary, the auditor
may need to perform additional audit procedures in order to determine if a material
misstatement exists as a result of the type of exception identified (e.g. cut-off errors).
14.3.1.6.6 Response rates that are lower than can be accepted

e auditor first needs to consider the fact that the receipt of fewer responses to confirmation
requests than anticipated may indicate a fraud risk factor (e.g. the existence of fictitious
debtors), previously unidentified, that may require evaluation in terms of ISA 240 (refer to
section 12.5.3 of Chapter 12 where fraud risk is covered) and this significant risk will need to
be addressed.
Where no response is received to a positive confirmation request, the auditor should

perform alternative substantive procedures. e objective of alternative procedures is to
evaluate by a means other than a confirmation request whether the non-confirmed account
existed and was correctly stated at the date to which the confirmation relates. ese audit
procedures may include:
• Inspection of subsequent receipts (i.e. receipts after the end of the reporting period,
evident in the client’s bank statement) from the debtor that relate to the amount that was
subject to confirmation; and
• Inspection of reliable source documents making up the debtor’s balance (such as
customer-signed delivery notes and related customer orders and invoices) that was
subject to confirmation.
CRITICAL THINKING
Is the debtors circularisation process always appropriate to use on an audit?
Although a frequently used audit procedure, the use of con rmations as an effective
source of audit evidence may not be appropriate in all circumstances, for example
where the auditor is aware that the response rates will probably be poor as a result
of the nature of the business and its debtors.
In practice, this may be the case in the audit of a hospital or a retail clothing
chain store where response rates to con rmations are ordinarily very low.
IN THE NEWS
The Satyam scam case and PriceWaterhouse (PW)
The lesson audit rms should have learnt from the accounting fraud at former
information technology company Satyam Computer Services Ltd, is to verify!
According to the Securities and Exchange Board of India (SEBI), the recurring lapses
in the auditing work undertaken by PW rms in India (Bangalore and Kolkata) of
Satyam’s nancial statements between 2000 and 2008 were due to the lack of
suf cient veri cation. By the admission of Satyam’s founder and chairman, Ramalinga
Raju, the case involved misstatements in excess of the equivalent of 1 billion US
dollars.
The fact that an attitude of professional scepticism was lacking on the part of the
auditors throughout these eight years is inconceivable. Unprecedented in both
severity and scale, the Satyam case resulted in all eleven PW of ces in India being
prohibited from issuing both audit and compliance certi cates for listed companies
and intermediaries for a two-year period. In addition, SEBI also imposed nes of
approximately 4 million US dollars on Price Waterhouse Bangalore as well as two PW
partners.
SEBI examined PW’s audit work to determine its role in the accounting fraud in
various areas, including in the bank and cash balances.
Non-existent cash/bank balances of Rs 5,040 crore (approximately the equivalent
of 700 million US Dollars)
The investigation found that PW did not independently verify bank statements and
xed deposit receipts, nor did it disclose the lack of such veri cation having been
performed (in the auditor’s report issued). PW, however, argued that it had undertaken
this asset veri cation and that the xed deposit receipts had appeared to be genuine.
SEBI found that PW had relied on Satyam to source the con rmations from the bank,
having not once, in eight and half years, requested independent con rmation from the
bank themselves.
In one instance, the regulator cited Satyam’s current account balance of Rs
1,782.6 crore with the Bank of Baroda’s New York branch. In another instance, SEBI
said a balance con rmation letter to PW from ICICI Bank in 2006 did not even contain
the name of the company for which the balance was being con rmed. It was also
found that PW had received two separate sets of xed deposit balance con rmation
letters – one from banks and the other from Satyam. According to the SEBI ndings, it
was noted that:
‘The auditors ignored the rst set of con rmations received directly from the banks and
relied exclusively only on those received from the company, showing deposit balances
which were tallying with what was shown in the books.’
14.3.1.7 Illustration of an external confirmation: External confirmations from

financial institutions
Sending external con rmation letters to the banks and other nancial institutions
used by a client is a standard audit procedure to verify the client’s bank and other
related account balance(s), as well as other related aspects, at the end of the
nancial reporting period.
The request of a bank con rmation has to be undertaken in accordance with SAAPS
6.
SAAPS 6 provides guidance to an auditor requesting external con rmations to
obtain audit evidence, either manually or electronically, from nancial institutions in
South Africa, to meet the requirements of ISA 505 (External Con rmations).
SAAPS 6 recognises the rapid advances in the nature of nancial instruments that
entities enter into with a wide variety of nancial institutions, and in respect of which
an auditor may seek external con rmation.
14.3.1.7.1 e confirmation process

e purpose of the confirmation request is to obtain all relevant information directly from
the bank or other financial institution as, having come directly from a third party, this
information is regarded as more reliable audit evidence than information internal to the
client.
e auditor should therefore maintain full control of the process, requesting that the
financial institution send the confirmation directly to the auditor’s address. at being said,
the involvement of the auditee is required in order for the necessary authority to be provided
to the financial institution to allow it to furnish the auditor with all the required information,
which would otherwise remain confidential.
e request should be sent to the financial institution timeously, in order to allow for
sufficient time for it to be returned and used as audit evidence.
SAAPS 6 allows the use of electronic external confirmation requests in South Africa, which
ensures that the request is directed immediately to the relevant department or responsible
individuals at the financial institution. Besides significantly reducing the time required to
obtain external confirmations from banks and financial institutions, this enhances the
security and tracking process of obtaining the confirmation certificate. is also reduces the
risk of incorrect and incomplete confirmations (a major problem with paper-based bank
confirmations) and should result in cost savings to audit clients.
14.3.1.7.2 Inclusions in an external confirmation to a financial institution

Appendix B of SAAPS 6 contains nine different Illustrative External Confirmation Request
Templates. ese relate to a variety of account balances and financial instruments that an
auditor is most likely to encounter. Suitable for both manual and electronic confirmation
requests, these enable the auditor to select only those forms that are specifically relevant to
the entity being audited.
is text does not address all nine of these categories of requests. Only the details of an
external confirmation request to be sent to confirm the auditee’s bank accounts and other
related banking aspects is addressed below.
14.3.1.7.3 External confirmation of bank accounts and other related aspects

e information that the auditor asks the bank to provide includes balances on all bank
accounts at financial year-end, including current, deposit, savings and loan accounts.
Auditors should furnish banks with the account numbers of all the bank accounts that are to
be confirmed.
However, the importance of the use of an external confirmation to the financial institution
(bank) in the audit extends beyond the verification of the actual bank balance(s). Other vital
aspects that should be included in the confirmation for the bank to supply to and/or confirm
to the auditor, include the following:
• Interest paid and received during the financial year for all the entity’s banking accounts;
• is is used to verify the occurrence, completeness and accuracy of the entity’s interest
expense/revenue.
• Details of any pledged and ceded balances and any collateral provided for liabilities;
• is can be used to verify the completeness and accuracy of disclosure and the
presentation of, among other things, contingent liabilities in the annual financial
statements, as well as rights, obligations and completeness of the related assets and
liabilities.
• Details of any forward contracts;
• is information can be used to verify the financial instrument, including the relevant
year-end disclosures and presentation provided in the auditee’s annual financial
statements.
• Available overdraft facilities that the auditee may use and the date for review of these;
• is often assists in the going concern evaluation that the auditor performs towards
the end of the audit process, in terms of ISA 570, because it provides information about
the availability and magnitude of short-term funding available to the entity to assist
with dealing with any anticipated cash flow problems.
• Information with regard to the authorised signatories on the bank accounts.
• It has been agreed with the Banking Council – South Africa that the authorised
signatories on the entity’s bank accounts should be provided for confirmation by
banking institutions.
• is information can be used by the auditor when verifying the validity/occurrence of
payments that were made during the financial year in order to identify possible
fraudulent transactions.
CRITICAL THINKING
How can the auditor verify the completeness of his or her client’s bank accounts?
If the risk of material misstatement for the completeness assertion related to
liabilities (loans) from banks and other nancial institutions is high, the auditor has
to perform audit procedures to address this risk appropriately.
Financial institutions are under no obligation to furnish the auditor with any
information relating to accounts that are not speci cally listed in the auditor’s
con rmation request. Therefore, as the auditor cannot rely on the con rmation
process itself to provide audit evidence of the completeness of bank accounts, he or
she must perform other audit procedures to obtain this evidence. The nature and
extent of these procedures will be determined by the risk of material misstatement
relating to the completeness assertion at the auditee and can include the following:
• Requesting that the auditee’s management provide a complete list of accounts;
• Comparing such a list to the accounts audited in the prior year, as per the prior
year audit working papers;
• Inspecting minutes of board meetings during the nancial year for indications of
approvals of new accounts; and
• Inspecting the bank account numbers from which payments, and into which
deposits, were made during the nancial year.
14.3.1.8 Auditing litigation and claims – attorneys’ representation letters
An attorney’s representation letter sent to the client’s lawyers or legal advisors is

used to obtain con rmation of any pending/actual litigation and claims involving the
client, the likelihood that these will result in an in ow or out ow of entity resources,
the amounts involved, and the legal costs associated with litigation.
Litigation and Claims is addressed in ISA 501 (Audit Evidence – Speci c
considerations for selected items) and in SAAPS 4 (Enquiries regarding litigation and
claims).
The appendix to SAAPS 4 provides an illustrative attorney’s representation letter
regarding litigation and claims.
14.3.1.8.1 e use of an attorney’s representation letter

As part of the audit process, auditors frequently require information pertaining to legal
matters, for example, in relation to the reasonableness of provisions relating to legal matters
in progress or the adequate disclosure of contingent liabilities. Auditors often experience
difficulty obtaining sufficient appropriate audit evidence in this regard, not least due to
limited documentation being available at the auditee and the auditor not being a legal
expert.
erefore, communication with the client’s attorney assists the auditor in obtaining sufficient
appropriate audit evidence with regard to the following:
• e details with regard to potentially material litigation and claims;
• e probability of any material revenue or other expenses arising;
• Whether all material litigation and claims have been identified by the entity (although it
must be noted that there is no obligation on the attorney to confirm completeness); and
• e identification of all related legal costs with regard to the above.
is evidence will assist the auditor in evaluating the appropriate accounting treatment of
litigation and claims in the auditee’s financial statements and provide audit evidence about
the accuracy/valuation and occurrence/obligation of all related transactions and year-end
provisions, accruals for legal costs, and financial statement disclosures (e.g. contingent
liabilities).
14.3.1.8.2 e confirmation process

e request for an attorney’s representation letter must be sent by the auditor, and the legal
counsel should be asked to communicate and return the letter directly to the auditor, and not
to management at the auditee. is is to ensure that management involvement in the process
is limited and this increases the reliability of the third-party confirmation as audit evidence.
However, any request sent to the client’s attorney must be with the client’s consent and
prepared by the client’s management.
WHY? Why do you think this is so?

Consider the nature of ‘client con dentiality’.
WHAT What if:
IF? • Management refuses the auditor permission to communicate with the

attorney; or
• Management refuses the auditor permission to communicate with the
attorney; or
• The attorney refuses to respond appropriately to the letter of enquiry;
or
• The attorney places limitations on the response; or
• The representations of the attorney differ materially with
management’s original estimate?
The auditor should try to resolve any of the above issues through
discussion with management and/or the attorney. However, if the auditor is
unable to obtain suf cient appropriate audit evidence by performing
alternative audit procedures, then the auditor will have to consider the
effect (of this possible scope limitation) on the auditor’s report.
14.3.1.8.3 Other substantive procedures in regard to litigation and claims

It is management’s responsibility to adopt policies and procedures to identify, evaluate,
record and report all material litigation and claims in relation to the entity. As part of the
audit process, the auditor reviews and discusses these procedures within the entity’s internal
control structure with management and, if applicable, with in-house legal counsel.
In addition to doing this, and the legal confirmation request that is often sent to the entity’s
attorneys, the auditor designs and performs various other substantive procedures to identify
all possible litigation and claims (because there is a risk that the attorneys to whom
confirmation letters are sent may not handle all legal matters for a client, and hence may be
unaware of material litigation and claims involving the client). Among others, these
procedures may include the following:
• Obtain a list from management of litigation and claims (including descriptions of the
matters and their likely financial consequence estimates) and discuss this with them;
• Analyse the legal fees expense accounts, and hold discussions with management;
• is is performed in order to identify potential litigation and claims that the auditor
may have been unaware of and will then be directed to investigate further.
• Review relevant correspondence between the entity and its attorneys, and any documents
indicating an intention to institute legal action; and
• Obtain written representations from the entity’s management in regard to the
completeness of material outstanding litigation and claims.
e following audit procedures that are performed for other areas of the audit may also often
reveal previously undetected litigation and claims:
• Review of minutes of meetings of directors, the audit committee, shareholders and others
charged with governance of the entity;
• Inspection of contracts, loan agreements, leases and insurance policies relevant to the
entity;
• Inspection of bank confirmation information concerning guarantees;
• rough inspection of bank statements (both during and subsequent to the financial
year-end), the auditor may identify payments made to an attorney in settlement of legal
expenses; and
• rough general enquiries of management and other entity employees, the entity’s
potential involvement in litigation and claims may be identified.
WHY? Why are attorneys’ representation letters a commonly used audit

procedure?
Although the above procedures may identify possible litigation and claims,
they may not necessarily provide the auditor with suf cient appropriate
audit evidence about the likely outcome of these matters.
Furthermore, the auditor may not possess the necessary skills required
to reach conclusions with regard to management’s assessment of the
possible/likely outcomes and/whether the information that has been
provided by management in the nancial statements is accurate and
appropriately disclosed. The attorney’s representation letter is thus able to
provide audit evidence in these respects.
14.3.2 Management’s written representations
e auditor may find it cost-effective to place reliance on management’s written
representations in order to minimise the time-consuming detailed audit work that must be
performed. However, the extent to which the auditor can place reliance on management’s
written representations is governed by ISA 580 (Written Representations).
A written representation is a written statement provided by management to the

auditor to con rm certain matters or to support other audit evidence.
Management’s written representations are addressed in ISA 580 (Written
Representations). The appendix to ISA 580 contains an illustrative management
representation letter.
14.3.2.1 How are written representations by management relevant to the

auditor?
In order to confirm that management acknowledges their responsibility for the fair
presentation of the financial statements and assertions or representations they have made in
the entity’s financial statements and for the completeness of the information provided to the
auditor, as well as to support other audit evidence obtained, the auditor is required to obtain
appropriate representations from the management of an entity in the form of a written
representation letter.
14.3.2.2 e value of written representations by management as audit

evidence
Since written representations are obtained directly from management of the entity (who are
responsible for preparing the financial statements), they are not high on the hierarchy of
reliability of audit evidence and are not a substitute for other audit evidence that should
normally be available, but rather a supplement to it.
ese representations should therefore be regarded with an appropriate degree of
professional scepticism, and the auditor should use them primarily as corroborative
evidence only, except for material matters when no other corroborating evidence is
available. An example of the latter situation may be seen when the auditor evaluates
management’s going concern assessment (per ISA 570), and management has informed the
auditor that they have committed to a future course of action (such as a decision to sell and
lease back certain equipment at some future date) for which no audit evidence is yet
available. In such cases, the written representation can be accepted as sufficient appropriate
evidence (unless contradictory evidence is found).
14.3.2.3 Important aspects regarding the representation

In order for written representations by management to be considered of value for the audit,
the representations should be:
• Written and not provided orally;
• Addressed directly to the auditor;
• Appropriately dated and signed:
• Dated the same date as the auditor’s report or as near as practical to it, but not after the
date of the auditor’s report;
• Requested from and signed by members of management who have the primary
responsibility for the entity and its finances and who are responsible for the
preparation of the financial statements (typically the chief executive officer and the
chief financial officer of the entity);
• Provided by management of the entity who are considered to be sufficiently well
informed on the particular matter about which the representations are being made;
and
• Corroborated by other audit evidence wherever available.
14.3.2.4 Key aspects included in written representations by management

In accordance with ISA 580, always included in the letter is management’s representations
that:
• Management has fulfilled its responsibility for the preparation of the financial statements
in accordance with the applicable financial reporting framework;
• Management has provided the auditor with all relevant information with regard to the
audit and access as agreed in terms of the audit engagement letter; and
• All transactions have been recorded and are reflected in the financial statements.
Representations should always be obtained about material matters where alternative forms
of audit evidence are limited. Among others, key areas that should be included are going
concern (ISA 570), subsequent events (ISA 560), related parties (ISA 550) and accounting
estimates (ISA 540). It is also important that the auditor obtains written representations from
management to confirm that it has disclosed to the auditor its knowledge of actual,
suspected or alleged fraud in the entity and the results of management’s assessment of the
risk that the financial statements may be materially misstated as a result of the fraud (ISA
240).
14.3.2.5 Evaluating the representations

e auditor should always evaluate the reliability of the individuals who have made the
representations. If the auditor has any concerns about the competence and/or the integrity
of management, the auditor must determine the effect that such concerns may have on the
reliability of written representations by management as an appropriate and reliable form of
audit evidence. In these circumstances, the auditor should also consider the effect of this on
all the other audit evidence provided by management, since its reliability may have to be re-
evaluated.
WHAT What if management’s written representations contradict other audit

evidence?
IF? The auditor should always evaluate the reasonableness of management’s
representations and ascertain whether the representations are consistent
with other audit evidence.
If written representations by management are contradicted by other
audit evidence, the circumstances should be investigated in order to
determine the reasons. The auditor should also reconsider and reassess
the reliance placed on other representations (verbal or written) that have
been made by management in the remainder of the audit process, as well
as the need to revise the risk assessment.
14.3.2.6 Failure or refusal by management to provide written representations

Failure by management to provide written representations will not necessarily constitute a
limitation on the scope of the audit. However, if management refuses to provide a written
representation for an area for which no alternative audit evidence is available, the refusal will
constitute a limitation on the scope of the audit and the auditor will need to consider the
effect on the auditor’s report.
If management does not provide the written representations requested by the auditor,
they should alert the auditor to the possibility that one or more significant issues may exist
with regard to the entity and its financial statements and the auditor should investigate this,
applying the necessary professional scepticism.
erefore, before the 20X1 auditor’s report of Ntsimbi Piping can be signed off by Nolands Inc.,
written representations by the directors of Ntsimbi Piping will have to obtained for all
significant audit areas in terms of the requirements of ISA 580.
ese written representations must be signed off by Lee-Ann Losper (financial director) and
Bongani Arnott (managing director) and dated on or before 26 June 20X2 (the date of the
auditor’s report).
14.3.3 Accounting estimates
An accounting estimate is an approximation of a monetary amount in the absence of

a precise means of measurement of the amount. Examples include inventory
obsolescence allowances, allowances for credit losses, accruals, provisions for
warranty claims, provisions for litigation, and depreciation on property, plant and
equipment.
The audit requirements for accounting estimates are covered in ISA 540.
14.3.3.1 Why are accounting estimates particularly important to the auditor?

As estimates are made by the entity’s management, they are subject to management
manipulation and bias (a lack of neutrality by management in the preparation of
information). Management have the opportunity deliberately to overstate or understate
assets and liabilities by using unreliable and incorrect assumptions when making estimates,
ultimately resulting in materially misstated account balances and related disclosures in the
financial statements.
Moreover, accounting estimates are subjective, as their determination has to take into
account assessments of future events and circumstances that are inherently uncertain. Errors
of judgement in this process can also have a significant effect on the determination of the
amounts of estimates and related disclosures.
As a result of the above, accounting estimates are often regarded as being exposed to a
high risk of material misstatement, and assessed as being significant risks. Significant risks
have been discussed in section 12.5.4 of Chapter 12.
14.3.3.2 How does the auditor assess the risk relating to an estimate?
It is particularly important for the auditor to properly apply professional judgement when
auditing an accounting estimate. is entails not merely accepting the way in which
management of the entity prepared the estimate.
To assess the risk of material misstatement relating to an accounting estimate, the auditor
has to, among other things, understand how management prepared the estimate. In
particular, he or she has to understand matters such as the method used by management to
make the estimate, the internal controls relevant to the estimate, data and assumptions used
in making the estimate and how the risk of management bias has been addressed by
management.
e auditor also has to assess how good management is at making accounting estimates
(the better they are, the lower the risk of material misstatement is). is is done (where
applicable) by looking at estimates in previous financial years and comparing the actual
outcome to the estimate.
In addition, the auditor must consider other relevant information that may impact on the
estimate, such as the complexity of the estimate, the size of the estimate in relation to the
materiality figures set for the audit, and the assessment of fraud risks (e.g. management’s
incentives, opportunities and rationalisation to misstate the financial information).
According to note 5 to the Ntsimbi Piping financial statements, management raised an

allowance for credit losses of R1,519,842 against trade receivables in the 20X1 financial year.
ey raised an allowance of R408,800 in the 20X0 financial year. During the 20X1 audit of the
allowance for credit losses the auditor will review actual bad debts written off during the 20X1
financial year in order to assess how good management is at making this estimate. If the actual
write-offs during 20X1 are in the region of R408,800, it provides evidence to the auditor that
management is good at estimating the allowance for impairment of trade accounts receivable,
reducing the risk of material misstatement of the balance. If the actual outcomes (write-offs)
were significantly different from the prior year estimates, it indicates that management is not
very good at making the estimate, thus increasing the risk of material misstatement of the
estimate for the current year’s audit.
14.3.3.3 How does the auditor respond to the assessed risk of material
misstatement of an estimate?
To respond to the assessed risks of material misstatement of an accounting estimate, the
auditor must obtain sufficient appropriate audit evidence that the amount of the accounting
estimate is reasonable in the circumstances and is appropriately presented and disclosed in
the financial statements.
e auditor obtains this evidence by doing the following:
• Obtaining a written management representation that specifically covers the
reasonableness of methods, data and assumptions used in making the estimate
(management’s written representations were discussed in section 14.3.2 of this chapter);
• Performing audit procedures to test that management has properly applied the applicable
accounting requirements (recognition, measurement and disclosure) and that the
accounting estimates and related disclosures are reasonable in the context of the
accounting requirements; and
• Performing audit procedures to test the reasonableness of the amount of the estimate.
e auditor can use one or a combination of the following methods to test the reasonableness
of the amount of an estimate:
• Compare an independent estimate made by either the auditor, or an independent
auditor’s expert (discussed later on in section 14.3.4.2.1 of this chapter), to management’s
estimate. For example, Ntsimbi Piping’s auditor can make his or her own estimate of the
allowance that should be raised for credit losses, using the same or different assumptions
from those used by management. is independent estimate can then be compared to
management’s estimate and significant differences resolved with management.
• Review events subsequent to year-end that provide evidence in respect of the estimate.
For example, in the case of Ntsimbi Piping, comparing the actual bad debt write-offs up to
26 June 20X2 (the date of auditor’s report) to the estimated amount of R1,519,842 provided
for in the 20X1 annual financial statements.
• Test the process followed by management to make the estimate – discussed in detail
below.
To test the process followed by management to make the estimate, the auditor does the
following:
1. Gain an understanding of the process followed by management – this includes the
following:
• Understanding the underlying data used by management in making the estimate (e.g.
the debtors age analysis used in the estimate of the impairment allowance of Ntsimbi
Piping);
• Understanding any assumptions made by management (e.g. that 80% of debtors with
balances older than 90 days are deemed to be doubtful); and
• Understanding the method and calculations used by management and assessing
whether they are appropriate and have been applied consistently, or whether any
changes from the prior period are appropriate in the circumstances (e.g. the method of
applying a percentage to the balance of debtors older than 90 days per the age
analysis).
2. Audit the underlying data used by management (e.g. performing tests of controls and/or
substantive procedures to test the completeness and accuracy of the debtors age analysis of
Ntsimbi Piping).
3. Audit the reasonableness of the assumptions used by management (e.g. reviewing
actual write-offs of debtors with balances older than 90 days in previous years in order to
assess the reasonableness of management’s assumption that 80% of these are doubtful).
4. Audit management’s method and calculations (e.g. reperforming management’s
calculation of the allowance for credit losses).
5. Inspect management’s approval of the amount of the estimate – this is normally
evidenced by the minutes of management meetings where estimates are approved, and
these can be inspected by the auditor.
14.3.4 Use of other parties in the audit

e auditor may need to consider the use of other parties (apart from the members of the
audit team) on the audit for the following reasons:
• e auditee may have internal auditors who have performed extensive audit work during
the financial year (at significant cost). e auditee’s management may request that the
external auditor consider placing reliance on some of this work, in order to reduce the
external audit fee.
• Certain account balances or classes of transactions may be derived as a result of the work
of specialists/experts (e.g. determining the quantities of chemical gases in tanks at the end
of the entity’s financial year). e audit team will, for example, find it very difficult to
know whether the gas purported to be in a tank is actually in the tank.
• e auditee may have operations in locations that are remote from the external auditor’s
offices. Accordingly, the auditor may wish to appoint other auditors who are based in such
remote locations to perform audit work on his or her behalf.
e use of other parties (apart from the audit team) in the audit process, where applicable,
has to be specifically addressed by the auditor in determining the overall audit strategy, audit
approach and nature of further audit procedures. Among others, the following other parties
may be used during the audit process to provide audit evidence:
• Internal auditors of the entity;
• Experts possessing specialist skills (appointed by either entity management or the
auditor); and
• Other auditors (specifically in, but not limited to, group audit situations).
roughout the course of the audit process, using the work of these other parties, where
applicable, should be considered as follows:
• During the pre-engagement and planning stages:
• When obtaining an understanding of the entity and assessing the risk of material
misstatement (the auditor may, for example, identify specific risks relevant to
subsidiaries audited by other auditors and assess the roles played by these auditors).
• Obtaining an understanding of the entity’s controls may include an understanding of
the functions performed by the entity’s internal audit function (if such a function
exists).
• In the design of audit procedures, this may include the evaluation of the scope of the
work assigned to be performed by other auditors, internal auditors or experts in a
particular field.
• During the gathering of audit evidence, the auditor may have to perform specific audit
procedures on the work actually performed by other auditors, internal auditors or experts,
in order to evaluate whether this work can be used as audit evidence.
• During the evaluation, conclusion and reporting stage, the auditor may have to consider
the impact of the audit findings of other auditors responsible for the audit of subsidiaries
on the audit opinion on consolidated financial statements.
As the involvement of other parties in the audit process is a complex area requiring extensive
experience of those in charge of the audit, it is only covered at an introductory level in this
text.
14.3.4.1 Internal audit
Internal audit is a function established in an entity to perform assurance and

consulting activities designed to evaluate and improve the effectiveness of the
entity’s governance, risk management and internal control processes. (Refer to
section 1.4.8 of Chapter 1, where the different types of auditors were discussed.)
Internal audit is addressed in ISA 610 (Using the Work of Internal Auditors).
14.3.4.1.1 e effect of internal auditors work on the external audit

e internal audit function is an important aspect of the entity management’s monitoring
component of internal control. Since internal auditors are often involved in evaluating and
monitoring the systems of accounting and internal control, the existence of a strong internal
audit function may reduce control risk. erefore, aspects of the internal audit work may
influence the external auditor in determining the nature, timing and extent of audit
procedures (i.e. the audit approach and the audit plan). For example, the extent of other
audit procedures may well be reduced should reliance on the work of internal auditors be
appropriate.
However, it must be emphasised that internal audit operates as a part of the entity and
performs a management function, and as such is not independent of the entity, unlike the
external auditor. erefore, consideration has to be given to the reliability of audit evidence
that can be obtained from relying on the work of internal auditors.
14.3.4.1.2 Evaluating the internal audit function

As part of risk assessment procedures and development of the audit plan, the external
auditor must obtain a reasonable understanding of the internal audit activities, in order to
ascertain whether the client’s internal audit function is likely to influence and reduce the
amount of audit testing to be performed by the external auditors. is assists in planning the
audit and developing an effective and efficient audit approach.
In performing this evaluation, the external auditor should first obtain an understanding
of the organisational status and scope of the internal audit activities, as well as its employees’
technical competence. is has to be done in order to assess the reliability of the function
and thus the likelihood of appropriate (relevant and reliable) audit evidence being provided
by the work of internal auditors.
In assessing the function, the auditor thus considers, among other things:
e organisational status of the internal audit function: Gaining an understanding of the
• structure and objectivity of the function in the entity, including its role, operation and the
effectiveness of reporting lines to management and those charged with governance. e
auditor considers the internal audit function’s access to the entity’s audit committee and
board of directors and the entity’s policies to ensure that the function remains both
independent and effective in the entity. is can be evaluated by discussions with entity
management and the head of the internal audit function, review of entity organograms
and review of all relevant minutes of meetings, such as those of the audit committee.
• e level of competence of the internal audit function and of the staff performing the
work: In particular, this means evaluating whether the work is performed by persons with
adequate technical training and proficiency. is can be done by determining whether
they are Certified Internal Auditors (by inspecting certificates of professional registration),
their professional experience and relevant training received.
• Whether the internal audit function applies a systematic and disciplined approach to its
work, including quality control: is includes assessing whether the work is properly
planned, supervised, reviewed and documented. e external auditor can perform this
assessment through the procedures mentioned above (such as discussions with head of
internal audit, review of the Internal Audit Charter and review of minutes of internal audit
meetings), as well as review of internal audit working papers.
e auditor must also consider the scope of the work performed by internal audit to
determine whether it is relevant to the external audit (i.e. the focus of internal audit may be
more on operational controls that have little or no relevance to the financial statement
audit). is involves gaining an understanding of the areas in which internal audit work is
carried out and the types of testing performed, and can be done by performing procedures
such as discussions with the head of internal audit, review of the Internal Audit Charter (if
one is available) and the internal audit plan, as well as review of minutes of meetings.
14.3.4.1.3 Assessing the work performed by internal audit

If the external auditor decides, based on the evaluation of the internal audit function, that the
work of the internal audit function is likely to be adequate and can be relied on in the
external audit, the auditor will further evaluate whether:
• e work that the external auditor wishes to rely on has been properly planned,
performed, supervised, reviewed and documented;
• Sufficient appropriate evidence had been obtained to enable the internal auditors to draw
reasonable conclusions; and
• Conclusions reached are appropriate in the circumstances and the reports prepared by
the internal auditors are consistent with the results of the work performed.
In order to perform the above assessment, the auditor needs to obtain and review the
internal auditors’ working papers and consider the results of procedures performed by them
during the current financial year.
In order to determine the adequacy of specific internal audit work intended to be used
for external audit purposes, the external auditor has to evaluate and test the work performed
by internal auditors before placing reliance thereon. is can be done by, among other
things, reperforming audit procedures already performed by internal audit (as evidenced in
their working papers).
In using the internal audit function, the external auditor should coordinate the timing of
internal and external audit activities by discussing and planning this with the internal
auditor (and audit committee) and addressing this as part of the overall audit strategy and
the audit plan (by specifically dealing with the nature, timing and extent of the procedures
that will be need to be performed in relation to the internal audit function).
14.3.4.2 Experts
An expert is an individual or organisation that possesses expertise in an area (other

than accounting or auditing), whose work in that eld is used by the auditor in the
audit process to assist with obtaining suf cient appropriate audit evidence.
e experts on whose work auditors may consider placing reliance can fall into one of the
following two categories:
1. Experts employed by or engaged by the auditor (addressed in ISA 620 (Using the work of
an auditor’s expert)); and
2. Experts engaged by the management of the audit client (addressed in ISA 500 (Audit
evidence)).
Experts employed or engaged by the auditor are discussed in section 14.3.4.2.1 below,
whereas experts engaged by the client’s management are discussed in section 14.3.4.2.2.
14.3.4.2.1 e use of an auditor’s expert

Expert involvement is relevant for aspects of the financial statements where the auditor lacks
sufficient expertise and knowledge, which may include areas such as property valuations,
actuarial valuations, complex inventory valuations and estimates relating to environmental
matters and the outcome of pending lawsuits. However, due to the high costs involved in the
use of these experts, an auditor’s expert is only used in complex and specialised areas where
the auditor really does not and cannot be expected to have the expertise that is required to
obtain sufficient appropriate audit evidence for the particular area.
An auditor’s expert may be either an internal expert (who is employed by the auditor’s
firm or a network firm) or an external expert (i.e. who is from outside the auditing firm).
Where the work of an auditor’s expert has been used as part of the audit process, the
auditor still maintains full responsibility and liability for the audit opinion. As such, the
auditor’s expert is not ordinarily referred to in the auditor’s report, and the auditor is solely
responsible for ensuring that he or she is satisfied that sufficient appropriate evidence has
been gathered.
Audit considerations
Audit planning
In attempting to obtain sufficient appropriate audit evidence with regard to the classes of
transactions, account balances or disclosures where expert involvement is applicable, when
planning to use the work of an expert, the auditor should:
• Prior to the appointment of the expert, consider and verify the expert’s professional
reputation and expertise in the industry in which he or she operates – such as the
actuarial industry or property valuation industry – and whether the expert is thus
professionally competent and capable of performing the engagement. is can be done
by, for example, verifying the expert’s professional qualifications and expertise, by
performing procedures such as confirming membership of a professional body,
performing background checks and researching the expert’s experience (e.g. using a
Google search);
• Also, consider the expert’s objectivity in relation to the entity by making appropriate
enquiries (e.g. from the expert); and
• On appointing the expert:
• Do so by way of a formal written agreement/contract; and
• Clarify the scope of the work to be performed by the expert in the audit engagement, so
that sufficient and appropriate audit evidence can be obtained with regard to the
specific audit objective/s and assertion/s under consideration.
Further audit procedures

If the auditor intends to rely on the work that an auditor’s expert has performed, the auditor
has to evaluate whether such reliance is warranted, by ascertaining that professional and
ethical standards were applied by the expert in the audit assignment.
e auditor also has to obtain and review the work performed by the expert and gain an
understanding thereof. Not being an expert in the specific area in which the expertise has
been obtained, the auditor has to evaluate the process followed by the expert and assess all
key data used by the expert. e reasonableness of the expert’s findings or conclusions, and
their consistency with other audit evidence, should also be considered.
If the work of the expert involves the use of significant source data, the auditor has to
evaluate the relevance, completeness and accuracy of that source data. Should amounts
involve estimates and assumptions made (which is frequently the case in expert calculations),
the auditor has to assess these for reasonability in the circumstances, specifically in terms of
the industry and nature of the client and for consistency with prior years (e.g. in actuarial
valuations or property valuations).
CRITICAL THINKING
What happens in circumstances where the auditor places unwarranted reliance on
the work of an expert?
Should the auditor not have performed the above evaluations, or not have performed
them adequately, the auditor will have performed his or her work without the required
professional competence and due care (as per the SAICA and IRBA Codes of
Professional Conduct) and could be guilty of improper conduct and legally liable as a
result.
When using the work of an auditor’s expert in an audit engagement, the expert may have to
be advised of his or her independence requirements, the use that is to be made of the work,
and the coordination, planning and timing of the work, in order for it to be assessed to be
used as audit evidence to support the audit opinion. ese aspects will have to be
incorporated in the overall audit strategy and audit plan.
14.3.4.2.2 Management’s experts

In some instances, circumstances may arise where management of the entity has appointed
and used the services of an expert in relation to a certain area(s) accounted for and/or
disclosed in the annual financial statements. Just as the auditor may consider placing
reliance on the work performed by an expert appointed by the auditor, he or she may
consider placing reliance on the work performed by an expert appointed by the management
of the entity.
In this instance, in addition to considering and evaluating the expert’s professional
competence, reputation and expertise in the industry within which he or she operates, it is
particularly important that the expert’s objectivity be evaluated. is is to assess whether the
expert is sufficiently independent of management of the entity to ensure that the work has
been carried out objectively and without management influence, in order for the work to be
considered to be capable of being relied on by the auditor.
e auditor should make the above-mentioned assessments by performing procedures
such as discussions with management and the expert, considering information gained from
prior association with the expert (if applicable), consulting with other parties who may have
knowledge of the expert’s reputation and expertise in the field, and verifying that the expert
is not a related party to the entity. e expert’s professional qualifications and expertise can
be verified in the same way as is done for an auditor’s expert, described in section 14.3.4.2.1
above.
If the auditor intends to rely on the work that an expert has performed for the entity and
therefore has to evaluate whether such reliance is warranted, the auditor has to consider
whether the scope of the work performed by the expert and the resultant evidence is
sufficient, (i.e. the scope of the work performed by the expert is adequate for the purposes of
the audit) and appropriate with regard to the specific audit objective/s and assertion/s under
consideration.
In evaluating the work actually performed by the expert, the audit will perform the same
procedures as in the case of an auditor’s expert, addressed in section 14.3.4.2.1 above.
WHAT What if evaluations and procedures performed indicate that the auditor
cannot rely on the work performed by the expert appointed by
IF? management (e.g. due to the expert’s objectivity, competence or
expertise being assessed as questionable and/or the work performed by
the expert contradicting other audit evidence and is hence assessed as
being unreliable)?
The auditor will have to discuss these issues with management and, if
necessary, appoint another expert to undertake the work.
If suf cient appropriate audit evidence cannot be obtained (e.g.
management refuses to agree that reliance cannot be placed on the
expert’s work), this may constitute a limitation on the scope of the audit, or
a disagreement with management, and the effect on the auditor’s report
will have to be considered.
14.3.4.3 Other auditors
CRITICAL THINKING
How are other auditors relevant to an audit?
In certain instances, such as for the audit of a group of companies, the auditor will
be responsible for reporting on nancial statements (i.e. consolidated nancial
statements) that include the nancial information of components (i.e. a subsidiary)
that were audited by another auditor (referred to as the ‘component auditor’).
The following Standards set requirements relating to the use of other auditors:
• ISA 600 on special considerations for the audit of group nancial statements
(including the work of component auditors); and
• ISA 402 on audit considerations relating to an entity using a service organisation.
Given the complexity of this area, a detailed discussion falls outside the scope of
this introductory text.
14.3.4.3.1 Audit procedures

In situations where reliance on other auditors is relevant, the auditor, referred to as the
principal auditor, has to assess the independence, competence and the work of the other
auditor in order to determine the extent to which reliance can be placed on his or her work.
is also involves performing audit procedures to evaluate whether the work of the other
auditor is sufficient for the principal auditor’s purposes. e nature, timing and extent of
these procedures depend on the nature and circumstances of the particular principal
auditor’s engagement. ey also depend on the principal auditor’s knowledge of the
professional competence and independence of the other auditor (including the regulatory
environment within which he or she operates).
As the principal auditor does not necessarily have access to the detailed audit evidence
concerning the financial information audited by the component auditor, specific audit
procedures to address this matter may need to be performed. e purpose of these
procedures is to enable the auditor to obtain sufficient appropriate audit evidence to be able
to draw conclusions on which to base the audit opinion on the financial statements on which
he or she is reporting (such as the consolidated financial statements in the case of the
auditor relying on the work of the auditor of a subsidiary). It is important to note that the
principal auditor is ultimately responsible for the audit opinion expressed on, for example,
the consolidated financial statements, and he or she cannot transfer blame for any material
misstatements in these to the other auditor.
As part of audit reporting, the audit opinion does not refer to the work of the other
auditor if an unmodified audit opinion is expressed in the auditor’s report. However, if the
auditor is unable to conclude that the work of the other auditor can be used, and is unable to
perform alternative audit procedures in order to obtain sufficient appropriate audit
evidence, this would constitute a limitation on the scope of the audit, leading to a modified
audit opinion.
When using the work of other auditors on an audit engagement, the other auditors will
have to be advised of the relevant independence requirements, the use that is to be made of
their work, the coordination, planning and timing of the audit work, as well as the
accounting and reporting requirements that apply. ese aspects will have to be
incorporated in the overall audit strategy, audit approach and audit plan.
14.4 What are computer-assisted audit techniques

(CAATs)?
14.4.1 e basics of CAATs
14.4.1.1 What are the nature and purpose of CAATs?
CAATs are computerised tools and functions that an auditor uses to assist the auditor in
performing audit procedures. Tools refer to computer software applications, while the
functions for which these tools can be used include techniques such as data analysis and
data security evaluation.
Should an entity make use of computers to record and process its data or manage aspects
of its operations, an environment is present wherein an auditor may be able to apply CAATs.
Today, it will only be in rare instances that an auditor comes across an entity that does not
make use of any computer technology in its business processes, hence the potential to
consider using CAATs is always present.
e use of CAATs (whether basic or advanced) has become an integral part of most
audits. In fact, on some audits it will not be possible to avoid the use of CAATs, especially
where an entity’s records of transactions are stored in electronic format only or where the
entity processes large volumes of computer data in its accounting process.
The purpose of CAATs is to enable the use of computer technology to assist an

auditor in carrying out audit procedures for the purpose of gathering audit evidence.
14.4.1.2 Are there different approaches to auditing in a computerised

information system?
You should recall from section 12.6 of Chapter 12 that the auditor can follow one of two audit
approaches for each assertion applicable to each class of transactions, account balance and
related disclosure. ese are a combined approach (sometimes referred to as a controls-
based approach) and a substantive approach. e existence of a computerised environment
at an entity may have an impact on the auditor’s selection of an audit approach.
ere are various approaches that an auditor can follow when required to audit in an
environment where the entity’s information system is computerised.
14.4.1.2.1 Auditing around the computer

With this approach, an auditor does not consider (i.e. the auditor ignores) the automated
controls present in a computer application (automated controls, also called programmed
controls, were discussed in Chapter 5). Rather, input that went into the system is compared
to the system’s output, involving mostly the comparison of recorded information (output)
with the supporting documents that were used as input. Auditing ‘around the computer’ is
most applicable to basic computer systems where there is a clear, documented audit trail and
where output documents in hard-copy format are readily available for inspection by the
auditor.
For example, an auditor may decide to select a sample of credit notes from the sales
adjustments journal (the output) for inspection of the physical credit note and the related
goods returned voucher (the documents that were used as input) for evidence of the
authorisation of the transaction. e auditor confirms whether a control was applied to the
transactions (approval evidenced by signature) without considering any automated controls
(such as logical access controls) that may have impacted on the transaction during its
recording and processing to the financial records.
is approach to a computerised information system can be followed in situations where
either a combined or a substantive audit approach is followed.
Advantages of the ‘around the computer’ approach are as follows:

• It is cost-effective where an entity operates a simple computer system with a strong paper-
based audit trail, as expensive computer technology and information systems (IS) audit
experts for the purpose of the audit are not required.
• ere is minimal risk of corrupting the entity’s computer data, as the auditor does not
make use of hardware input or data extraction in relation to the entity’s computer system.
e disadvantages of this approach are as follows:

• e audit may be inefficient or become overly expensive where the entity makes
reasonable use of computer systems, but the auditor does not take full advantage of the
efficiency gains made possible by the use of computer technology on the audit.
• ere is limitations on the auditor’s ability to isolate the exact causes or risks of
misstatements found in the financial information by the auditor, should the cause/risk
have been as a result of control failure on the part of the entity’s computer system. e
auditor would not be able to identify the controls which failed given that the auditor does
not audit the applicable automated controls under this approach.
images
Figure 14.3: Illustrative explanation of using an ‘around the computer’ testing approach
Note: Auditing around the computer does not involve the use of CAATs, as the auditor does not
use computer technology to test internal controls or analyse financial data. For this approach,
both tests of controls and substantive procedures (where relevant) are carried out manually
without the assistance of computer hardware or software.
14.4.1.2.2 Auditing through the computer

With this approach, the auditor tests the design, implementation and operating effectiveness
of automated controls present in the entity’s computer applications. e results of these tests
would determine whether the auditor is able to rely on internal controls for audit purposes.
‘rough the computer’ involves, for example, the use of ‘test data’ whereby the auditor
enters both correct and incorrect data into an entity’s computer system to compare the
results of the test (the actual output) with the expected output. Where an automated control
did not operate as expected, the auditor will note an internal control deficiency. is
approach forms part of system-oriented CAATs where the automated internal controls
relating to the input of data into the computer and the processing of data by the computer are
tested. e auditor can also test the controls in place over the integrity of output information.
A ‘through the computer’ approach is applicable in situations where a combined audit
approach is followed. As it relates specifically to the testing of controls in the computer
system, it is not applicable in situations where a purely substantive audit approach is
followed.
e advantages of this approach are as follows:

• It is effective where a large volume of homogeneous transactions are subjected to the
same controls in an entity’s computer system.
• It can pinpoint causes or risks of financial misstatements where these are due to
computer-related control weaknesses, given that automated controls are tested directly.
e disadvantages of this approach are as follows:

• It may be expensive as this approach requires specific computer technologies, including
hardware and software, as well as information systems expertise on the audit team.
• ere is a risk of corrupting the client’s data on its computer system due to errors resulting
from the auditor’s input of test/fictitious data into the client’s system. Furthermore, there
might be disruption to the client’s computer operations if the auditor’s tests result in
corruption of client data.
images
Figure 14.4: Illustrative explanation of using a through the computer approach
14.4.1.2.3 Auditing with the computer

When auditing with the computer, the data stored on an entity’s computer system is made
available to the auditor in electronic format and analysed by the auditor for anomalies,
unusual items, risks and exceptions by means of data analysis. is approach enables the
auditor to analyse computer data using powerful data analytics software, instead of having to
manually work through large volumes of paper-based information.
Auditing with the computer is commonly used where data-oriented CAATs are
performed in a substantive audit approach, but may also be used where a combined audit
approach is followed.
e advantages of auditing with the computer are as follows:

• ere is greater control over the analysis of an entity’s computer data (including financial
data) as the auditor can obtain direct access to it on his or her own computer.
• It potentially enables larger sample sizes to be drawn (larger coverage of transaction
totals/account balances as the functionality of data analytics software and the computer’s
processing power can be put to effective use in analysing an entity’s computer data).
• It is normally less expensive and more efficient than manually auditing an entity’s data,
should data be voluminous and easy to access in electronic format.
e disadvantages of auditing with the computer are as follows:

• It requires a reasonable level of computer knowledge for basic data analysis and a deeper
level of skills where advanced data analysis has to be performed.
• ere is a risk of corrupting data on the entity’s computer system or disrupting its
computer operations where data is accessed electronically from the entity’s computer
system.
• It is expensive where advanced data analysis by means of specialised data analytics
software or the expertise of information systems (IS) auditors is required.
• ere is a risk of breach of confidentiality of the entity’s data where the data has been
transferred into the auditor’s possession and the auditor’s computer hardware (or other
mobile storage media) on which the data is stored is lost and accessed by unauthorised
parties.
images
Figure 14.5: Illustrative explanation of using a with the computer approach
In practice, it is likely that a combination of the above approaches will be applied on a

particular audit. Note that auditing with the computer can be used concurrently with an
around the computer or a through the computer approach. However, as discussed earlier, an
around the computer approach is distinct and mutually exclusive from a through the
computer approach.
Data analytics: The future of audit?

It is being said that the practice of performing data analytics on audits is providing
both auditors and their clients with cost ef ciencies, because large volumes of data
can be analysed by means of highly functional audit software at immense speeds. In
addition, by analysing an entity’s accounting data, an auditor can obtain insights into
risks of material misstatement facing an entity’s accounting information which might
not have been possible using traditional audit approaches where data analytics is not
used. Data analytics therefore has the potential to enhance audit quality/improve the
effectiveness of the audit approach in detecting material misstatements. In recent
times, this area has received signi cant attention – and it is even being suggested
that data analytics is the ‘future of audit’ and that audit rms may lose competitive
advantage should they not utilise it to its fullest capabilities.
WHAT What if an entity through its website entered into hundreds of thousands
of sales transactions with its customers during a nancial year that left
IF? no paper trail behind? Record of all sales transaction data was stored by
the entity only in a computerised sales transaction le.
To manually test the accuracy with which the computer calculated the sale
invoice amounts during the year (e.g. quantity x price, casting of item totals
and value added tax calculations) would require an auditor to request a
printout of the data pertaining to possibly hundreds or even thousands of
sales invoices from the computer system and to recalculate the invoice
amounts by hand using a calculator (auditing ‘around the computer’).
Using CAATs, however, an IS auditor can obtain the sales transaction le
from the entity’s computer system in electronic format (resembling a
spreadsheet) and, using generalised audit software (see 14.4.2.3)
recalculate the accuracy with which sales invoice amounts were calculated
by the entity’s system. The auditor’s recalculation can be done for 100% of
the entity’s sales transactions in this way, using basic computer formulae,
and taking only a minimal amount of time to perform the entire procedure.
By using CAATs, an IS auditor would also be able to input ‘dummy’ sales
transactions (referred to as test data) into a copy of the entity’s sales
system and compare the accuracy of the output with the predetermined
expectations (i.e. what should the results of the system’s calculations have
been if it functions appropriately?) In this way, the auditor will be auditing
‘through the computer’ to determine the reliability of the automated
controls responsible for the accuracy of the calculation of the sales
transactions in the entity’s system.
14.4.1.3 What is the relationship between CAATs and audit procedures?

In certain instances, the application of CAATs will lead directly to the obtaining of audit
evidence, for example using CAATs to reperform the casting and calculations in the sales
transaction file for the purpose of testing accuracy of sales (as described in the scenario
above), or using test data to test the operating effectiveness of automated controls.
It is important to note, however, that in many instances the application of CAATs will not
lead directly to the obtaining of audit evidence – it may merely enable further audit
procedures to be performed in order to gather audit evidence. In such instances, CAATs are
only a means to an end, and not the end in itself. For example, generalised audit software can
be used to identify high-risk sales transactions from the client’s electronic sales transaction
file to enable the audit team to agree the transactions to supporting documentation, such as
customer-signed delivery notes. e audit evidence itself is therefore only acquired when the
financial data is agreed to supporting documentation and not when the CAATs are performed
(i.e. not when the sample was selected using the generalised audit software).
EXAMPLE
The difference between analysing data and auditing it
It is important to understand that analysing data for anomalies and exceptions using
CAATs is not necessarily the same as auditing the data. Take, for example, an audit
team’s request to an IS auditor to provide it with a report from an entity’s employee
master le of instances where the same bank account number (used for salary
payment purposes) appears more than once on the master le. There is an obvious
risk of a ghost employee receiving a salary, seeing it appears that more than one
salary is paid to the same bank account each month. Based on the audit team’s
request, the IS auditor would extract the relevant data from the entity’s payroll
system, analyse the data using generalised audit software and generate a report of
employees who have the same bank account number. This report does not constitute
suf cient appropriate audit evidence in itself. The audit team would still have to audit
the exceptions on the report by agreeing them to documentation in the physical
employee les to obtain reasons for the shared bank account number (i.e., data
analysis only facilitated the gathering of audit evidence and did not produce
suf cient, appropriate audit evidence in and of itself).
One reason may be that a husband and wife both work for the company, and are
simply sharing the same bank account. It would not have been possible to detect
the cause of this anomaly by only analysing the data using the audit software.
However, the exception may be owing to an actual duplicated (or even ctitious)
employee on the master le, fraudulently earning additional remuneration, thus
providing evidence about material misstatements in the occurrence of salaries and
wages.
14.4.1.4 Who performs CAATs?

CAATs include, among other things, basic computer functions that can be applied by any
auditor without the requirement for advanced computer skills, such as when standard
spreadsheet applications are used to recalculate, summarise or sort data. However, where
large quantities of data have to be manipulated or where complicated data analysis
techniques have to be performed, dedicated audit software and the skills of an IS auditor
may be required.
IS auditors are qualified in the auditing of computerised financial systems, including
automated controls. ey may also be skilled in the analysis of financial data for the purpose
of an audit.
On larger audits, an audit team would typically request a qualified IS auditor to carry out
certain aspects of the information systems component of the audit, including the testing of a
client’s general controls and, using a ‘through the computer’ approach, the testing of
computerised application controls. e IS auditor can also be requested to, using a ‘with the
computer’ approach, analyse an entity’s financial data for use in the audit. e IS auditor will
generate various reports containing the findings of the CAATs tests performed, including an
indication of any control weaknesses identified, as well as reports about any exceptions,
anomalies or unusual data found as a result of having analysed the entity’s data. e audit
team will refer to these reports for use in their audit.
14.4.1.5 What does the audit team have to communicate with the IS auditor?
Effective communication between the audit team requesting the CAATs and the IS auditor
(i.e. the CAATs specialist performing the CAATs) is essential.
An audit team would normally provide an IS auditor with a list of computer data
(constituting the client’s business/financial information) required for audit purposes, taking
into account the assessed risk of material misstatement. e audit team has to communicate
clearly to the IS auditor the requirements of the audit procedures they, the audit team, will be
performing on the data. is provides the IS auditor with the context within which the CAATs
need to be performed, taking into consideration the risks of material misstatement identified
by the audit team.
Consider the following example where the audit team requests a report from the IS auditor
about possible duplicated sales transactions in an entity’s accounting system. Note that the
IS auditor would by now have already extracted the sales transaction file from the entity’s
computer system for the purpose of data analysis. e audit team would have communicated
the following to the IS auditor:
1. Risks of material misstatement and assertion(s) relating to the information that will be
tested by the audit team (e.g. overstatement of sales: occurrence of revenue);
2. Purpose of the audit procedure (e.g. to detect duplicated sales transactions with the
same invoice numbers);
3. Population of data to which the data analysis should be applied (e.g. all sales
transactions for the financial year);
4. Financial period to which the tests relate;
5. Date by which the audit team requires the results of the data analysis;
6. Format in which the results should be supplied ( e.g. hard-copy report or electronic
spreadsheet); and
7. Specifications of the data required (e.g. list of duplicate sales invoice numbers
together with the transaction date, debtor number (if credit sales) and sales amount).
Ineffective communication may lead to unnecessary or inaccurate CAATs being performed,

resulting in wasted resources and possible budget overruns on the audit.
14.4.2 e auditor’s use of computer software to assist in the

audit
14.4.2.1 Can software be used for audit file preparation?
Software applications are available to allow an audit team to document, in electronic format,
the audit procedures performed and the results obtained (i.e. the audit evidence).
Most auditors prepare electronic audit files rather than purely paper files (manual audit
files). An audit team documents the findings of an audit engagement in electronic working
papers, usually consisting of word processing documents and spreadsheets. e working
papers are then attached to (i.e. filed in) the electronic audit file.
Should the audit team obtain a paper document that serves as audit evidence (e.g. a
written representation letter from management or a bank confirmation received as a physical
document), the document may be scanned with a computer scanner and attached to the
electronic audit file. e original paper document is then kept in a manual file, which forms
part of the audit documentation.
Note: Software for audit documentation should be distinguished from software for financial
statement preparation. e former consists of audit file software used by the auditor in
documenting the work performed on an audit engagement, whereas the latter consists of
software that programmatically enables the preparation of financial statements (i.e.
preparation occurs automatically with a computer). Software for financial statement
preparation usually relies on an accurate trial balance having been prepared, which is
imported into the software and from which the financial statement figures are
programmatically generated. Accounting firms frequently assist their clients in preparing
electronic financial statements using such software.
WHAT What if an auditor is asked to assist an audit client in preparing its

nancial statements electronically from a trial balance supplied by the
IF? audit client?
Using software for nancial statements preparation, the auditor would
simply ‘feed’ the trial balance gures into the software program and the
nancial statement gures would automatically appear in an electronic set
of nancial statements.
REFLECTION
Do you think there are independence concerns involved for the auditor? Would such
an activity constitute accounting services beyond the scope of what an auditor may
provide to an audit client in terms of the requirements of section 90(2) of the
Companies Act?
14.4.2.2 Can software be used for flowcharting and system descriptions?

Off-the-shelf software applications are available that provide dedicated flowcharting and
system description functionality. An audit team can use such applications to draw the flow of
source documents, accounting records and the related internal controls in a particular
business cycle or for an entity as a whole. Diagrams and symbols can be drawn, together with
text-based annotations that describe the movement of supporting documentation, the
processing activities around transactions and the existence of internal controls. is will
facilitate the auditor’s understanding and documentation of the entity’s systems of internal
controls which will support the auditor’s assessment of the risk of material misstatement.
Note that many word processing and spreadsheet applications offer at least basic
flowcharting functionality.
14.4.2.3 Can software be used for analysing computer data and testing
controls?
Data analytics and utility software can be used by an auditor for analysing computer data
and testing certain automated controls:
• Data analytics software includes applications that allow an auditor to organise, select,
interrogate, manipulate, and interpret an entity’s data for use in audit procedures. It is
predominantly used in carrying out data-oriented CAATs (refer to section 14.4.2.5 of this
chapter) and can be categorised as follows:
• Generalised audit software (GAS): is is off-the-shelf, ready-made commercial
software applications available to any audit firm. It enables data analysis for use on
audits. GAS ranges from powerful data analytics software with advanced functionality
to add-ons for spreadsheet applications offering basic data analysis techniques.
• Customised audit software: is is dedicated software written for a particular type of
audit procedure or for a specific entity’s data, which may not be readily available to
other audit firms. e auditor may write the software or an expert may be contracted to
design the software on the auditor’s behalf.
• Utility software includes applications that have not been specifically designed for use in
the audit process, but which can be used as an audit tool if required. Such utilities may
already be installed on an entity’s computer system, or be installed by the auditor (with
management’s permission). ese include the following:
• Security monitoring applications that can provide reports to the entity and auditor
about automated controls used in say, mitigating the risks relating to unauthorised
access to the computer systems, and about security violations that took place during
the year. Such applications include anti-virus, network monitoring and firewall
software.
• Embedded audit modules form part of a financial application that can be used by the
client or auditor to detect suspicious or irregular transactions that meet certain criteria
(e.g. all purchases above R500,000 are automatically flagged for follow-up and review
by management or for testing by the auditor).
• Database management tools assist a database manager in ensuring proper database
maintenance, as well as security and restricted access to database information. ese
tools can in some cases be used by an auditor to run database queries and extract
reports about maintenance and security-related issues.
• Report-generating tools can be used to create reports of financial data for further
investigation, such as the age analysis function found in many accounting
applications.
Data analytics software is not used by only external auditors. Internal auditors can
also obtain meaningful information from using data analytics software when analysing
an entity’s nancial data ‘internally’ to identify and address nancial, operational and
compliance risks.
Likewise, nancial managers can utilise data analytics to support more informed
decision-making, by using the software to identify patterns and trends in nancial
information and nding correlations and relationships between nancial gures. In
this way, parties internal to an entity can extract additional insights into risks and the
performance of the entity.
14.4.2.3.1 Which type of CAAT should be used with which particular audit approach?
e objective of the auditor is to obtain sufficient appropriate audit evidence on which to
base the audit opinion. To obtain the evidence, the auditor decides on an audit approach
appropriate for the circumstances of each entity. Audit approaches are discussed in detail in
section 12.6 of Chapter 12. e approach can be either a combined (controls-based)
approach or a substantive approach. In both these types of audit approaches, CAATs can be
applied to assist in obtaining the necessary audit evidence.
14.4.2.4 System-oriented CAATs

System-oriented CAATs involve the testing of the operating effectiveness of automated
controls. is method requires the auditor to audit ‘through the computer’ (refer to Figure
14.4 in section 14.4.1.2 of this chapter). System-oriented CAATs are applied in a combined
(controls-based) audit approach.
Automated controls are pre-programmed into an entity’s software application or can be

specifically set by authorised users in the application itself. For example, an authorised user
can set access rights (read-only/write access) for other users by means of access tables. e
auditor, in turn, can test these automated controls by means of system-oriented CAATs. By
testing the effectiveness of the automated controls, the auditor is in fact testing whether the
controls have been properly programmed or set up. Various types of system-oriented CAATs
can be used to test an entity’s automated controls. ese include, but are not limited to, the
following:
• Test data is a technique whereby an auditor inputs ‘dummy’ (i.e. fictitious) data into an
entity’s information system to evaluate the output against predetermined expectations, in
order to assess whether particular automated controls in the information system operate
effectively. e auditor would input both correct and incorrect test data. For example,
should an auditor expect the financial application to have an automated control that
prevents a user from entering a negative inventory quantity, the auditor can attempt to
process a negative number (e.g. add ‘-5’ products). Should the auditor’s incorrect test data
not be prevented by the computer system, the auditor will know that the automated
control is not operating effectively. Similarly, if a software application is programmed to
require on-screen manager approval for all credit notes, but the computer allows a credit
note to be processed to the accounting records without said approval, the auditor would
note a deficiency in the operating effectiveness of the automated control.
Test data is effective for testing a computer system’s automated input, processing and
output controls, including master file amendment controls. Figure 14.6 shows an auditor’s
test data that is sent through an entity’s computer system. e data is subject to input and
processing controls and the result of the test (output) is compared to what the auditor
expected would happen to the data.
images
Figure 14.6: Illustration of test data used by auditor on client’s computer system
CRITICAL THINKING
When is it appropriate to apply test data?
It is appropriate in cases where an auditor has to test the programming logic behind
automated input, processing and output controls in a client’s software application.
The focus is on whether these controls operate as would be expected, but under
simulated conditions using test data.
• Integrated test facility (ITF) involves the creation, with client permission, of dummy
accounts in the (usually live) financial system of an audit client. e dummy account
becomes a test facility for audit purposes. ITFs can be incorporated in an application
during the design and programming phase of a system, or during the set-up of financial
information (such as when trade debtor accounts are created and loaded onto the
system). A human operator does not necessarily carry knowledge of the existence of an
ITF that is present during background processing of data in the computer system.
Dummy accounts may include, among other things, a dummy creditor or debtor account,
or employee record. Whenever transactions are recorded to the creditors ledger for
instance, as part of the entity’s normal processing routines during the year, simulated
transactions (test data – see above – resembling the actual data) would be created at the
same time and posted to the dummy account. For the purpose of the audit, the auditor
will therefore have at his or her disposal a simulated account with which to test the
effectiveness of automated controls that impacted transaction data during the financial
year. It saves the auditor from having to interrogate the entity’s system to the extent of
possibly corrupting ‘actual’ data that will form part of the financial statements (dummy
accounts will not form part of any ‘real’ financial reports).
An ITF can automatically identify deficiencies in automated controls in a live computer
system during a financial year without the auditor’s presence, in order to obtain audit
evidence about the operating effectiveness of automated controls.
CRITICAL THINKING
When is it appropriate to utilise an ITF?
An ITF is suitable where the auditor requires evidence of the operating effectiveness
of automated controls throughout the period of reliance (i.e. for the whole nancial
year). However, dummy accounts would have had to be set up at the beginning of the
nancial period and transactions should have been posted to the dummy accounts
throughout the period.
The use of an ITF on an audit is only possible where the client agrees to have an
ITF installed on its system. In addition, audit resources must allow for the use of an
ITF, for example, expertise in the setting up of an ITF must be available, as well as
skills in the use of test data. Also, where the auditor intends to place reliance on the
operating effectiveness of the automated controls throughout the nancial period,
the ITF must be set up in such a way as either to automatically process test data to
the dummy accounts at regular intervals during the year (or even continuously), or the
auditor will have to test the ITF using test data on several occasions during the year
on visits to the client.
• Parallel simulation involves an auditor processing the same set of data on an entity’s
computer system and on the auditor’s own simulated system, which mirrors that of the
entity’s. Data (which may be for test data or for a copy of actual entity transactions/events)
would therefore be run in parallel between two systems. e auditor would have the
assurance that his or her own simulated system functions properly and contains the
necessary pre-programmed automated controls. Should the results of processing differ
between the entity’s and the auditor’s systems, the test would indicate that the entity’s
system is not functioning effectively. e auditor may choose to run the test data on a
copy of the entity’s system or on the entity’s live system, for comparison with the auditor’s
parallel system.
CRITICAL THINKING
When is it appropriate for an auditor to utilise parallel simulation?
It is appropriate in instances where the auditor requires an independent software
application to simulate the effective operation of automated controls in an entity’s
software application.
For example, should the entity have used an application that can calculate the
depreciation amounts on xed assets for a nancial period, the auditor may use the
parallel simulation technique if he or she has a similar application (or can write a
similar application) that can also perform depreciation calculations and in this way
test the computer’s automated controls over depreciation calculations programmed
into the entity’s software application. Similarly, an auditor may decide to write his or
her own computer program that will be able to recalculate nance charges should the
entity be a nancial institution that makes use of a computer application to calculate
many thousands of account holders’ interest.
Remember: The objective of the use of parallel simulation is to test the operating
effectiveness of automated controls (i.e. a test of controls) and not to directly test
the correctness of amounts that appear in the entity’s nancial statements (i.e. a
substantive procedure).
• SCARF is an acronym for system control audit review file. is technique involves
embedding an audit module into a client’s computer application, to become part of the
software itself, albeit in a monitoring (review) capacity. Reports of errors, exceptions or
deviations from expectations are then written to the SCARF file by the audit module for
subsequent follow-up and review by an auditor. SCARF can be used for a wide range of
functions.
e embedded audit module can, for example, be set up by the auditor prior to the
commencement of a financial year in such a way as to detect and log any purchase
transactions, the value of which exceeds the authorisation limits of staff members who
authorise purchases. In this way, the auditor can identify instances where internal
controls did not prevent unauthorised purchase transactions from being processed by
client staff, or where controls were overridden.
Continuous auditing is a concept that involves an automated process in an entity’s

computer system used by internal and external auditors to continuously gather
information for audit purposes as an entity’s nancial year progresses. To achieve
continuous auditing, auditors will utilise tools and techniques such as SCARF and
other embedded audit modules that are installed on an entity’s computerised
nancial system. It allows for real-time identi cation of anomalous and unexpected
data in a nancial system. Speci c risks can therefore be addressed well before the
internal or external auditors would otherwise have detected the risks during the
performance of planned audit procedures.
CRITICAL THINKING
When is it appropriate to utilise a SCARF?
In large entities’ computer systems that contain numerous automated controls or
where a signi cant volume of transactions is processed. SCARF would enable the
auditor to focus audit attention on important transactions and events where risks of
material misstatement are most likely to occur. It can also be used in certain areas
of an entity’s computer system that are particularly prone to inappropriate activity by
computer users or where fraudulent activity is suspected.
• Code analysis involves the auditor analysing the coding of an entity’s software to
determine the effectiveness of the automated controls programmed into a computer
application. is technique clearly requires specific knowledge of computer coding
language by the auditor. Where an auditor decides on a code analysis technique, he or she
will typically be concerned with the effectiveness of general controls that were in place
during the design and systems development phase of the entity’s computer application
when most of the program coding was performed by the programmers.
In addition, the auditor will also be concerned about controls over access and changes
to the code once the programme has become operational. If the general controls were
weak during design and development and/or persons could subsequently make
unauthorised changes to the programme code (i.e. weak access and/or programme
change controls), the auditor will be less inclined to rely on the accuracy of the coding of
the applications.
CRITICAL THINKING
When is it appropriate to apply code analysis?
It is appropriate where an entity makes use of customised software, in other words
where the auditor does not have the comfort of relying on standard off-the-shelf
computer software that has been tried and tested by many other entities before. In
cases where customised software is used by an entity, the auditor may want to be
involved during the programming of the software, or perform a subsequent code
analysis in order to increase audit reliance on the controls programmed into the
software.
Regardless of the type of system-based CAATs, whenever test data is processed or dummy
accounts are created on an entity’s live system, the risk exists that the entity’s system may
become corrupted or the test data may become incorporated with the live data, distorting
the actual financial information of the entity. Special care should be taken to keep this risk to
a minimum.
14.4.2.5 Data-oriented CAATs

Data-oriented CAATs are mainly used with a substantive audit approach and involve the
performance of data analysis. With data-oriented CAATs, the financial data is analysed by
the auditor directly, without consideration of the automated controls which may have
affected the data. Generalised audit software is the most common tool for use in
performing data analysis.
Data analysis comprises the examination of electronic information previously generated by,
and stored on, an entity’s computer system. In order to perform data analysis, the auditor
first has to obtain the data by extracting it from the entity’s system and databases and
importing it into the auditor’s own data analytics software. e auditor follows a ‘with the
computer’ approach when performing data-oriented CAATs. After importing the data, the
auditor can manipulate the data as follows:
• Selection: Organise data by discarding irrelevant data fields and selecting only the data
that will be used in the analysis (i.e. select only information that is required by the audit
team to carry out audit procedures).
• Sorting and stratifying: Sort data in alphabetical or numerical order according to the
relevant data fields and stratifying (separating, grouping and listing) it by nature, category
and type.
• Interrogating: Give instructions, based on which, the generalised audit software can
examine the data to identify potential misstatements by searching for unusual items or
anomalies. Other procedures that can be performed, include:
• Selecting and generating samples; and
• Reperforming calculations on amounts.
Instructions to carry out the above functions may include having the generalised audit
software:
• Recalculate and cast data to test for mathematical accuracy of numbers;
• Identify all items exceeding a specified limit (e.g. all amounts greater than R100,000);
• Isolate items in terms of the criteria set by the auditor (e.g. all negative values, every 10th
item in the population, all duplicated items, etc.);
• Scan for missing fields or gaps in sequential numbering;
• Compare sets of data to identify inconsistencies (e.g. matching of general ledger amounts
with corresponding sub-ledger totals); and
• Perform statistical or ratio analysis and other analytical procedures on data.
WHY? Why is it necessary for an auditor to agree the totals or balances in an

electronic data le (e.g. debtors age analysis), received from an entity, to
the entity’s (draft) nancial statements before data-oriented CAATs are
performed?
Consider the implications if an auditor receives a data le that is wrong or
outdated (i.e. the totals/balances on the le do not agree to/support the
amounts in the nancial statements that is subject to the audit. The auditor
might identify and focus on misstatements in the data le that have long
since been corrected by the entity, leading to a waste of valuable time and
resources.
DID YOU KNOW?

‘Big Data’ is a term used to describe large volumes of nancial and non- nancial
computer data that is accumulated by an entity’s information system. Although some
of the data may not be of much signi cance, large portions of it may hold valuable
strategic and operational advantages for the entity. The entity will, however, have to
analyse the data to discover these insights, by seeking correlations, trends and
patterns in the information which could be used in better decision-making. Think of
the massive amounts of information gathered by a mobile phone operator relating to
customer calling patterns, data usage, brand selection, handset and price
preference, online customer surveys performed, etc. By looking for relationships in
the data between for instance, what customers want (product brands), what they use
their devices for (calls/internet) and average spend (pricing), management can
engage in more effective marketing and advertising, creation of ideal new product
offerings (e.g. data packages), optimised pricing and even enhancing customer
satisfaction. Internal auditors could also for instance, analyse the ‘big data’ of an
entity to identify possible business, operational and nancial risks.
14.4.3 Reasons for the use of CAATs in the audit process

14.4.3.1 Necessity, possibility and desirability
Performed properly, CAATs can greatly increase the efficiency and effectiveness of the way
in which an audit is conducted. However, an auditor would need to determine whether it is
necessary, possible and preferable to apply CAATs in the audit process. Should it be a
necessity to apply CAATs (e.g. significant volumes of electronic data), but it is not possible
owing to, for example, a shortage of IS skills in the audit firm, the firm will need to engage
experts to perform the part of the audit engagement involving CAATs, or may need to
withdraw from the engagement altogether if contracting of experts is not possible. Whether
the use of CAATs will be desirable will depend on whether CAATS will increase the cost-
efficiency and effectiveness of the audit engagement.
Should it be possible to perform CAATs, but it is not preferable (e.g. only a small number
of paperless transactions took place at an audit client and these can more effectively be
tested manually), unnecessary costs may be incurred if performing CAATs.
14.3.3.1.1 Necessity
Whether performing CAATs would be necessary depends on:
• Volume of electronic data: Should a significant quantity of financial data be kept in
electronic format on the entity’s computer system, the auditor may have no choice but to
apply CAATs to the data, seeing that a manual approach to data selection and
manipulation will be too time-consuming.
• Nature of audit trail: For certain entities, business transactions may only be evidenced in
electronic format, without any supporting paper trail. For example, a mobile phone
operator selling airtime on its website or that allows its customers to buy airtime using
their cell phones, may have no paper trail of the transactions. e details of the
transaction are stored only in an electronic data file. In cases where little or no hard-copy
documentation is generated or kept, the use of data-oriented CAATs may be a necessity in
order to enable further audit procedures to be performed effectively.
• Extent of computerisation: e more dependent an entity is on its computer system for
financial accounting (i.e. using a computer to ensure that transactions are valid, accurate
and complete), the more likely the auditor is to perform CAATs. For example, the more
significant the number of internal controls carried out by the computer on which the
auditor wants to place reliance, the more necessary it would be for the auditor to perform
systems-oriented CAATs in testing those controls.
• Automated transaction generation and processing by the entity’s computer system
may also warrant the auditor’s use of CAATs, for example, in instances where
procedures (and controls) are carried out solely by the entity’s system with little
manual intervention. Examples include where automated general journal entries are
generated, automatic buy/sell instructions for trading in shares take place, and online
purchases of products by customers occur which require no manual intervention
during the processing of the sales order.
• Complexity of the entity’s computerised system: Some computer systems may be
complex or highly sophisticated in their design and operation. e greater the complexity
of a computer system, the more necessary it may become for an auditor to use CAATs. e
complexity of a computer system may or may not go hand-in-hand with the complexity of
the underlying financial transactions being audited. Examples of factors that can
contribute to the complexity of a computer system include:
• Complexity of the design of the computer application that processes the entity’s
transactions. Some systems may be difficult or complex to understand and use,
regardless of whether the transactions processed are straightforward or complex.
• Complicated interaction between financial subsystems, such as a creditors subsystem
interfacing automatically with a payments system where suppliers are paid via
electronic funds transfer. Because the entity is dependent on automated controls to
ensure all creditor information is correctly transferred to the payments system, the
auditor will need to test the automated controls should he or she wish to place reliance
on internal controls over payments to suppliers.
e types of situations described under extent of computerisation and complexity of the

system above often give rise to risks for which substantive procedures alone cannot provide
sufficient appropriate audit evidence. ese risks and the auditor’s response thereto were
discussed in section 12.5.5 of Chapter 12.
14.4.3.1.2 Possibility
Whether CAATs would be possible depends on:
• e availability of IS skills and resources: Some CAATs require advanced knowledge,
skills and experience of expert individuals. In addition, specialised audit software and
hardware with the necessary processing power may be needed to perform CAATs. Some
audit firms may not have these skills and may also not be in a position to engage outside
experts for this purpose.
• e availability of client data: For the purpose of data analysis, CAATs require an auditor
to obtain electronic data from the entity’s information system. Various factors may curtail
the availability of the entity’s data, including:
• Incompatibility between the entity’s and auditor’s systems (certain older systems do
not make the exporting of data in file formats that will be recognised by the audit
software possible); and
• Electronic data that has been lost or deleted, or data exists only in hard-copy format.
14.4.3.1.3 Desirability
Whether performing CAATs would be desirable depends on:
• Cost implications: Performing CAATs may be expensive, especially where expert IS
auditors and sophisticated audit software are involved. However, the use of CAATs can
result in considerable cost savings, especially where large samples have to be selected
from data kept in electronic format. Assuming the performance of CAATs is not necessary,
the benefit of using CAATs will still have to exceed the cost in order for CAATs to be a
desirable option.
• Time consideration: e use of CAATs can offer significant time savings to an audit team.
• Security implications and the attitude of the client towards CAATs: Some entities may
not be in favour of the use of CAATs owing to:
• Possibly vast amounts of confidential electronic data being in the possession of the
auditor for the purpose of data analysis, and the resultant security concerns should the
auditor’s computer or the data itself become lost or stolen; and
• e processing of test data on an entity’s live computer system and the resultant
concerns over data corruption and integrity.
WHAT What if, at the time the acceptance of the client is being considered by
the auditor, an entity states that it cannot allow an auditor to extract
IF? electronic nancial data from its computer system for the purpose of a
prospective audit engagement, citing, for instance, security concerns?
How would the auditor respond to such a limitation during the evaluation
of whether the engagement should be accepted?
If the auditor will be unable to obtain suf cient appropriate audit evidence
through alternative means, such as from printed records and reports, the
auditor would need to consider whether the preconditions for an audit, as
per ISA 210, are still met. If not, the auditor may have to decline the
engagement.
14.4.4 Application of CAATs in the audit process

e four stages of the audit process were discussed in section 11.6 of Chapter 11. e use of
CAATs would impact each of the four stages as described below.
14.4.4.1 Pre-engagement activities

An auditor would have to consider whether CAATs are a necessity on an audit engagement
(dependent on the nature of the entity’s financial system) before accepting an audit
engagement. Should it be a necessity to use CAATs, the auditor should also determine
whether it is possible to perform CAATs. For example, does the audit firm have the necessary
IS skills and resources, or can an external expert be engaged?
Should the auditor plan to make use of CAATs on an audit engagement, the management
of the entity will have to be made aware of their responsibility and a description to this extent
can be included in the engagement letter. For instance, should the auditor want to perform
data-oriented CAATs, management should be advised of, and agree to, the auditor having
access to the entity’s computer databases in order to export data files to the auditor’s
computer.
14.4.4.2 Planning
To comply with ISA 315 (Revised), an auditor has to obtain knowledge about an entity’s
environment and its internal controls, which includes knowledge about the design of the
entity’s computerised systems and extent of automated controls in its information system. As
part of the auditor’s understanding of the internal controls of the entity, the auditor may have
to determine whether the designed controls have been properly implemented. is can be
done by means of walkthrough tests (i.e. a transaction is selected and traced (‘walked’)
through the particular accounting process and related internal controls) for which system-
oriented CAATs may be necessary. In addition, the auditor will also have to determine
whether it is desirable to use CAATs on the engagement.
In terms of ISA 330, planning would further entail:

1. Determining the type of CAATs to be applied, such as system-oriented and/or data-
oriented CAATs, depending on the audit approach to be followed on the engagement;
and
2. Designing CAATs to be used to respond to the assessed risks of material misstatement.
14.4.4.3 Obtaining audit evidence

Audit responses to assessed risks (in terms of ISA 330) include the performance of the CAATs
designed during the planning phase of the audit (in response to 14.4.4.2 above), together
with the performance of manual audit procedures. is is achieved by means of system-
oriented CAATs (where automated controls are tested) and data-oriented CAATs (where
substantive procedures are performed).
During the audit, where further risks of material misstatement are identified by the audit
team, additional CAATs may be required should the audit team deem it necessary for the
purpose of obtaining sufficient appropriate audit evidence.
14.4.4.4 Evaluating, concluding and reporting

CAATS do not have a specific impact on this stage of the audit process. e results of CAATS
would already have been used in the previous three stages to gather sufficient appropriate
audit evidence in order to evaluate identified misstatements and conclude on the results of
the audit procedures performed.
EXAMPLE
Example of data-oriented CAATs using generalised audit software (GAS)
Assume an auditor obtains from an entity a data le in electronic format of ‘weekly
wages earned’ of its factory employees. The auditor plans to analyse this le to
assist in the audit of a particular week’s wage expense. The le contains the
following data elds, with an example entry:
Data eld description Example entry
• Employee number EMP0043
• Employee name John Modise
• Standard hours worked by employee 40
• Overtime hours worked by employee 8
• Employee’s wage rate per hour R40
• Employee’s gross wage amount R1,920
There are various commands the auditor can give the GAS, after having imported the
le for use on the auditor’s computer, to detect anomalies and exceptions in the
data. Can you think of possible error conditions that might exist for wage data?
Consider, for example, the following:

• What is the maximum number of ‘standard hours’ that you would expect per
employee if employees work a standard 40-hour work week? Would you be able to
identify, say, employees who worked a 43-hour work week from the data using the
software? How would one formulate a GAS procedure for detecting standard
hours above this limit?
• Will you be able to detect excessive overtime hours worked using GAS? Consider
the maximum number of overtime hours per week you’d expect to nd given the
entity’s internal labour policy and legislative requirements.
• How can you assist the audit team in auditing the employee’s wage rate per
hour? The wage rates in the electronic le may not necessarily be correct, but
CAATs will not be able to detect such inaccuracies. At most, you can use GAS to
generate a sample of employees from the weekly wages earned le, for
submission to the audit team who would then agree the recorded rate to the
employee’s personnel le; the physical paper le should contain the employee’s
approved remuneration rate.
• Can you utilise GAS to identify ‘ghost’ employees from the data in the le? The
GAS cannot do so directly. The audit software can, however, be used to assist in
the identi cation of possible ghost employees by, for instance, generating a
report of all duplicate employee numbers. The audit team will then have to agree
all those instances of duplicated data, if found, to the personnel les and even
physically verify personnel, in order to obtain audit evidence about whether the
exceptions re ect actual misstatements.
• How else can you test the accuracy of the data in the le? You could also, for
instance, instruct the GAS to generate a report of all employees with a wage rate
and/or gross wage amount that is abnormally high (e.g. much higher than the
average). Such abnormal entries in the le constitute items of risk for the audit
team to substantiate with audit evidence.
The above data-oriented CAAT procedures, and others, are useful for identifying
possible error conditions in the le. However, further audit procedures will need to
be performed to obtain audit evidence about the actual misstatements in the wages
account.
14.4.5 Steps in planning and performing CAATs

As with any audit procedures, those performed by means of CAATs should be well planned
and executed. e following steps are followed in the planning and performance of CAATs:
1. Planning steps
1.1 Formulate the objective of the CAATs:
• What is to be achieved through the specific CAAT? What are the risks of material
misstatement or detection risks to be addressed with the CAAT? Are systems-
oriented or data-oriented CAATs to be performed?
1.2 Define the population to be tested:
• Which line item in the financial statements (class of transactions/events or account
balance) is subjected to the CAAT?
1.3 Specify the CAATs procedures that have to be performed:
• What procedures, such as test data for systems-oriented or sorting/stratification
and recalculation for data-oriented CAATs must be performed?
1.4 Specify the format of the data required:
• In what format must the results of the CAATs procedures be presented to the audit
team? For example, the audit team may want the results in the format of an
electronic spreadsheet with specified column headings.
2. Performance steps
For data-oriented CAATs
2.1 Obtain data from the entity:
• Extract electronic data from the entity’s computer system for importing into the
auditor’s data analytics software.
2.2 Agree CAATs data received with the accounting records that are subject to the
audit:
• is is necessary to ensure that:
• e electronic data received from the entity agrees with the information being
audited (e.g. total as per annual sales transaction file received agrees with the
original data file stored in the entity’s computer system from where the data was
obtained. Note that both the file and the database should, by definition, also
agree with the details in the entity’s trial balance that will be used on the audit);
and
• All data has been accurately and fully imported from the client’s system.
2.3 Organise data:
• Data would most likely have been received in raw format. In order to prepare the
data for use in the generalised audit software, the data needs to be structured into a
workable format.
For systems-oriented CAATs

2.4 Create, for instance, test data to be input into system, or set up an integrated test
facility.
For both data-oriented and systems-oriented CAATs

2.5 Execute CAAT commands:
• Consists of programmatic instructions (determined during planning – see above)
given to the generalised audit software in order to carry out data-oriented CAATs
on the data or utilising, for instance, test data to test automated controls as part of
systems-oriented CAATS.
2.6 Reporting:
• Prepare report of results (in accordance with the data format determined during
planning – see above) and submit to the audit team for audit.
CYCLE CASE STUDY

Steps in planning and performing CAATs applied to Ntsimbi Piping
Consider the following scenario relating to the audit of Ntsimbi Piping for its 31
December 20X1 nancial year-end.
The trade receivables master le, available in electronic format for extraction from
Ntsimbi Piping’s accounting software package, contains, among other things, the
following headings:
Debtor Debtor Current Not yet due 0 to 30 30 to More

code name balance days due 90 days than 90
due days
due
DEL002 Delphi –190,090 –190,090 – – –

Construction
(Pty) Ltd
BUI001 Buildmaks 56,802 – 56,802 – –

CC
DUA001 Dualcon 240,856 180,402 39,800 10,654 10,000

Enterprises
(Pty) Ltd
(Remaining balances xxxx xxxx xxxx xxxx xxxx

not displayed here)
Gross 18,128,556 12,874,518 3,933,104 912,445 408,489

balance
Notes:
1. Assume for this illustration that the nancial statements have not yet been
nalised.
Accordingly, the amounts for ‘Gross balance’ above do not agree to the analysis
of the Gross trade receivables disclosed in Ntsimbi Piping’s nancial statements
(see note 5 on page 17).
2. The key reason for these amounts not agreeing is because negative trade
receivable balances are still included in the above le, whereas they have
already been reclassi ed to trade payables for the purpose of the nal annual
nancial statements. The negative debtors balances, totalling R594,309,
therefore need to be identi ed using the GAS (see steps followed below), and
reclassi ed in order to agree to the gures in the nalised annual nancial
statements.
3. Lee-Ann Losper (Ntsimbi Piping’s nancial director) informed the audit team that,
owing to overpayments made by a number of debtors in December 20X1, some
negative balances have resulted in the gross debtors balances.
The audit manager requested the assistance of the audit rm’s in-house IS auditors
with the following:
• Obtaining an electronic copy of the client’s trade receivables master le that
consists of the population of all individual trade receivable balances at 31
December 20X1;
• Organising the population data into a user-friendly format for the audit team to
use on their computers as part of the audit of trade receivables and which will be
used for sample selection purposes; and
• Identifying and aggregating negative trade receivable balances included in the
master le.
The IS auditor would perform the following steps:

1. Planning steps
1.1 Formulate the objective of the CAATs
The objective is to identify and report to the audit team the total of all
negative trade receivable balances included in the gross trade receivables
balance in Ntsimbi Piping’s trial balance, which will enable the audit team to
test the classi cation assertion for trade receivables.
Note: Calculation of a total for negative trade receivable balances would
enable the audit team to determine the extent to which the trade and other
receivables balance is understated and the accounts payable balance is
understated as of yet at year-end.
1.2 De ne the population to be tested
The population consists of all trade receivable balances included in the
gross trade receivables balance as shown in the trial balance
(R18,128,556), based on the underlying trade receivables master le
making up the total balance.
1.3 Specify the procedures to be performed by means of (data-oriented) CAATs
Procedures would consist mainly of sorting, stratifying, recalculating and
balancing data.
1.4 Specify the format of the data required
Based on the requirements of the audit team, the report may take the form
of an electronic spreadsheet listing all trade receivable balances, but
separating positive balances (with a total) from negative balances (with a
total) and showing the amount excluding the negative balances
(R18,722,865) for reconciliation to the balance in the trade receivables
control account in the general ledger/trial balance showing R18,128,556
which includes the negative amounts.
2. Performance steps
2.1 Acquire data from audit client
Extract the trade receivables master le from the client’s accounting
system.
Import the trade receivables master le data into the IS auditor’s data
analytics software.
2.2 Balance CAATs data with information subject to audit
Calculate a control total for the imported data (e.g. agree the total gross
trade receivables balance as per the data imported into the auditor’s data
analytics software (assuming an amount of R18,128,556) with the gross
trade debtors balance on the original trade receivables master le that was
received from the client). The control total is performed to ensure all data
was imported completely and accurately during the extraction and import
process.
Agree the total gross trade debtor balance as per the imported data with
the gross trade receivables balance disclosed in the trial balance (shown as
R18,128,556). The amounts should agree, otherwise the CAAT procedures
may be invalid should the IS auditor in fact be using incomplete, incorrect or
outdated data as extracted from the client’s accounting system/trade
debtors master le.
2.3 Organise data
Select only those data elds required for the purpose of the CAATs, e.g.
• Debtor code
• Debtor name
• Current balance
• All other aged balances
Stratify the imported trade receivables master le into positive and negative
balances, separating the two categories for ease of use by the audit team.
2.4 Execute CAAT commands
Interrogate the data by instructing the generalised audit software to:
• Recalculate the totals of the positive balances and negative balances
separately.
• Balance the two subtotals in the CAATs report to the total of gross trade
receivables shown in the trial balance (R18,128,556) as part of a post-
execution control total procedure. The balancing gure will constitute the
negative trade receivable balances totalling R594,309.
2.5 Report results
Submit the results of the CAATs to the audit team in an electronic
spreadsheet.
For questions 1 to 8, indicate whether the statement is true or false and briefly explain
your answer:
1. e auditor’s attendance of the wage payout primarily provides audit evidence about
the completeness of wages. (LO 1)
2. In order to detect the rolling of deposits, it is important to prepare and analyse interbank
transfers. (LO 2)
3. Auditors should ordinarily send confirmation requests to all banks with which the client
has conducted any business during the financial year, regardless of the materiality of the
year-end balance. (LO 2)
4. When auditing a bank or creditors reconciliation, among others, the significant

reconciling items must be audited to establish that their inclusion in the reconciliation
(a) is appropriate, and (b) that they are reflected in the correct amount. (LO 3)
5. Debtors confirmations must be performed for every audit. (LO 4)
6. Analysis of the legal fees expense account of the entity is an essential procedure that
should be performed on every audit. (LO 4)
7. Internal auditors need not be concerned about the validity and accuracy of entity
records if the entity has independent external auditors since they will make the
necessary verification. (LO 5)
8. e use of other parties in an audit slightly reduces the auditor’s responsibility for
issuing of the audit opinion. (LO 5)
9. Identify and explain the two types of external confirmations that are available to the
auditor. (LO 4)
10. Explain why the analysis of differences is important in the accounts receivable
confirmation process, even if the misstatement(s) in the sample are not considered
material. (LO 4)
11. If inventory is held at multiple locations, explain how the auditor would determine
whether or not attendance at these other locations is necessary. (LO 1)
12. How should the auditor deal with a situation where the auditee’s management refuses to
provide the auditor with a signed written representation letter? (LO 4)
13. Describe the audit procedures the auditor should perform in relation to a wage payout,
after he or she has observed the actual physical payout. (LO 1)
14. Explain how the auditor can obtain evidence about the completeness of inventory by
performing test counts. (LO 1)
15. Explain why the accuracy, valuation and allocation assertion relating to an account
balance containing an accounting estimate is often assessed as being at significant risk
of material misstatement. (LO 2)
16. Describe the matters that the external auditor should evaluate to determine whether the
auditee’s internal audit function is likely to provide evidence relevant to the external
audit. (LO 5)

17. When using test data to test the automated controls of a client’s computer system, an
auditor would use the following computer-assisted audit techniques (CAATs)
approach(es) to do so: (LO 8)
a) Around the computer
b) rough the computer
c) With the computer
d) All of the above
e) None of the above
18. Which of the following constitute CAATs performed by the auditor? (More than one
answer is possible.) (LO 6)
a) Using audit file software to prepare work papers
b) Inspecting internal sales orders printed out from the client’s computer system for
evidence of approval
c) Recalculating a column of data on a spreadsheet using spreadsheet software
d) Observing an auditee’s cashier performing cashing-up procedures at the close of
business
e) Calling up an on-screen invoice on an audit client’s computer system and
recalculating the sales prices thereon using a calculator
19. Select the CAAT(s) best performed where an auditor is required to test the automated
input controls of an audit client’s accounting software package: (LO 12)
a) Test data
b) Integrated test facility
c) Parallel simulation
d) SCARF
e) Code analysis
For questions 20 to 24, state whether the statement is true or false and briefly explain
your answer.
20. e use of data-oriented CAATs will be essential in an audit engagement where the audit
client’s computer system is old and data cannot be extracted from the client’s system for
loading onto the auditor’s computer. (LO 11)
21. Assuming than an audit team has acquired the services of an information systems
auditor, the scope of any CAATs performed on the audit engagement is limited only to
what the information systems auditor deems necessary to perform for the audit team.
(LO 6)
22. e use of an integrated test facility as part of the performance of CAATs is ideal in
situations where extensive data analysis of the client’s financial data is required. (LO 12)
23. e more computerised an audit client’s information system is, the more likely the
auditor will perform CAATs on the engagement. (LO 11)
24. CAATs can be used to gather audit evidence directly. (LO 9)
25. Briefly explain the purpose of CAATs. (LO 6)
26. Provide a brief description of the following CAAT tools available to an auditor: (LO 10)
a) Data analytics software
b) Utility software
c) Software for flowcharting
27. Describe two benefits to an auditor of using CAATs on an audit where it is both possible
and preferable to use CAATs. (LO 11)
28. Provide a brief explanation of how CAATs can be used during the gathering of audit
evidence phase of an audit where a substantive audit approach is followed. (LO 12)
29. List the steps an IS auditor would typically follow when planning the use of CAATs on an
audit engagement. (LO14)
CAATs can be effectively applied in the audit of the following account balances and classes of
transactions, but are by no means limited to these:
Transaction files: Master files:
• Revenue • Trade debtors
• Expenses • Trade creditors
• Payroll • Inventory
• Fixed assets
Each of the above would most likely be contained in a separate data file in the entity’s
computerised financial system and be transferable in electronic data format for use by an IS
auditor.
CYCLE CASE STUDY
Data-oriented CAATs applied to an inventory listing

The following table represents an extract from the year-end nished goods inventory
listing of Ntsimbi Piping as at 31 December 20X1, obtained from its computerised
inventory system:
Item_code Item_descr Item_loc Last_sales_date Qty Unit_cost Total_cost
FG1001 High Central 02-12-20x1 30 312,00 9,360,00

impact PVC nished
coupling goods
110 mm store
FG1002 45 degree Hillside 11-11-20x1 50 33,40 2,338,00

PVC bend stores
80 mm
FG1003 Drain pipe Central 03-09-20x1 25 78,00 1,950,00

3 m-80 nished
mm goods
store
FG1004 Copper Central 30-05-20x1 80 88,00 10,560,00

wire pipe nished
40 mm goods
store
FG1005 Stained Rose 27-12-20x1 140 92,00 14,260,00

railing 5 m Street
depot
Item_code Item_descr Item_loc Last_sales_date Qty Unit_cost Total_cost
FG1006 PVC magno <Out of 30-11-20x1 0 780,00 –

conduit stock>
large
FG1007 Fibre optic Central 01-06-20x1 77 155,30 11,958,10

ext. cover nished
15 m goods
store
FG1008 Fibre optic Hillside 26-05-20x1 32 290,00 9,280,00

ext. cover stores
30 m
FG1009 Reinforced Central 27-12-20x1 136 226,50 39,864,00

FX87 outer nished
tube goods
store
FG1011 MHK 38 <Out of 30-12-20x1 0 49,00 –

mm piping stock>
Key to database eld headings:

• Item_code: Item code
• Item_descr: Item description
• Item_loc: Item location
• Last_sales_date:Date item was last sold
• Qty: Quantity on hand (according to Ntsimbi Piping’s inventory
system)
• Unit_cost: Cost price of individual item unit
• Total_cost: Total cost price of all quantities of an item on hand
Although most of the following CAATs can easily be performed manually due to the
small number of items in the above extract from the inventory database, CAATs
would be a necessity should the complete inventory le, possibly consisting of many
thousands of items, be subject to audit. Using generalised audit software, an IS
auditor would be able to perform the following CAATS:
NO. CAATS PROCEDURE PURPOSE INVENTORY ASSERTION

AT RISK
AT RISK
1. Cast the ‘Total cost To test whether the

price’ eld whole population has
been included for the
purpose of the CAATs (by
agreeing the results of
the casting with the trial
balance/general ledger
amounts to ensure the
inventory database
being audited
corresponds with the
nancial records).
2. Recalculate the ‘Total To test the accuracy of Accuracy, valuation and

cost price’ eld by the costing of the allocation (over or
instructing the audit recorded inventory. understatement of
software to multiply the inventory).
‘Total quantity on hand’
eld with the ‘Cost price
per unit’ eld.
3. Identify all negative To test the Accuracy, valuation and

quantities and unit appropriateness of the allocation
prices. valuation of inventory as (understatement of
it is not possible to carry inventory). Existence
a negative inventory may also be affected if
quantity. both elds are negative
(thus giving a positive
total cost), as ‘negative
items’ cannot exist.
4. Identify duplicated item To identify ctitious Existence

codes. inventory items. (overstatement of
inventory).
AT RISK
5. Identify gaps in the To identify and Completeness

sequential numbering of subsequently investigate (understatement of
inventory codes. incomplete inventory inventory).
(As the inventory codes items (i.e. items may
follow a numerical have been removed from
sequence.) the database to avoid
the identi cation of
inventory shortages
during inventory count).
6. Stratify all inventory To assist the audit team Existence.

items by location. in determining the
materiality of items held
at each location.
Locations carrying a
material amount of
inventory will be subject
to more extensive
auditing.
7. Select a sample of To assist the audit team Existence

inventory items spread in comparing the (overstatement of
amongst all locations. system/recorded inventory).
quantities at year-end to
the actual quantities
counted by the audit
team on that day (i.e. to
identify any possible
changes that were
inappropriately made by
the client subsequent to
the inventory count).
8. Generate an ageing To identify slow-moving Accuracy, valuation and

report of all items with a or possibly obsolete allocation (over or
‘Last sales date’ of inventory in order for the understatement of
before 30 June 20x1. audit team to evaluate inventory).
the reasonableness of
the allowance for
obsolete inventory (i.e.
have the nished goods
items been included in
the allowance?).
Completion of the CHAPTER 15
audit
Vincent Motholo
CHAPTER CONTENTS
Learning outcomes
Reference list
15.1 Introduction
15.2 What is the auditor’s responsibility regarding subsequent
events?
15.3 What is the auditor’s responsibility regarding the going concern
basis of accounting?
15.4 How does the auditor deal with uncorrected misstatements in
the nancial statements?
15.5 How does the auditor draft the auditor’s report?
LEARNING OUTCOMES
1. De ne ‘misstatements’.
2. Distinguish between the categories of misstatements.
3. Calculate nal materiality and explain the impact on the audit if it
differs from the materiality gure used in planning and performing
the audit.
4. Prepare a schedule of unadjusted audit differences for
misstatements identi ed during the audit.
5. Use nal materiality to evaluate uncorrected misstatements
individually and in aggregate.
6. Describe management’s and the auditor’s responsibilities with
regard to misstatements in the nancial statements.
7. Explain the impact of uncorrected misstatements on the auditor’s
report.
8. Explain the link between the objective of an audit and the auditor’s
report.
9. Describe the structure and content of the auditor’s report.
10. Draft an unmodi ed auditor’s report.
11. Distinguish between the types of audit opinions and reports.
12. De ne ‘key audit matters’ (KAMs).
13. Understand which entities’ auditor reports require KAMs to be
included.
14. Explain how going concern uncertainties, Reportable Irregularities
and contraventions of the Companies Act can affect the audit
opinion and report and their impact on the audit opinion and
report.
15. Explain the impact of the different types of modi cations, material
uncertainty related to going concern, emphasis of matter and other
matters on the auditor’s report.
16. Draft the various types of modi cation, material uncertainty
related to going concern, emphasis of matter and other matter
sections in the auditor’s report for a given scenario.
17. De ne ‘subsequent events’.
18. Distinguish between adjusting and non-adjusting subsequent
events.
19. Explain management’s responsibilities with regard to subsequent
events.
20. Explain the auditor’s responsibilities with regard to subsequent
events.
21. Formulate the audit procedures the auditor will perform with
regard to subsequent events.
22. Explain the going concern basis of accounting used in the
preparation of nancial statements.
23. Contrast the responsibilities of management and the auditor
regarding the going concern basis of accounting used in preparing
24. Identify indicators of the going concern risk and also the mitigating
factors.
25. Evaluate the appropriateness of the use of the going concern basis
of accounting for a given set of facts (including risks and mitigating
factors).
26. Describe the audit procedures to respond to the risk of the
inappropriate use of the going concern basis of accounting.
27. Distinguish the categories of insolvency and explain the
signi cance of each to the audit.
28. Explain the purpose of a subordination agreement and its impact
on the auditor’s assessment of the appropriateness of the going
concern basis of accounting.
Explain the impact of going concern uncertainties on the auditor’s
29.
report and apply to basic cases.
30. De ne the term ‘business rescue’.
31. Explain the purpose of business rescue.
32. Formulate the procedures the auditor will perform when a
company is placed under business rescue proceedings.
33. Consider the impact on the auditor’s report of a company in
business rescue proceedings.
REFERENCE LIST
International Accounting Standards Board (IASB) (2005) IAS 10 Events

after the Reporting Period.
2009) International Standard on Auditing (ISA) 450 Evaluation of
Misstatements Identi ed During the Audit.
2009) International Standard on Auditing (ISA) 560 Subsequent Events.
2016) International Standard on Auditing (ISA) 570 (Revised) Going
Concern.
2016) International Standard on Auditing (ISA) 700 (Revised) Forming
an Opinion and Reporting on Financial Statements.
2016) International Standard on Auditing (ISA) 701 Communicating Key
Audit Matter in the Independent Auditor’s Report.
Modi cations to the Opinion in the Independent Auditor’s Report.
2016) International Standard on Auditing (ISA) 706 (Revised) Emphasis
of Matter Paragraphs and Other Matter Paragraphs in the Independent
Auditor’s Report.
Independent Regulatory Board for Auditors (IRBA) (November 2016)
South African Auditing Practice Statement (SAAPS) 3 (Revised
November 2015) Illustrative Reports.
15.1 Introduction
e rst three phases of the audit process, namely pre-engagement
activities, planning activities and the performance of audit procedures,
were discussed in Chapters 12 to 14. Completion of the audit, discussed
in this chapter, represents the fourth and nal phase of the audit process.
During this nal phase, the auditor realises the overall objectives of
the audit of nancial statements (refer to ISA 200), which are to obtain
reasonable assurance about whether the nancial statements are free
from material misstatements and have been prepared in accordance with
an applicable nancial reporting framework, and to report on the
nancial statements and communicate as required by the ISAs.
e auditor realises these objectives by evaluating the audit evidence
gathered during the audit process for its sufficiency and appropriateness,
prior to arriving at the conclusions on which the auditor’s opinion is
based (refer to ISA 500). Part of this evaluation involves the use of
analytical procedures (in accordance with ISA 520.6) to consider whether
the amounts in the nancial statements (for classes of transactions and
account balances) are consistent with the auditor’s understanding of the
entity. e various analytical procedures that may be performed are not
discussed in this chapter, as they are similar to those performed during
the planning phase of the audit and discussed in section 12.4.2 of Chapter
12. e difference, however, is that the purpose of analytical procedures
in the planning phase is the identi cation of risks of material
misstatement, whereas their purpose in the nal stage of the audit
process is to corroborate conclusions made based on the evidence
gathered from the performance of audit procedures. If the results of the
analytical procedures performed at this nal stage are inconsistent with
the auditor’s understanding, it will require a revision of the assessment of
the risk of material misstatement, and as a result a modi cation of the
audit response.
e more experienced staff members on the audit team normally
perform the audit work during this last stage of the audit process.
Figure 15.1 depicts how this phase ts into in the audit process.

What is the auditor’s responsibility
15.2 regarding subsequent events?
15.2.1 Introduction
Owing to the nature of an audit, the auditor will require time after the
client’s year-end to perform audit procedures, prior to issuing an
auditor’s report. Management and those charged with governance will
communicate to the auditor prior to the commencement of the audit the
date by when the auditor’s report is required. A noteworthy statutory
deadline is that imposed by the Companies Act, which requires that the
audited nancial statements of a company must be made available within
six months after the end of its nancial year. In the case of companies
listed on the JSE, the auditor’s report is required within three months of
the year-end in accordance with the JSE Listings Requirements. e
auditor will therefore plan and perform the audit in a manner that will
aim to accommodate the deadline – of course ensuring that adherence to
the requirements of the ISAs is not compromised.
However, between the client’s year-end and the date on which the
auditor’s report is issued, events may occur that may affect the nancial
statements. e auditor refers to these events as subsequent events.
Subsequent events are de ned as ‘events occurring between the date of
the nancial statements (year-end) and the date of the auditor’s report,
and facts that become known to the auditor after the date of the auditor’s
report’ (ISA 560.5(e)).
Depending on the nature and signi cance of these events,
management may be required to amend the nancial statements to
re ect the impact of these events. IAS 10 (Events after the reporting
period) prescribes to management how to account for these events.
Events after the reporting period are de ned as those material events,
favourable and unfavourable, that occur between the end of the reporting
period (year-end) and the date when the nancial statements are
authorised for issue (IAS 10.3).
IAS 10 identi es two types of events after the reporting date, namely:
1. ose events that provide evidence of conditions that existed at the
end of the reporting period. ese events may require adjustments
to be made to the gures in the nancial statements and are
sometimes called adjusting events; and
2. ose events that are indicative of conditions that arose after the
reporting period. ese events do not require adjustments to be
made to the gures in the nancial statements, but may require
disclosure to users and are sometimes called non-adjusting events.
Subsequent events may entail, for example, an important ruling in a court

case affecting the auditee or the auditee’s acquisition of the assets and
liabilities of another company after year-end. Some important events
after year-end will lead to the nancial statements requiring amendment
(adjusting events) whereas others will only require a disclosure in the
form of a note to the nancial statements (non-adjusting events).
Note: The ISAs refer to ‘Subsequent events’ whereas IAS 10 refers to

‘Events after the reporting period’. The distinction is that the ISAs cover the
auditor’s responsibility with regard to these events not only up to the date on
which the financial statements are authorised for issue by management/those
charged with governance, but also after the date of the auditor’s report. The
latter period is not covered in IAS 10. Refer to the example contained in
section 15.2.3. To avoid the problems surrounding this discrepancy, the
auditor’s report is normally dated the same as the date the financial
statements are authorised for issue.
15.2.2 Various periods pertaining to subsequent

events
e timeline below depicts various dates that may be of importance in
respect of subsequent events:
Financial year-end Date the financial Date of the Date of issue

statements are auditor’s of annual
approved report1 financial
statements
31/12/X1 28/02/X2 3/03/X2 28/04/X2
• Financial year-end: Refers to the last date of the financial reporting period
of an entity. For companies, this date is determined in accordance with
section 27 of the Companies Act 71 of 2008.
• Date the financial statements are approved: Refers to the date on which
the financial statements are authorised for issue by management and those
charged with governance (the directors in the case of a company so as to
comply with the requirements of section 30(3)(c) of the Companies Act).
This date will always be after year-end.
• Date of the auditor’s report: Refers to the date on which the auditor
expresses an opinion about the financial statements of an entity and issues
the auditor’s report. The date will be either on or after the financial
statement approval date (it cannot be before the date the financial
statements are approved).
• Date of issue of annual financial statements: Refers to the date on which
the annual financial statements, including the auditor’s report, are made
available to the users of financial statements (i.e. shareholders, creditors,
government, employees and customers).

e auditor considers the risks of material misstatement relating to the
non-identi cation of, the failure to account correctly for, and the non-
disclosure of events occurring between the auditee’s year-end and the
date of the auditor’s report on the nancial statements. e auditor has a
responsibility to perform audit procedures to ensure that these risks have
been appropriately responded to prior to expressing an audit opinion.
In order to address these risks, the auditor has to design sufficient

appropriate audit procedures, which have to include at least the
following:
• Obtain an understanding of any procedures established by
management to ensure that subsequent events are identi ed;
• Enquire of management as to whether any subsequent events have
occurred that may affect the nancial statements;
• Read the minutes of board and management meetings held after the
end of the nancial reporting period;
• Read the entity’s subsequent interim nancial statements, if any; and
• Include appropriate reference to subsequent events (per ISA 560.09)
in the written representation letter to be signed by management.
e period that has to be covered by the above-mentioned audit

procedures ends on the date of the auditor’s report. e auditor has no
obligation to perform any audit procedures in respect of subsequent
events that occur between the date of the auditor’s report and the date of
issue of the annual nancial statements to users, and in respect of the
period after the financial statements have been issued to users, unless these
events become known to the auditor and may cause the auditor to amend
the auditor’s report. In such instances, the auditor shall:
• Discuss the matter with management and, where appropriate, those
charged with governance;
• Determine whether the nancial statements need to be amended;
and, if so,
• Enquire how management intends to address the matter in the
nancial statements.
If management amends the nancial statements, the auditor shall:

• Carry out the audit procedures necessary in the circumstances on the
amendment (to ensure that it is correctly dealt with in the nancial
statements);
• Provide a new auditor’s report on the amended nancial statement,
after carrying out audit procedures to identify subsequent events up to
the date of the new auditor’s report;
• Include in the new or amended auditor’s report an Emphasis of Matter
paragraph or Other Matter paragraph (refer to section 15.5.4) referring
to the note in the nancial statements dealing with the subsequent
event; and
If the nancial statements were previously issued, review the steps
•
taken by management to ensure that anyone in receipt of the
previously issued nancial statements together with the auditor’s
report thereon is informed of the situation.
In the event that the amendment of the nancial statements is necessary,

but management does not amend the nancial statements and does not
take the necessary steps to ensure that anyone in receipt of the previously
issued nancial statements (and auditor’s report) is informed of the
situation, the auditor shall notify management and those charged with
governance that the auditor will seek to prevent future reliance on the
auditor’s report. e auditor will then seek to communicate to users who
may be considering placing reliance on the previously issued auditor’s
report that they should not do so. is can be done via, for instance, the
media. e auditor may also deem it necessary to obtain legal advice in
these situations.
WHAT What if at the year-end (31 December 20X1), Ntsimbi

Piping (Pty) Ltd has recognised a provision of R800,000.
IF? This amount has been estimated by the attorneys of Ntsimbi
Piping as the probable fine that may be imposed in a court
case against the company for engaging in price fixing. On
27 January 20X2, the ruling was handed down by the court
that Ntsimbi Piping is guilty and will be liable to pay a fine
of R2,200,000. Assume that the final materiality figure for
the audit was set at R750,000. What effect will the court
ruling have on the 31 December 20X1 financial statements
of Ntsimbi Piping?
This is an adjusting subsequent event, as the court ruling
provides additional information in respect of the ongoing
court case regarding price fixing. Management had already
provided for R800,000 of the amount payable. Management
will have to increase the provision in the 31 December
20X1 financial statements to R2,200,000 to reflect the
outcome of the court case. This is appropriate, as the
financial statements have not yet been finalised and
approved. The auditor will have to perform the audit
procedures he or she deems necessary to obtain sufficient
appropriate audit evidence that the changes made to the
financial statements result in fair presentation.
WHAT What if the court ruling was made on 15 July 20X2 (a date
after the date on which the auditor’s report was issued, but
IF? prior to date of issue of the annual financial statements to
users)? What will the responsibility of the auditor be in this
regard?
If the auditor becomes aware of this outcome, the auditor
will consider the impact of the court ruling on the issued
auditor’s report. If the auditor considers it to be material
(which in this case he or she will, as the amount of the
misstatement of R1,400,000 exceeds the final materiality
figure of R750,000), the auditor will request management
to adjust the financial statements by increasing the
provision to reflect an amount of R2,200,000. If
management refuses, the auditor will withdraw the
auditor’s report and take steps to prevent reliance on the
previous auditor’s report.
WHAT What if Ntsimbi Piping only started engaging in price

fixing on 31 January 20X2 (i.e. a date after year-end) and
IF? was taken to court on 1 March 20X2 (i.e. a date before the
date on which the financial statements were approved and
the auditor’s report signed) and the attorney estimated a
liability of R800,000? What will the effect of being taken to
court be on the 31 December 20X1 financial statements?
This is a non-adjusting subsequent event, as the event (the
committing of price fixing) only occurred after year-end.
Management will have to disclose this in the form of a note
(contingent liability) in the financial statements. The
auditor will have to perform the audit procedures he or she
deems necessary to obtain sufficient appropriate audit
evidence that the contingent liability is properly disclosed.
Should management refuse to disclose the contingent
liability, the auditor will appropriately modify the auditor’s
report.
15.3 What is the auditor’s responsibility

regarding the going concern basis of
accounting?
15.3.1 Introduction
In terms of the Conceptual Framework for entities preparing nancial
statements in accordance with the International Financial Reporting
Standards (IFRS), the nancial statements of an entity are prepared on
two assumptions, namely the accrual and going concern assumptions.
Under the going concern assumption, which is relevant for this section,
an entity is viewed as continuing in business for the foreseeable future.
e foreseeable future is deemed to be a period of at least 12 months after
the year-end.
erefore, if the management of an entity intends to liquidate the
entity or to cease trading, or has no realistic alternative but to do so, the
going concern basis of accounting may not be used in preparing the
entity’s nancial statements. In such cases, the nancial statements must
be prepared on another basis, such as the liquidation basis. In all other
cases, the going concern basis of accounting applies to the nancial
statements.
15.3.2 Management’s responsibility
IAS 10 requires management to make an assessment of an entity’s ability
to continue as a going concern as part of the nancial statement
preparation process. Management’s assessment of the entity’s ability to
continue as a going concern must cover a period of at least 12 months
after the date of the nancial statements. e assessment involves a
judgement at a particular time about inherently uncertain future
outcomes of events or conditions. In order to make the assessment,
management has to prepare budgets (e.g. cash ow forecasts and income
and expenditure budgets) for a period of at least 12 months after the end
of the nancial reporting period for which the nancial statements are
being prepared.
In the event that there is material uncertainty that may cast signi cant
doubt on the entity’s ability to continue as a going concern, but
management believes that the entity will nevertheless be able to continue
as a going concern, management is required to do the following:
• Provide plans for future actions to deal with the events or conditions
giving rise to the uncertainty;
• Provide an assessment, stating how the outcomes of these plans are
likely to improve the situation;
• Evaluate if these plans are feasible given the circumstances of the
entity; and
• Adequately describe the principal events or conditions that may cast
signi cant doubt on the entity’s ability to continue as a going concern
in the nancial statements and in management’s written
representation to the auditors.
If management does not believe that the entity will be able to continue as
a going concern, management has to prepare the nancial statements on
a basis other than the going concern basis and disclose this fact, together
with the reasons for this, in the nancial statements.
15.3.2.1 Going concern indicators and management’s plans to

rescue the business
ISA 570.A3 contains examples of events or conditions that, individually or
collectively, may cast signi cant doubt about the entity’s ability to
continue as a going concern. You may recall from section 12.5.2 of
Chapter 12 that these events or conditions are categorised as nancial
indicators, operating indicators and other indicators.
e news article on the next page, with accompanying comments,
identi es a number of nancial and operating factors that may indicate
that South African Airways (SAA),) is facing going concern problems. SAA
is a ag carrier airline of South Africa, but operates in a competitive
environment accompanied also by high operating costs (which include
fuel costs). It is reported that, in order for SAA to return to pro tability, it
will need to cut or reduce loss-making routes and transfer unneeded
planes to its subsidiary, Mango Airlines, a low cost carrier. SAA
competitors include, but are not limited to, British Airways, Ethiopian
Airlines, Kenya Airways and Emirates.
IN THE NEWS
Going concern issues at South African Airways
The national carrier, South African Airways (SAA), received much
attention from the newsrooms during the years 2016 to 2018. First, it
started with the governance issues pertaining to its board and the ethical
conduct of the chairperson of the board was questioned. As a result, this
led to the entire board being replaced with a new board in October 2017
to restore stakeholder confidence.
The financial statements for the year ended 31 March 2017 were
submitted late to parliament. When the Auditor General, Mr Kim
Makwetu, tabled his independent auditor’s report for the 31 March 2017
year-end in parliament, the independent auditor’s report included a
section on ‘material uncertainty relating to going concern’. For that
period, SAA reported a net loss of over R5 billion. Total liabilities
exceeded total assets by R17.8 billion for the same period.
Management of SAA predicted that the airline would stage a return
to profitability in four years’ time, as its turnaround strategy starts to reap
fruit. Furthermore, the net loss for the 2018 financial year was
anticipated to be less than R5 billion in comparison with the net loss
reported in 2017.
SAA operates in a competitive environment and as a result,
experienced a decline in passenger numbers during the 2017 financial
year. In response to increased competition, SAA dropped fares, resulting
in revenue dipping about R1 billion below what was forecast for that
period. At the same time operating costs rose, largely as a result of
higher fuel costs and volatility in foreign exchange rates. The fuel price
is denoted in US dollars.
In September 2016, government gave a bailout of R3 billion to
prevent SAA from defaulting on its debt obligations to Citibank. This
followed a R2.2 billion bailout in June 2017 to enable the airline to cover
its repayments to Standard Chartered.
15.3.2.1.1 Comments on the news article
Financial factors
e management of SAA and its auditor will have to analyse the
company’s nancial information in order to identify nancial factors that
may indicate that the entity is not a going concern for the foreseeable
future. e analysis will entail, among other things, analysing key
nancial ratios relating to pro tability, solvency and liquidity, and will,
among other things, identify that:
• e reported revenue for the 2017 nancial year of SAA is lower than
the forecasted revenue for that year.
• SAA has reported nancial loss of R3.7 billion over the nine months to
the end of 2017 and is projecting a further loss of just less than R5
billion for the 2018 nancial year.
• In September 2016 and June 2017 SAA was at risk of being in a default
position (liquidity concerns) in making loan repayments to its funders.
SAA received two bailouts from the government in order for it to avoid
the defaults.
Operating factors
In gathering information with regard to the operating factors that may
impact on the company’s ability to continue as a going concern, the
auditor may make enquiries of the following parties: company
management, and its attorneys, employees, suppliers and nanciers.
Important to note is that the decrease in the revenue is as a result of a
decline in passenger numbers and also reduced fares in response to
increased competition.
e above-mentioned events or conditions are just indicators and do not

necessarily mean that SAA will not be able to operate for a period of at
least 12 months after the nancial statement date. e presence of these
indicators, however, may indicate that a material uncertainty exists about
the company’s ability to continue as a going concern.
If management nevertheless believes that the company will be able to
continue as a going concern, they are required to provide plans on how it
intends to survive. Management’s plans are referred to as mitigating
factors.
In the SAA situation, these mitigating factors could entail, among others,
the following:
• Eliminating routes which are not considered pro table;
• Transferring excess aeroplanes to Mango Airlines, a pro table
subsidiary of SAA; and
• Obtaining a bailout from the government (as mentioned in the article)
in order to enable SAA to meet its debt obligations and return to a
pro table position.
e mitigating factors will differ from entity to entity. is is because the
events or conditions indicating going concern problems are likely to
differ.
For example, in certain instances, the entity may not be able to pay its
short-term debts in the ordinary course of business. In such instances,
the entity may consider selling off assets, rescheduling loan repayments
or obtaining additional equity funding.
DID YOU KNOW?

In terms of the Companies Act, the directors of the company have to
apply a solvency test (assets exceeding liabilities) and liquidity test
(ability to pay debts in the normal course of business) prior to paying
dividends, providing financial assistance, buying back shares and
effecting capitalisation issues. If the company is not permitted to perform
any of these transactions because it failed either the solvency or liquidity
tests, this may also be an indication of going concern problems.
15.3.2.2 Categories of insolvency

e South African law recognises two types of insolvency, namely factual
insolvency and commercial insolvency. e existence of either of these
types of insolvency may be an indication that an entity cannot be viewed
as a going concern.
15.3.2.2.1 Factual insolvency

Factual insolvency arises when the entity’s liabilities fairly valued exceed
its assets fairly valued. e fair values are used instead of historical cost
when determining the entity’s ability to continue as a going concern,
because fair values re ect the value at which the entity will be able to
realise its assets and discharge its liabilities in the normal course of
business. e existence of factual insolvency does not necessarily mean
an entity is not a going concern.
In the event that the entity is factually insolvent, the entity may enter
into subordination agreements with its creditors as a mitigating factor. A
subordination agreement is an agreement in terms of which the creditor of
the entity binds itself inde nitely or for a limited period, conditionally or
unconditionally, not to claim or accept payment of the amount owing to
it until the happening of a particular event. (Of course, the auditor needs
to assess the effectiveness of the subordination agreement as a mitigating
factor to the identi ed going concern problem. Refer to section 15.3.3 for
the auditor’s responsibilities in respect of going concern.)
15.3.2.2.2 Commercial insolvency

Commercial insolvency exists when the entity is not able to pay its debts
in the normal course of business. e existence of commercial insolvency
most probably indicates that an entity has going concern problems (given
its liquidity problems). However, for companies this may also lead to
reckless trading in terms of section 22 of the Companies Act.

e auditor has a number of responsibilities with regard to the going
concern basis of accounting used in the preparation of the auditee’s
nancial statements.
e auditor must perform the following risk assessment-related

procedures:
• Perform risk assessment procedures to consider whether there are
events or conditions that may cast signi cant doubt on the entity’s
ability to continue as a going concern (refer to the indicators per
section 12.5.2 of Chapter 12 for details in this regard);
• Discuss with the entity’s management their formal assessment of the
entity’s ability to continue as a going concern;
• If there is a risk that the going concern basis of accounting may be
inappropriately applied in the nancial statements, evaluate
management’s assessment of going concern (see the next page); and
• Remain alert throughout the audit for audit evidence of events or
conditions that may cast signi cant doubt on the entity’s ability to
continue as a going concern.
WHAT What if management has not prepared an assessment with

regard to the entity’s ability to continue as a going concern?
IF? Can the auditor request that management prepare an
assessment?
The auditor will first discuss with management the intended
use of the going concern basis of accounting. In the event
that the auditor identifies that there is material uncertainty
with regard to the continuation of the entity, the auditor will
request that management prepares a formal assessment.
WHAT What if management has prepared the assessment of the

entity’s ability to continue as a going concern? Can the
IF? auditor accept this assessment as sufficient appropriate
audit evidence?
No, the auditor has a responsibility to perform audit
procedures to evaluate the appropriateness of the
assessment.
Where there are risks relating to the inappropriate use of the going
concern basis of accounting, the auditor will evaluate the process
followed by management in the assessment of the entity’s ability to
continue as a going concern. e auditor’s evaluation of the assessment
will include the following additional audit procedures performed by the
auditor:
• Inspect the forecast schedules supporting management’s assessment of
the entity’s going concern ability in order to identify any going concern
indicators, and to evaluate management’s plans for future actions in
relation to its going concern assessment (i.e. will the mitigating factors
be effective?).
• Reperform the clerical accuracy of any forecasts prepared by
management.
• Enquire of management about the data used to prepare the forecast
and agree the data to supporting documentations such as predicted
production schedules.
• Enquire of management the reasonableness of the assumptions used in
preparing the going concern assessment and corroborate this (e.g.
with information available in the market).
• Audit for feasibility any mitigating factors identified in the forecast (i.e. is
there a realistic chance that they will happen), and whether they are
correctly re ected in the forecast.
• Consider whether any additional facts or information have become
available since the date on which management made its assessment.
• Request written representations from management or those charged
with governance regarding their plans for future action and the
feasibility of these plans.
e auditor cannot be certain about whether the auditee will be able to

continue as a going concern until the actual happening of certain future
events. ese events may entail subsequent events, such as the outcome
of litigation becoming known months after the nancial statements have
been issued to the users. Moreover, the mitigating factors provided by
management also involve many assumptions that the auditor cannot
con rm for certain, but can only assess for reasonableness.
Although it is the auditor’s responsibility to obtain sufficient
appropriate evidence to verify that the use of the going concern basis of
accounting is appropriate in the preparation of the auditee’s nancial
statements (in terms of the ISA 570 requirements), the management of
the auditee remains ultimately responsible for assessing the entity’s
ability to continue as a going concern and for considering the
appropriateness of the use of the going concern basis of accounting in the
preparation of its nancial statements.
15.3.4 Business rescue and its impact on the audit

15.3.4.1 Background to business rescue
Business rescue refers to the proceedings to facilitate the rehabilitation of
a company that is unlikely to be able to pay all of its debts as they become
due and payable within the immediate ensuing six months or is likely to
become insolvent within the immediately ensuing six months (i.e.
rehabilitation of a company that is in nancial distress). Chapter 6 of the
Companies Act relates speci cally to the business rescue process.
e rehabilitation of the company that is nancially distressed entails the

provision of the following:
• e temporary supervision of the company, and of management of its
affairs, business and property, by a business rescue practitioner; and
• A temporary prohibition on the rights of claimants against the
company or in respect of property in its possession.
Business rescue proceedings commence when the board of the company

les a resolution, or applies to court, to place the company under
supervision to rehabilitate it from nancial distress. A connected person
may also apply to court for an order to place a company under
supervision.
Business rescue proceedings normally take three months. ese

proceedings end when one of the following has taken place:
• e business rescue practitioner (see next paragraph) has led with
the Commission a notice of the termination of business rescue
proceedings;
• e development and approval of the business rescue plan has been
rejected;
• e court sets aside the resolution or order that began those
proceedings; or
• e court has converted the proceedings to liquidation proceedings.
To facilitate the business rescue proceedings, the company is required to

appoint a suitably skilled, experienced and independent person referred
to as the business rescue practitioner.
e business rescue practitioner will restructure the affairs, business,
property, debt and other liabilities, and equity in a manner that
maximises the likelihood of the company continuing in existence on a
solvent basis. In the event that it is not possible for the company to
continue in existence, the business rescue practitioner will facilitate a
process to ensure that there is a better return for the company’s creditors
and shareholders than would result from the immediate liquidation of
the company.
When a company is placed in business rescue proceedings with the
intention to rehabilitate it so as to continue with its operations, the plans
will entail mitigating factors to the going concern uncertainties.
When a resolution to begin business rescue proceedings has been
passed, the board of the company has to communicate this to the
affected persons in the manner prescribed by law. e board has to
communicate the notice of the resolution, the effective date of the
resolution, and a sworn statement of the facts relevant to the grounds on
which the resolution was based.
15.3.4.2 Impact on the audit

In the event that the company is placed in business rescue proceedings,
the auditor must still obtain audit evidence as to whether the entity will
be able to continue as a going concern for a period of at least 12 months
after year-end (obviously the risks of material misstatement in this area
are higher than normal). e procedures performed by the auditor to
respond to the risks include the following:
• Enquire of the business rescue practitioner as to the ability of the
company to continue as a going concern, given that it has been placed
in business rescue proceedings;
• Obtain a written representation from the business rescue practitioner
in respect of the above;
• Obtain the business rescue plan and assess its reasonability, feasibility
and effectiveness;
• Discuss with the business practitioner any assumptions contained in
the business rescue plan and assess their reasonableness; and
• Request that the business rescue practitioner prepare a disclosure
note highlighting the fact that the company is under business rescue
proceedings and that in his or her opinion the company will be able to
continue to operate as a going concern.
15.4 How does the auditor deal with

uncorrected misstatements in the
financial statements?
15.4.1 Misstatements identified during the audit
While performing the further audit procedures (third phase of the audit
process), the auditor may detect misstatements arising from fraud or
error in the nancial statements of the audit client. A misstatement is
de ned as ‘a difference between the amount, classi cation, presentation,
or disclosure of a reported nancial statement item and the amount,
classi cation, presentation, or disclosure that is required for the item to
be in accordance with the applicable nancial reporting framework’
(IAASB Glossary of Terms).
e auditor may categorise each uncorrected misstatement in one of the

following three categories (ISA 450.A6):
1. Factual misstatements: ese are misstatements about which there is
no doubt. For example, Ntsimbi Piping’s inventory is purchased for
cash and recorded inclusive of VAT, totaling R1,570,000, in the
inventory account in the general ledger. erefore, the R1,570,000 is
considered a factual misstatement on inventory and VAT input
accounts. (Another example is the blatantly incorrect selection or
application of an accounting policy – for example, an accounting
policy that states that deferred tax is not provided for is in direct
contravention of IAS 12 and therefore the resulting misstatements
would be factual.)
2. Judgemental misstatements: ese are misstatements that arise from
judgements of management concerning accounting estimates that
the auditor considers not to be reasonable. For example, there is a
difference of opinion of R1,720,000 between the auditor and
management of Ntsimbi Piping regarding the provision for
performance bonuses payable to staff (the auditor believes that the
provision is understated by this amount). e difference of opinion
stems from the auditor not agreeing with the assumptions used by
management in the calculation for the provision of bonuses.
erefore, this difference on the provision for bonuses, affecting
both the Statement of Financial Position and Statement of
Comprehensive Income, is considered a judgemental misstatement,
as there is professional judgement exercised when determining the
amount of the provision for performance bonuses.
3. Projected misstatements: ese are the auditor’s estimates of
misstatements calculated by projecting misstatements identi ed in
samples to the related populations. For example, the inventory
balance of Ntsimbi Piping is R9,326,597 at 31 December 20X1. Say,
for instance, the audit team conducted an inventory count at only
one of the warehouses where the inventory is stored. e carrying
amount of inventory at this warehouse was R7,461,277 according to
Ntsimbi Piping’s records. e inventory count at this warehouse
revealed that inventory to the value of R1,200,000 should be
recorded as obsolete. Based on a rough estimate, the projected
misstatement is therefore in the region of R1,500,000
{(R1,200,000/R7,461,277) × R9,326,597}.
When misstatements (or audit differences) are identi ed during the

audit, the auditor documents these misstatements in a schedule of
unadjusted audit differences. e schedule of unadjusted audit differences
re ects the journal entries required to correct the misstatements
identi ed.
While conducting the audit, the auditor will normally come across
multiple misstatements. Whereas some of these may be signi cant, many
of them may be so small that they are unlikely to affect the nancial
statements in any signi cant way. erefore, when accumulating
misstatements, the auditor may consider these matters to be clearly trivial
(i.e. to have no possibility of having a material effect on the nancial
statements) (refer to ISA 450.A2). ese clearly trivial misstatements are
then not recorded in the schedule of unadjusted audit differences, as it
would unnecessarily clutter the schedule and serve no real purpose.
(Also refer to section 12.7.2 of Chapter 12, where this matter is discussed
as it applies during the planning phase of the audit.)
e auditor is required to accumulate, document and communicate
(with management and those charged with governance) misstatements
identi ed during an audit that individually or in aggregate could have a
material effect on the nancial statements.
Once all uncorrected misstatements identi ed during the audit (other
than clearly trivial ones) have been accumulated and documented in the
schedule of unadjusted audit differences, the auditor has to evaluate
whether they could cause the nancial statements to be materially
misstated. erefore, the concept of materiality that was discussed in
section 12.7 of Chapter 12 comes into play again.
15.4.2 Final materiality

e materiality determined in planning and performing an audit (the
materiality as discussed in section 12.7.1 of Chapter 12) may not be
appropriate when accumulating and evaluating misstatements in the
nal stage of the audit process. For example, the gures used in
determining materiality at the planning stage may be signi cantly
different to the nal gures in the nancial statements (e.g. if many
misstatements were identi ed during the audit and subsequently
corrected by management when drafting the nal nancial statements).
e materiality gures at the planning stage may also include a margin of
error adjustment to ensure that that misstatements that are individually
immaterial, but when aggregated with other immaterial misstatements
become material, are detected.
e auditor is therefore required to reassess materiality in order to
determine nal materiality during the last stage of the audit process. If
the final materiality is lower than the materiality gure set at the planning
stage, this is of major concern and the auditor would have to consider the
appropriateness of the nature, timing and extent of the audit procedures
performed. e auditor is also likely to have to perform further audit
procedures in order to achieve an acceptable level of audit risk. e nal
materiality gure is ordinarily set at an amount equal to or greater than
the materiality gure set at the planning stage.
When evaluating whether misstatements identi ed during the audit
are material, the auditor has to consider them by amount (quantitatively)
but also by nature (qualitatively). A misstatement will be quantitatively
material (material in amount) if it is above the determined nal
materiality gure. However, a misstatement that is below the nal
materiality gure may still in uence the economic decisions of nancial
statement users (e.g. as a result of non-compliance with certain sections
of the Companies Act by directors), and hence is to be considered
qualitatively material (material by nature).
e auditor has to communicate the uncorrected misstatements
identi ed during an audit to management and those charged with
governance. Management should be asked to correct these
misstatements, as they are responsible for maintaining accurate nancial
records and preparing nancial statements that are free from material
misstatements. Misstatements not corrected by management may affect
the fair presentation of the nancial statements and, as a consequence,
result in a modi cation of the auditor’s report.
If there are uncorrected misstatements, the auditor also has to request
management and those charged with governance, if appropriate, to
provide a written representation that they believe that the misstatements
individually and in aggregate are not material (ISA 450.14).
CYCLE CASE STUDY

Final materiality calculation: Ntsimbi Piping
Ntsimbi Piping has a reported revenue of R128,320,126 for the year

ended 31 December 20X1. During the planning stage, performance
materiality for the 20X1 audit, based on revenue, was set at R721,500
(refer to Working Paper F1 in section 12.7.2 of Chapter 12, where this
was calculated).
During the final stage of the audit process, the auditor will assess
the materiality figure to determine if it is still appropriate to finalise the
audit. In the scenario of Ntsimbi Piping final materiality will be
determined as follows:
• For the purpose of this example, let’s assume that all factors
considered in the determination of materiality at the planning stage
are still the same at the time of calculating final materiality.
• However, we ignore the impact of the risk of material misstatement
and prudence considerations (refer to step 6 on Working Paper F1 in
section 12.7.2 of Chapter 12) when determining final materiality, as
this consideration is only applicable during the planning phase of the
audit, and does not apply to the finalisation phase.
Final materiality can therefore now be set at R960,000 (rounded) –
• the magnitude of omissions or misstatements that are considered to
influence the economic decisions of users taken on the basis of the
15.4.3 Evaluating the materiality of uncorrected

misstatements
Assuming that the examples of the categories of misstatements provided
in section 15.4.1 are not considered to be clearly trivial, the auditor will
document them as follows in the Schedule of Unadjusted Audit
Differences:
Example of Schedule of Unadjusted Audit Differences
Item Type of Description Assets Liabilities Equity Retained

# misstatement Dr/(Cr) Dr/(Cr) Dr/(Cr) Earnings
R’000 R’000 R’000 Dr/(Cr)
R’000
1 Factual VAT input 1,570

(SFP) (1,570)
Inventory
(SFP)
2 Judgemental Provision (1,720) 1,720

for bonuses
(SCI)
Provision
for bonuses
(SFP)
3 Projected Allowance (1,500) 1,500

for
obsolete
inventory
(SCI)
Allowance
for
obsolete
inventory
(SFP)
TOTAL (1,500) (1,720) 3,220
e nal materiality gure has been set at R960,000. After evaluating each
of the above misstatements individually against this materiality gure, the
auditor will evaluate the misstatements in aggregate against the nal
materiality. If this is done for the given example, it can be concluded that
each of the documented misstatements is individually quantitatively
material (i.e. material in amount).
e above schedule of unadjusted audit differences shows that the
assets are overstated in aggregate by R1,500,000, liabilities understated by
R1,720,000 in aggregate and retained earnings overstated by R3,220,000 in
aggregate. Since the misstatements identi ed are material quantitatively
(in amount), individually and in aggregate, the auditor will request that
management adjust the nancial statements with regard to the factual
(item 1) and judgemental (item 2) misstatements to ensure that the
nancial statements are not materially misstated. However, with regard to
the projected misstatement (item 3), the auditor will request that
management further investigate the matter and/or will perform further
audit procedures on the balance of the inventory account that was not
selected in the sample in order to obtain sufficient appropriate audit
evidence in this regard.
If management refuses to adjust the nancial statements in respect of
the misstatements identi ed in the example above, the misstatements
will be considered material and the auditor will modify the audit opinion
accordingly.
WHAT What if the final materiality had been set at R1,600,000

instead of R960,000 as per the above example? How will
this impact on the auditor’s evaluation of the above-
IF?
mentioned misstatements?
1. Inventory (item 1)
The factual misstatement included in the above schedule of
unadjusted audit differences will remain in the schedule. As
the misstatement is below the final materiality of
R1,600,000, the misstatement of R1,570,000 is not
individually quantitatively material (material in amount).
However, when aggregated with other immaterial items, the
aggregate misstatements may well be material.
There is no reason to deem the difference to be
qualitatively material (material in nature).
2. Provision for bonuses (item 2)
This misstatement is individually quantitatively material, as
it is exceeds the determined final materiality of R1,600,000.
There is no obvious reason to deem the difference to be
qualitatively material (material in nature).
3. Allowance for obsolete inventory
The projected misstatement included in the above schedule
of unadjusted audit differences will remain in the schedule.
As the misstatement is below the final materiality of
R1,600,000, it is not individually quantitatively material.
IAS 2 requires that inventory be valued at the lower of
cost or net realisable value. Therefore, by not doing so, the
client has contravened IAS 2. However, from the auditor’s
perspective, as the amount by which inventory is overstated
is not considered to affect the decisions of users of the
financial statements, it is not considered qualitatively
material merely because it contravened IAS 2. The key
question to be asked by the auditor to determine whether
misstatements of this nature are qualitatively material, is
whether the decisions of users of the financial statements
will be influenced by the misstatements.
4. Aggregation
The misstatements also have to be evaluated in aggregate
against the final materiality to determine their impact on the
financial statements. The evaluation in aggregate is as
follows:
Assets: R1,500,000 (overstated)
Liabilities: R1,720,000 (understated)
Retained Earnings: (1,570,000 + 1,720,000) =
R3,220,000 (overstatement)
The liabilities and retained earnings are in aggregate

quantitatively material (material in amount) as the matters
result in misstatements in excess of R1,600,000 (final
materiality figure). If management does not adjust at least
misstatement 2, the financial statements will not achieve
fair presentation.
15.4.4 Impact of uncorrected misstatements on the

financial statements and auditor’s report
As can be seen from the example above, the uncorrected misstatements
will affect the fair presentation of the nancial statements if they (the
uncorrected misstatements) are quantitatively or qualitatively material.
Should this be the case, the auditor cannot express an opinion that the
nancial statements are free from material misstatements. e auditor
will therefore have to modify the audit opinion accordingly to point this
out to users of the nancial statements. e auditor’s report and the
different types of audit opinions are discussed in the next section.
15.5 How does the auditor draft the

auditor’s report?
15.5.1 Introduction
e culmination of the audit process is a written report issued by the
auditor to the shareholders. e report contains the auditor’s opinion
about the fair presentation of the nancial statements, referred to as the
auditor’s report (refer to section 15.5.2 of this chapter for a discussion on
the auditor’s report for Ntsimbi Piping). is is where the auditor
achieves the primary objective of the audit, namely to express an opinion
on whether the nancial statements are free from material misstatement.
e audit opinion is supported by audit evidence obtained by the auditor
through the audit process, and provides reasonable assurance on
whether the nancial statements are free from material misstatement.
e contents of the auditor’s report, the different types of audit
opinions that may be expressed by the auditor, and the other
modi cations that may be made to the auditor’s reports are discussed in
this part of the chapter. It is noteworthy that in recent years standard-
setters and regulators internationally have undertaken extensive research
and discussions on increasing the value of the auditor’s report to users –
by considering ways in which the information contained in the auditor’s
report can be made more relevant to users while also achieving
consistency and comparability in auditor’s reports globally. is
culminated in a new suite of auditor reporting standards being issued in
January 2015. e ‘basic’ standard is ISA 700 and it is then accompanied
by a number of other standards in the 700-series.
Note that in the South African context SAAPS 3 is particularly useful
when drafting auditor’s reports as it includes many examples of different
types of audit opinions and other modi cations to auditor’s reports. You
should keep SAAPS 3 at hand when studying this section of the chapter.
15.5.2 Contents of the auditor’s report

e auditor’s report that follows is included to highlight the contents of
an actual auditor’s report for audits conducted in accordance with the
ISAs. It was copied from the annual nancial statements of Ntsimbi
Piping and amended where necessary for illustrative purposes. is
auditor’s report contains an unmodi ed audit opinion (i.e. a ‘clean’ or
standard audit opinion).
Noland House | T (+27) 21 658
River Park 6600
River Lane | F (+27) 86 532
Mowbray 2556
Cape Town www.nolands.co.za
7700 | South
Africa
P O Box 2881 |
Cape Town |
8000
South Africa
INDEPENDENT AUDITOR’S REPORT
To the shareholders of Ntsimbi Addressee

Piping Proprietary Limited
OPINION Opinion section

We have audited the financial The introductory paragraph
statements of Ntsimbi Piping
conveys a clear identification
Proprietary Limited, set out on
of the subject matter that has
pages 7 to 24, which comprise
been subjected to audit.
the Statement of Financial
Position as at 31 December The auditor’s opinion
20X1, and the Statement of paragraph conveys the
Comprehensive Income, auditor’s opinion on the
Statement of Changes in financial statements – and will
Equity and Statement of Cash be the section that users are
Flows for the year then ended, likely to focus on first. In this
and notes to the financial case, the auditor has expressed
statements, including a an unmodified audit opinion.
summary of significant
accounting policies. Note: South African
companies need to comply
In our opinion, the with both IFRS and the
accompanying financial Companies Act.
statements present fairly, in all
material respects, the financial
position of Ntsimbi Piping
Proprietary Limited as at 31
December 20X1, and its
financial performance and its
cash flows for the year then
ended in accordance with
International Financial
Reporting Standards (IFRSs)
and the requirements of the
Companies Act of South
Africa.
BASIS FOR OPINION Basis for opinion section

We conducted our audit in The basis for opinion
accordance with International paragraph is included
Standards on Auditing (ISAs). immediately after the opinion
Our responsibilities under section and is required to be
those standards are further included in the auditor’s report
described in the Auditor’s regardless of the type of audit
Responsibilities for the Audit opinion expressed.
of the Financial Statements If the audit opinion is
section of our report. We are ‘modified’, the reasons for the
independent of the company in modification must also be
accordance with the provided as a paragraph in this
Independent Regulatory Board section immediately under the
for Auditors Code of section heading.
Professional Conduct for
Registered Auditors of the
(IRBA Code), together with
the ethical requirements that
are relevant to our audit of the
financial statements in South
Africa. We have fulfilled our
other ethical responsibilities in
accordance with these
requirements and the IRBA
Code. The IRBA Code is
consistent with the
International Ethics Standards
Board for Accountants Code
of Ethics for Professional
Accountants (Part A and B).
We believe that the audit
evidence we have obtained is
sufficient and appropriate to
provide a basis for our
opinion.
KEY AUDIT MATTERS Key audit matters section (ISA

701)
Key audit matters are those
matters that, in our The Key Audit Matters
professional judgement, were (KAMs) section highlights
of most significance in our those matters that, in the
audit of the financial auditor’s professional
statements of the current judgement, were of most
period. These matters were significance in the audit of
addressed in the context of our financial statements of the
audit of the financial current period (and are drawn
statements as a whole, and in from matters that were
forming our opinion thereon, communicated by the auditor
and we do not provide a to those charged with
separate opinion on these governance).
matters. Note: For listed entities it is a
requirement for the auditor to
include the KAMs section.
Whilst the KAMs section has
been included in this report for
illustrative purposes, in reality
it is unlikely to appear in the
auditor’s reports of most
private companies.
Valuation of Financial
Instruments (included for
illustrative purposes only)
Ntsimbi Piping Proprietary
Limited’s disclosures about its
structured financial
instruments are included in the
notes to the financial
statements. The company’s
investments in structured
financial instruments represent
43% of the total carrying
amount of its financial
instruments. Because the
valuation of the structured
financial instruments is not
based on quoted prices in
active markets, there is
significant measurement
uncertainty involved in this
valuation. As a result, the
valuation of these instruments
was significant to our audit.
Ntsimbi Piping Proprietary
Limited has determined it is
necessary to use an entity-
developed model to value
these instruments, due to their
unique structure and terms. We
challenged management’s
rationale for using an entity-
developed model, and
discussed this with those
charged with governance, and
we concluded that the use of
such a model was appropriate.
Our audit procedures also
included, among others,
testing management’s controls
related to the development and
calibration of the model and
confirming that management
had determined that it was not
necessary to make any
adjustments to the output of
the model to reflect the
assumptions that marketplace
participants would use in
similar circumstances.
OTHER INFORMATION Other information section

(ISA 720)
The directors are responsible
The other information section
for the other information. The
other information comprises deals with the auditor’s
responsibilities relating to
the Directors’ Responsibilities
and Approval on page 4, the ‘other information’ that is
presented together with the
Directors’ Report, as required
audited financial statements
by the Companies Act of
(as prescribed by International
South Africa, on pages 5 and
Financial Reporting
6, and the Detailed Income
Standards).
Statement on pages 25–26.
The other information does not In terms of the South African
include the financial Companies Act, the Directors’
statements and our auditor’s Report, Audit Committee’s
report thereon. Report and Company
Secretary certificate form part
Our opinion on the financial
of the financial statements that
statements does not cover the
need to be audited. The
other information and we do
not express any form of information contained in these
assurance conclusion thereon. reports, however, is not
In connection with our audit of presented in the form of
the financial statements, our assertions to allow the auditor
responsibility is to read the to express an opinion thereon.
other information and, in These reports therefore also
doing so, consider whether the qualify as ‘other information’
other information is materially for reporting purposes.
inconsistent with the financial As Ntsimbi Piping is a private
statements or our knowledge company, the Audit
obtained in the audit or Committee Report and
otherwise appears to be Company Secretary certificate
materially misstated. If, based are not applicable, and hence
on the work we have have not been mentioned in
performed, we conclude that this section.
there is a material
misstatement of this other
information, we are required to
report the fact. We have
nothing to report in this regard.
RESPONSIBILITIES OF Directors’ responsibilities

DIRECTORS FOR THE section (ISA 700)
FINANCIAL STATEMENTS This section is important as it
The company’s directors are clearly convey who is
responsible for the preparation responsible for the contents of
and fair presentation of the the financial statements,
financial statements in thereby minimising any
accordance with IFRSs and the expectation gap that may exist
requirements of the from the perspective of the
Companies Act of South users of the financial
Africa, and for such internal statements.
control as the directors These paragraphs cover the
determine is necessary to directors’ responsibilities in
enable the preparation of respect of:
financial statements that are
free from material • Preparing the financial
misstatement, whether due to statements in accordance
fraud or error. with the applicable
In preparing the financial financial reporting
statements, the directors are framework (e.g. IFRS) and
responsible for assessing the for the related internal
company’s ability to continue controls; and
as a going concern, disclosing, • The assessment of the
as applicable, matters related entity’s ability to continue
to going concern and using the as a going concern, and
going concern basis of ensuring the appropriate
accounting unless the directors accounting and/or
either intend to liquidate the disclosure in respect of this
company or to cease matter.
operations, or have no realistic
alternative but to do so.
AUDITOR’S Auditor’s responsibilities

RESPONSIBILITIES FOR section (ISA 700)
THE AUDIT OF THE • This section aims to
FINANCIAL STATEMENTS explain as briefly as
Our objectives are to obtain possible the audit process
reasonable assurance about followed, and the
whether the financial requirements the auditor
statements as a whole are free has to satisfy in conducting
from material misstatement, the audit.
whether due to fraud or error, • These paragraphs are
and to issue an auditor’s report vitally important to assist
that includes our opinion. in the elimination of any
Reasonable assurance is a high potential misunderstanding
level of assurance, but is not a that may exist in the mind
guarantee that an audit of the reader of the
conducted in accordance with auditor’s report/user of the
ISAs will always detect a financial statements about
material misstatement when it the responsibilities of the
exists. Misstatements can arise auditor.
from fraud or error and are • Due to the length of this
considered material if, section, ISA 700 permits
individually or in the auditors not to include the
aggregate, they could full section in the auditor’s
reasonably be expected to reports issued. Only the
influence the economic first paragraph under this
decisions of users taken on the section is always required
basis of these financial in the actual report – the
statements. remainder can be included
As part of an audit in in an Appendix to the
accordance with ISAs, we auditor’s report.
exercise professional
judgement and maintain
professional scepticism
throughout the audit. We also:
• Identify and assess the risks
of material misstatement of
the financial statements,
whether due to fraud or
error, design and perform
audit procedures responsive
to those risks, and obtain
audit evidence that is
sufficient and appropriate
to provide a basis for our
opinion. The risk of not
detecting a material
misstatement resulting
from fraud is higher than
for one resulting from
error, as fraud may involve
collusion, forgery,
intentional omissions,
misrepresentations, or the
override of internal control.
• Obtain an understanding of
internal control relevant to
the audit in order to design
audit procedures that are
appropriate in the
circumstances, but not for
the purpose of expressing
an opinion on the
effectiveness of the
company’s internal control.
• Evaluate the
appropriateness of
accounting policies used
and the reasonableness of
accounting estimates and
related disclosures made by
management.
• Conclude on the
appropriateness of
management’s use of the
going concern basis of
accounting and, based on
the audit evidence
obtained, whether a
material uncertainty exists
related to events or
conditions that may cast
significant doubt on the
company’s ability to
continue as a going
concern. If we conclude
that material uncertainty
exists, we are required to
draw attention in our
auditor’s report to the
related disclosures in the
financial statements or, if
such disclosures are
inadequate, to modify our
opinion. Our conclusions
are based on the audit
evidence obtained up to the
date of the auditor’s report.
However, future events or
conditions may cause the
Company to cease to
continue as a going
concern.
• Evaluate the overall
presentation, structure and
content of the financial
statements, including the
disclosures, and whether
the financial statements
represent the underlying
transactions and events in a
manner that achieves fair
presentation.
We communicate with the

directors, among other matters,
the planned scope and timing
of the audit and significant
audit findings, including any
significant deficiencies in
internal control that we
identify during our audit.
We also provide the directors

with a statement that we have
complied with relevant ethical
requirements regarding
independence, and to
communicate with them all
relationships and other matters
that may reasonably be
thought to bear on our
independence, and where
applicable, related safeguards.
From the matters

communicated with the
directors, we determine those
matters that were of most
significance in the audit of the
financial statements of the
current period and are
therefore the key audit matters.
We describe these matters in
our auditor’s report unless law
or regulation precludes public
disclosure about the matter or
when, in extremely rare
circumstances, we determine
that a matter should not be
communicated in our report
because the adverse
consequences of doing so
would reasonably be expected
to outweigh the public interest
benefits of such
communication.
Signature of the auditor.

Signed in the name of the
auditing firm.
Name of the auditing firm that

was appointed as Registered
Auditor.
Name of the individual

Registered Auditor responsible
for this auditor’s report.
Name, professional
designations and capacity (e.g.
partner/director) of individual
Registered Auditor. Most
importantly needs to be a
Registered Auditor to sign the
auditor’s report.
Date of the auditor’s report

(which is the date after year-
end but before the date
financial statements are
issued).
Address of the auditor (in this

case the address details are
available on the Nolands
letterhead on which the
auditor’s report is printed).
* e format of the auditor’s report is prescribed by ISA 700

(Revised), and is modi ed for South African
circumstances in SAAPS 3. e report above complies
with the requirements of these pronouncements.
15.5.3 Types of audit opinions

Depending on the auditor’s ndings, various different types of audit
opinion can be expressed. e opinion can be either unmodified (i.e.
‘clean’ or standard) or modified (i.e. amended and therefore not standard
or ‘clean’).
15.5.3.1 Unmodified opinion (ISA 700)

When, after having obtained sufficient appropriate audit evidence, the
auditor is satis ed that the nancial statements of a company are fairly
presented in all material respects, the auditor will express an unmodi ed
opinion. e unmodi ed audit opinion is expressed in the section
headed ‘Opinion’ in the auditor’s report.
When an unmodi ed opinion is expressed, it does not mean that no
misstatements were identi ed by the auditor. Management could have
corrected the material misstatements in the nancial statements after the
auditor reported them to management, or the auditor may consider the
uncorrected misstatements to be unlikely to in uence the economic
decisions of users taken based on the nancial statements (i.e. not
material).
15.5.3.2 Modified opinion (ISA 705)

If, after obtaining sufficient appropriate audit evidence or being unable to
obtain sufficient appropriate audit evidence, the auditor is not satis ed
that the nancial statements are fairly presented in all material respects,
the auditor will modify the audit opinion.
e auditor’s inability to obtain sufficient appropriate audit evidence

(also referred to as a scope limitation) may arise from (ISA 705:A8–A12):
• Circumstances beyond the control of the entity
Examples of circumstances beyond the control of an entity may
• When the entity’s accounting records were destroyed by a natural
disaster ( re or oods) and there are no usable backups; and
• When the accounting records of an entity or a signi cant
component of the accounting records of an entity have been seized
for an inde nite period by governmental authorities and are
therefore not available to the auditor.
• Circumstances relating to the nature or timing of the auditor’s work
Examples of circumstances relating to the nature or timing of the
auditor’s work include the following:
• When the date of the auditor’s appointment did not allow the
auditor to attend the inventory count (e.g. he or she was only
appointed long after the end of the nancial reporting period
subject to audit); and
• When the auditor has concluded that performing substantive
procedures alone will not provide sufficient appropriate audit
evidence, but the entity’s controls are not effective and therefore
cannot be relied on to provide audit evidence.
• Limitations imposed by management
Examples of limitations imposed by management include:
• When management prevents the auditor from attending the
inventory count; and
• When management prevents the auditor from obtaining external
con rmations and these are considered necessary by the auditor to
gather sufficient appropriate evidence about particular
assertion(s).
e inability to perform a speci c audit procedure does not constitute a

scope limitation if the auditor can perform alternative audit procedures
to obtain sufficient appropriate audit evidence.
Depending on the materiality (significance) of the matter(s) giving rise
to the modi cation of the audit opinion, the modi cation may take one of
various forms. Matters giving rise to the modi ed opinion can be either:
• Material only; or
• Material and pervasive.
Evaluating the materiality of identi ed misstatements by the auditor was

discussed in section 15.4.3 of this chapter. If a misstatement is considered
by the auditor to be material, the auditor then has to evaluate whether the
misstatement is also pervasive.
Pervasive (i.e. widespread) is a term used to describe the effects of
uncorrected misstatements on the nancial statements and the effects of
possible misstatements on the nancial statements (the latter in cases of
scope limitations). Pervasive misstatements are those material
misstatements that, in the auditor’s judgement (ISA 705.5(a)):
a) Are not con ned to speci c elements, accounts or items of the
nancial statements;
b) If so con ned, represent or could represent a substantial proportion
of the nancial statements; or
c) In relation to disclosures, are fundamental to users’ understanding
of nancial statements.
In the event that the auditor is unable to obtain sufficient appropriate

audit evidence about the existence of inventory as a result of not being
able to attend an inventory count, the scope limitation in this regard will
be considered material but not pervasive (and a qualified opinion will be
expressed – refer to section 15.5.3.2.1). is is because the possible
misstatement of inventory and the related accounts and disclosures is
con ned to speci c elements of the nancial statements, provided
inventory does not constitute a substantial portion of the nancial
statements.
However, consider a situation where Ntsimbi Piping had gained
control over another company during a particular nancial year and in its
consolidated nancial statements failed to consolidate the results of the
acquired company (subsidiary) in terms of IFRS. e subsidiary in this
regard constitutes a material part of the group. Had the consolidation
been performed correctly in terms of IFRS requirements, many elements
in the consolidated nancial statements of Ntsimbi Piping would have
been materially affected. As the material misstatements are not con ned
to speci c accounts, but widespread throughout the consolidated
nancial statements, the misstatements are material and also pervasive.
(As a result, the auditor will consider it appropriate to express an adverse
opinion on the consolidated nancial statements – refer to section
15.5.3.2.2.)
An instance that may lead to a disclaimer of the audit opinion would
be where Ntsimbi Piping has a material joint venture located in a foreign
country. e latter company represents 90% of Ntsimbi Piping’s net
assets. As a result of political unsettledness in the country where the joint
venture is located, the auditor of Ntsimbi Piping is not allowed access to
the management of the joint venture, its auditors, and its auditor’s audit
documentation. e auditor of Ntsimbi Piping will consider this scope
limitation to be material and pervasive (and accordingly disclaim the audit
opinion (i.e. not express any audit opinion on the nancial statements) –
refer to section 15.5.3.2.3).
WHAT The final materiality of Ntsimbi Piping for the 20X1

financial statements is set at R1,230,000. After obtaining
IF? sufficient appropriate audit evidence, the auditor has
identified a number of individual misstatements which,
when aggregated, result in the following misstatements:
• Total assets are overstated by R3,003,000;
• Total liabilities are understated by R1,570,000; and
• Retained earnings are overstated by R4,573,000.
Will the above misstatements be considered material only,
or material and pervasive?
The above misstatements are in excess of the final
materiality figure and are not confined only to specific
elements, accounts or items of the financial statements.
These misstatements affect many important components of
the Statement of Financial Position and Statement of
Comprehensive Income. Therefore, these misstatements are
not only material but material and pervasive.
WHAT The final materiality is set at R1,230,000. The auditor has

identified that the assets and retained earnings are the only
IF? items in the financial statements misstated by R3,003,000
each. Will this misstatement be material only or material
and pervasive?
Since the misstatements are confined to only two items in
the financial statements (assets and retained earnings), the
misstatements are considered to be material only and not
also pervasive.
WHAT The final materiality is set at R1,230,000. The auditor has

identified that the assets and retained earnings are the only
IF? items in the financial statements misstated by R10,000,000.
Assets are a major component of the Statement of Financial
Position. Will this misstatement be material only or
material and pervasive?
Although the misstatement is confined only to assets and
retained earnings, the R10,000,000 misstatement in
comparison to the materiality of R1,230,000 may be
considered pervasive in this instance, as assets are a major
component of the Statement of Financial Position (the
assumption in this scenario is that, if assets are materially
misstated, the financial statements may be regarded as
misleading).
15.5.3.2.1 Qualified opinion

A qualified opinion (i.e. an ‘except for’ opinion) will be expressed when:
• e auditor was able to obtain sufficient appropriate audit evidence
and concludes that the uncorrected misstatement(s) identified by the audit
team are material, but not pervasive. In these cases, the auditor
disagrees with management’s presentation of the nancial statements
in the areas speci ed in his or her auditor’s report; and
• e auditor is unable to obtain sufficient appropriate audit evidence
about an amount or disclosure that is considered material, but not
pervasive. e scope limitation therefore resulted in insufficient audit
evidence available to the auditor to use to form an opinion on speci c
aspects of the nancial statements.
When a quali ed opinion is expressed the Opinion section heading is
renamed ‘Quali ed Opinion’ and the opinion paragraph is modi ed as
follows:
In our opinion, except for the effects of the matter described in the
Basis for Qualified Opinion section of our report, the accompanying
nancial statements present fairly, in all material respects, the
nancial position of Ntsimbi Piping Proprietary Limited as at 31
December 20X1 and its nancial performance and its cash ows
for the year then ended in accordance with International Financial
Reporting Standards (IFRSs) and the requirements of the
e matter that has resulted in the quali cation is described in the ‘Basis
for Opinion’ section, which is renamed ‘Basis for Quali ed Opinion’, in a
paragraph immediately following the section heading.
Say, for instance, the auditor was able to obtain sufficient appropriate
audit evidence about the trade and other receivables account balance. In
obtaining the audit evidence, material misstatements with regard to the
accuracy, valuation and allocation assertion were identi ed relating to
the trade and other receivables account balance and the accuracy of
revenue (being the other side of the double entry), and management
refuses to correct the misstatements detected. e uncorrected material
misstatements will result in a quali ed opinion. e auditor will consider
the misstatement to be material only but not pervasive, as it does not
affect the multiple elements of the nancial statements.
Hence the quali ed audit opinion will be expressed, and the ‘basis for
opinion’ section will be modi ed to include a paragraph containing a
description of the nature and nancial effects of the matter that gave rise
to the quali cation. Refer to SAAPS 3 for examples of such paragraphs.
15.5.3.2.2 Adverse opinion

An adverse opinion will be expressed when the auditor was able to obtain
sufficient appropriate audit evidence and concludes that the
misstatement(s) identified and not corrected by management are material
and pervasive. In these cases, the auditor is convinced by the audit
evidence that he or she disagrees with management’s representation of
When an adverse opinion is expressed, the Opinion section heading is

renamed ‘Adverse Opinion’ and the opinion paragraph is modi ed as
follows:
In our opinion, because of the significance of the matter discussed in

the Basis for Adverse Opinion section of our report, the
accompanying nancial statements do not present fairly the
nancial position of Ntsimbi Piping Proprietary Limited as at 31
December 20X1, its nancial performance and its cash ows for
the year then ended in accordance with International Financial
Reporting Standards (IFRSs) and the requirements of the
e matter(s) that have resulted in the adverse opinion is described in the

‘Basis for Opinion’ section, which is renamed ‘Basis for Adverse Opinion’,
in a paragraph immediately following the section heading. Refer to
SAAPS 3 for examples of such paragraphs.
15.5.3.2.3 Disclaimer of opinion

When the auditor is unable to obtain sufficient appropriate audit evidence
(i.e. there is a scope limitation) about matters that the auditor considers
material and pervasive, the auditor must disclaim (in other words, not
express) an opinion on the nancial statements. e reason is that the
scope limitation was so severe or signi cant that the auditor was unable
to obtain sufficient appropriate audit evidence about multiple elements
of the nancial statements, thereby precluding him or her from forming
an opinion on the nancial statements.
e disclaimer of audit opinion is reported on by renaming the Opinion

section heading ‘Disclaimer of Opinion’ and the opinion paragraph is
modi ed as follows:
We do not express an opinion on the accompanying nancial
statements of XYZ Proprietary Limited. Because of the significance
of the matters described in the Basis for Disclaimer of Opinion
section of our report, we have not been able to obtain sufficient
appropriate audit evidence to provide a basis for an audit opinion
on these nancial statements.
e matter(s) that have resulted in the disclaimer of opinion are

described in the ‘Basis for Opinion’ section, which is renamed ‘Basis for
Disclaimer of Opinion’, in a paragraph immediately following the section
heading.
ere are numerous situations that will give rise to a modi cation of
the audit opinion given the fact that the audit was not satisfactorily
completed, and accordingly the normal auditor responsibilities which are
described in the ‘standard’ report have not been satis ed.
However, a detailed identi cation and discussion of these
modi cations falls outside the scope of this text. However, they can be
referred to in ISA 705 and for more examples, refer to SAAPS 3.
15.5.3.3 Audit opinion diagram

Figure 15.2 demonstrates how the auditor decides which type of audit
opinion to express in the auditor’s report.
Figure 15.2: Decision tree to formulate the appropriate audit opinion
15.5.4 Other sections in the auditor’s report

15.5.4.1 Communicating Key Audit Matters in the Auditor’s report
(ISA 701)
Key audit matters (also referred to as KAMs) are those matters that, in the
auditor’s professional judgement, were of most signi cance in the audit
of the nancial statements of the current period. Key audit matters are
selected from matters communicated with those charged with
governance.
By including information about key audit matters in the auditor’s
report, the auditor will assist users of the nancial statements in better
understanding the entity and the audit (including areas of signi cant
management judgement which are contained in the audited nancial
statements). e reporting of key audit matters is one of the major
changes resulting from the most recently issued auditor reporting
standards, and aims to add value to the auditor’s report from a users’
perspective. However, given the need for this information particularly
when there is a separation of ownership from management, ISA 701 only
requires the reporting on key audit matters in the auditor’s reports of
listed entities – although this does not prevent the auditor reporting on
these matters in the auditor’s reports of other entities.
Where applicable, the description of the key audit matters in the
auditor’s report should be included immediately following the ‘Basis for
Opinion’ section and shall address (i) why the matter is considered to be
a key audit matter and (ii) how the matter was addressed in the audit.
Appropriate reference should also be made to the related disclosures in
15.5.4.2 Emphasis of Matter in the Auditor’s report (ISA 706)

An Emphasis of Matter is inserted in the auditor’s report immediately
after the basis for opinion when the auditor wants to draw users’
attention to a matter adequately presented or disclosed in the nancial
statements, but which the auditor considers important, as it is
fundamental to the users’ understanding of the nancial statements.
Examples of circumstances where the auditor may consider it necessary

to include an Emphasis of Matter paragraph are:
• An uncertainty relating to the future outcome of exceptional litigation
or regulatory action;
• Early application (where permitted) of a new accounting standard that
has a material effect on the nancial statements; and
• A major catastrophe that has had, or continues to have, a signi cant
effect on the entity’s nancial position.
In the Emphasis of Matter paragraph, the auditor indicates to the
nancial statement users the note in the nancial statements where the
important matter is dealt with. The inclusion of an Emphasis of Matter
paragraph is not a modification of the audit opinion – it merely provides
additional important information to users of the nancial statements. It is
certainly not appropriate to use an Emphasis of Matter paragraph in an
auditor’s report in a case where the auditor has identi ed uncorrected
misstatements during the audit that he or she considers not to be
material, merely to warn users that some immaterial uncorrected
misstatements do exist.
15.5.4.3 Other Matter Paragraphs in the Auditor’s report

Where considered necessary, an Other Matter paragraph is inserted in
the auditor’s report to communicate a matter other than that which is
presented or disclosed in the financial statements that is relevant to users’
understanding of the audit, the auditor’s responsibilities or the auditor’s
report (unless it relates to a key audit matter). Such a paragraph is
inserted in the auditor’s report after the basis for opinion section (and
where applicable, after the Key Audit Matters and Emphasis of Matter
sections).
An example, although rare, of when this type of paragraph may be
included in the auditor’s report is when the auditor is unable to withdraw
from the audit and he or she has found it impossible to express an
opinion on the nancial statements due to restrictions imposed by the
auditee’s management. e circumstances around this will then be
explained in the Other Matter paragraph.
Another example of when such a paragraph may be included in the
auditor’s report is when it is appropriate to restrict the distribution of the
auditor’s report only to speci c users. is fact will then be stated in the
Other Matter paragraph.
15.5.4.4 Report on Other Legal and Regulatory Requirements

When the auditor has statutory responsibilities that have to be dealt with
in the auditor’s report, and these fall outside the scope of what must be
reported on in terms of the ISAs for the nancial statement audit, these
matters are highlighted in the auditor’s report under a separate section
headed ‘Report on Other Legal and Regulatory Requirements’. e
auditor’s report will then consist of two sections, i.e.:
• e main section of the auditor’s report, which will be headed ‘Report
on the Audit of Financial Statements’ (and will contain the matters
dealt with in sections 15.5.2 to 15.5.4.3); and
• e second section of the auditor’s report, headed ‘Report on Other
Legal and Regulatory Requirements’.
WHAT What if a company’s directors deliberately failed to disclose

their personal financial interests in contracts with the
IF? company as required by section 75 of the Companies Act?
What will the impact of this non-compliance be on the
auditor’s report?
Provided that this does not impact on the ability of the
auditor to gather sufficient appropriate audit evidence, and
provided the related party transactions are fully disclosed in
the financial statements in accordance with the
requirements of IAS 24, the auditor will include in the
auditor’s report a section headed Report on Other Legal and
Regulatory Requirements to highlight the Reportable
Irregularity that has been reported to the IRBA as a result
of the non-compliance of the directors with the Companies
Act.
15.5.5 Impact of the auditee’s going concern ability

on the auditor’s report
If the auditor concludes, based on the management’s evaluation of going
concern, that the entity is a going concern for the foreseeable future, and
assuming that no other material uncorrected misstatements exists, an
unmodi ed audit opinion should be expressed.
If the auditor concludes that a material uncertainty exists, but the use of
the going concern basis of accounting remains appropriate, and
management has made adequate disclosure of the material uncertainty
in the nancial statements, the auditor should express an unmodi ed
opinion (assuming that no other material uncorrected misstatements
exists), but include a separate section under the heading ‘Material
Uncertainty Related to Going Concern’ in the auditor’s report to:
• Draw attention to the note in the nancial statements that discloses
the material uncertainty in relation to management’s use of the going
concern basis of accounting; and
• Highlight to users the existence of material uncertainty in relation to
management’s use of the going concern basis of accounting and the
fact that the audit opinion is not modi ed in this regard.
is section has to be placed after the ‘Basis for Opinion’ section and the
‘Key Audit Matters’ section (if applicable).
WHAT What if Ntsimbi Piping reported a sizeable loss for the

financial year ended 31 December 20X1? This is an
IF? indicator that Ntsimbi Piping might not remain in business
for the foreseeable future. Management as a result
performed a thorough going concern evaluation (which
included a forecast of revenues and expenses for the
foreseeable future) which indicates that, although there is
an indicator that the entity might not be in operation for the
next 12 months (i.e. the sizeable loss), there are mitigating
factors, and in its view, Ntsimbi Piping is a going concern.
The auditor is satisfied with management’s assessment. The
management of Ntsimbi Piping has further properly
disclosed the circumstances surrounding the material
uncertainty in its 20X1 financial statements.
What will the impact of this be on the auditor’s report?
Provided that there are no material uncorrected
misstatements, the auditor will express an unmodified audit
opinion and include a ‘Material Uncertainty Related to
Going Concern’ section in the auditor’s report immediately
following the ‘Basis for Opinion’ section.
WHAT What if adequate disclosure of the material uncertainty

about the appropriateness of the use of the going concern
IF? basis of accounting is not made in the financial statements?
What type of audit opinion should be expressed by the
auditor and what will the impact be on the auditor’s report?
The lack of disclosure will constitute an uncorrected
misstatement – which will be material. A qualified opinion
will be expressed. If the auditor considers the misstatement
to be material and pervasive, an adverse opinion will be
expressed.
The auditor’s report will include in the ‘Basis for
Qualified/Adverse Opinion’ section of the auditor’s report a
statement that a material uncertainty exists that may cast
doubt on the entity’s ability to continue as a going concern
and that the financial statements do not adequately disclose
this matter.
WHAT What if the auditor believes it to be necessary for

management to make or extend its evaluation of the entity’s
IF? ability to continue as a going concern and management is
unwilling to do so. What type of audit opinion should be
expressed by the auditor?
If management’s evaluation is inadequate, the auditor may
not be able to obtain sufficient appropriate audit evidence
with regard to the appropriateness of the going concern
basis of accounting underlying the financial statements.
This is because it is unlikely that the auditor will be able to
perform alternative procedures to obtain sufficient
appropriate audit evidence about this scope limitation. The
auditor will therefore express a qualified opinion should the
matter be considered material only. If the auditor considers
the matter to be material and pervasive, then the auditor
will disclaim his or her opinion on the financial statements.
If the auditor concludes that the use of the going concern basis of
accounting is inappropriate, but the nancial statements are prepared
using the going concern basis of accounting, the auditor will express an
adverse opinion. e reason for this is as follows:
• When the going concern basis of accounting is used, the nancial
statements items are carried at fair value and/or historical cost in
terms of the requirements of IFRSs. ese fair values and historical
costs will in many instances be signi cantly different to values that
should be attributed to the items if the entity is to be liquidated. Use of
the going concern basis of accounting when the entity is facing
liquidation will therefore result in numerous material uncorrected
material misstatements – which will be pervasive.
Refer to the going concern decision tree contained in SAAPS 3 Appendix

1 for a summary of the audit opinion to be expressed in relation to
different circumstances the auditor may encounter in relation to the
going concern ability of the auditee.
WHAT What if the intention of placing a company in business

rescue proceedings is to rehabilitate a company to be a
IF? going concern and the auditor concludes (after obtaining
sufficient appropriate audit evidence in this regard) that the
company will be rehabilitated to be a going concern?
Provided that management has disclosed (in a note in the
financial statements) the fact that the company has been
placed in business rescue proceedings, but it is considered
that the company will be rehabilitated to be a going
concern, the auditor expresses an unmodified audit opinion
and includes a ‘Material Uncertainty Related to Going
Concern’ paragraph in the auditor’s report immediately
following the ‘Basis for Opinion’ section.
WHAT What if the financial statements are prepared on a

liquidation basis (with full disclosure of the basis of
IF? accounting) because the intention of placing the company
in business rescue proceedings is only to award a better
return to the shareholders and creditors (and not to
rehabilitate the company to be a going concern)?
Since the financial statements will be fairly presented, the
auditor will express an unmodified audit opinion, and
include an Emphasis of Matter paragraph in the auditor’s
report to highlight the note explaining the basis of
accounting (liquidation basis).
WHAT What if the financial statements are prepared using the

going concern basis of accounting although the intention of
IF? placing the company in business rescue proceedings is only
to award a better return to the shareholders and creditors
(and not to rehabilitate the company to be a going
concern)?
The financial statements will not be fairly presented (they
should instead have been prepared on the liquidation basis)
and therefore the auditor will express an adverse opinion as
the resulting uncorrected misstatements are material and
pervasive.
Should management incorrectly handle going concern-related matters in

the nancial statements, there is a distinct risk that a contravention of
section 29(2) of the Companies Act will arise. is section prohibits
nancial statements from being false, incomplete or misleading in any
material respect, and directors who are party thereto will be guilty of a
criminal offence. erefore, if a company’s management inappropriately
presents the nancial statements using the going concern basis of
accounting when the company is not a going concern, or provides
inadequate disclosure with regard to a material uncertainty relating to
going concern, this may lead to a contravention of the Companies Act.
is contravention is likely to give rise to a Reportable Irregularity (refer
to section 3.5 of Chapter 3) and, once this is reported to the IRBA as such,
the auditor has to highlight this fact in the auditor’s report under the
section ‘Report on Other Legal and Regulatory Requirements’.
For questions 1 to 20, state whether the statement is true or false:
1. Subsequent events are de ned as events occurring between the date
of the nancial statements and the date of the auditor’s report. (LO
17)
2. Adjusting subsequent events require only disclosure in the form of a

note to the nancial statements. (LO 18)
3. e auditor has an obligation to obtain sufficient appropriate audit

evidence with regard to subsequent events to ensure that they are
properly accounted for by management in terms of IAS 10. (LO 19 &
20)
4. Obtaining an attorney’s con rmation letter providing information
about litigation against the entity is one of the types of audit
procedures the auditor will perform in identifying subsequent
events. (LO 21)
5. Business rescue proceedings are undertaken exclusively to

rehabilitate the company to be able to continue as a going concern.
(LO 30 & 31)
6. Once a company is placed in business rescue proceedings, it will be

an indication to the auditor that the nancial statements should be
prepared on the liquidation basis. (LO 32)
7. If the intention of placing the company in business rescue

proceedings is only to award a better return to the shareholders and
creditors and not to rehabilitate the company to be a going concern,
the auditor will express an unmodi ed audit opinion with an
Emphasis of Matter paragraph if the nancial statements are
prepared on a liquidation basis. (LO 33)
8. Factual insolvency exists when an entity is not able to pay its debts in
the normal course of business. (LO 27)
9. e auditor will only assess the going concern ability of the entity if
management or those charged with governance requests the auditor
to do so. (LO 23)
10. If nal materiality is different from performance materiality, the

auditor will use performance materiality in assessing the
misstatements identi ed during the audit. (LO 3 & 5)
11. In expressing an opinion, the auditor provides absolute assurance on

the nancial statements of the company. (LO 8)
12. e only objective of an audit is for the auditor to express an opinion

on whether the nancial statements are in compliance with the
International Financial Reporting Standards (IFRSs). (LO 8)
13. Audits of South African companies are performed in accordance
with the ISAs. (LO 8)
14. When the auditor has obtained sufficient appropriate audit evidence
about the nancial statements and is satis ed that they are fairly
presented, the auditor will express a type of a modi ed audit
opinion. (LO 11)
15. When the auditor is unable to obtain sufficient appropriate audit

evidence about a matter and there are no alternative audit
procedures that can be performed, and the auditor considers such
matter to be material only, the auditor will disclaim his or her
opinion on the nancial statements. (LO 11)
16. When the auditor has obtained sufficient appropriate audit evidence
and has identi ed material misstatements that are also considered to
be pervasive, and management refuses to correct these
misstatements, the auditor will express an adverse opinion. (LO 11)
17. Emphasis of Matter, Other Matter and Material Uncertainty Related

to Going Concern paragraphs do not lead to modi cation of the
audit opinion. (LO 13)
18. Other Matter paragraphs, including the Report on Other Legal and
Regulatory Requirements paragraphs, are included in the auditor’s
report to highlight to the users matters presented or disclosed in the
nancial statements. (LO 13)
19. When a Reportable Irregularity exists, it will be highlighted in the

Emphasis of Matter paragraph of the auditor’s report. (LO 12)
20. In terms of ISA 701, the auditor has a responsibility to communicate

‘key audit matters’ in the auditor’s report for all entities by which the
auditor is engaged to perform a statutory audit. (LO 13)

21. When an entity prepares its nancial statements using the going
concern basis of accounting, it prepares them with an assumption
that it will continue with its operation for a period of at least _______
months after the end of the nancial reporting period. (LO 22)
a) 6
b) 12
c) 18
d) 24
22. Which one of the following does not constitute an audit procedure
performed by the auditor in assessing the appropriateness of
preparing the nancial statements using the going concern basis of
accounting? (LO 26)
a) Discussion with management or those charged with governance
about events or conditions that may cast doubt on the entity’s
ability to continue as a going concern
b) Review of management’s assessment of the entity’s ability to
continue as a going concern
c) Attending the inventory count to identify obsolete inventory
d) Obtaining management’s written representations regarding
their plans and future actions and the feasibility of these plans
and actions
23. Which one of the following is an operating indicator of potential

going concern problems at the auditee? (LO 24)
a) Liabilities exceed assets
b) Unable to pay debts as they fall due in the normal course of
business
c) Resignation of the chief operating officer without a suitable
replacement being appointed
d) Change from credit to cash-on-delivery transactions with
suppliers
24. Which one of the following is considered the most appropriate
mitigating factor by management when revenue has decreased as a
result of loss in a market share? (LO 24 & 25)
a) Entering into sale-and-leaseback contracts
b) Raising additional capital
c) Introducing a new product line
d) Keeping minimal inventory levels on hand
25. Which type of audit opinion will be expressed by the auditor if, in the
auditor’s judgement, management’s use of the going concern basis of
accounting in the nancial statements is inappropriate? (LO 29)
a) Unmodi ed
b) Quali ed
c) Adverse
d) Disclaimer
26. Business rescue proceedings normally take a period of _____ months

to be completed. (LO 30)
a) 3
b) 6
c) 9
d) 12
27. If an entity has a going concern material uncertainty and the auditor
is satis ed with management’s assessment of the entity’s going
concern ability and the related disclosure, what will the impact on
the auditor’s report be? (LO 14)
a) Quali ed opinion with an Emphasis of Matter paragraph
b) Unmodi ed opinion with a Material Uncertainty Related to
Going Concern paragraph
c) Adverse opinion with an Emphasis of Matter paragraph
d) Unmodi ed opinion with an Emphasis of Matter paragraph
28. Contrast management’s and the auditor’s responsibilities with regard
to the use of the going concern basis of accounting in the nancial
statements. (LO 23)
29. Brie y explain the purpose of the subordination agreement and its
impact on the auditor’s assessment of the appropriateness of the
going concern basis of accounting. (LO 25 & 28)
30. De ne the term ‘misstatements’. (LO 1)
31. De ne the term ‘key audit matters’. (LO 12)
32. A nal materiality gure of R50,000 has been set for the audit of ABC
Ltd. Management of ABC Ltd has recorded an allowance for credit
losses at R65,000 below the amount recorded in the prior year,
although the trade and other receivables account has increased from
the prior year. e auditor believes that the allowance for credit
losses should in fact be R15,000 more than the prior year.
a) What is the amount by which the allowance for credit losses is
misstated? (LO 4)
b) State what type of misstatement the above will be an example
of. (LO 2)
c) Explain whether the misstatement in the allowance for credit
losses is material. (LO 5)
d) Provide the correcting journal entry for the allowance for credit
losses. (LO 4)
33. Contrast the auditor’s and management’s responsibilities with regard

to misstatements in the nancial statements. (LO 6)
34. If there are uncorrected misstatements that are material only, what
type of audit opinion will the auditor express? (LO 7)
35. How does the auditor word an unmodi ed audit opinion in the
‘Opinion section’ of the auditor’s report? (LO 10)
36. If the auditor disclaims his or her audit opinion, how will the
‘Opinion section’ in the auditor’s report be worded? (LO 16)
1 In practice, these dates are often the same.

The independent CHAPTER 16
review
Graeme O’ Reilly
CHAPTER CONTENTS
Learning outcomes
Reference list
16.2 What are the statutory and regulatory requirements
surrounding an independent review?
16.3 How does one conduct an independent review?
LEARNING OUTCOMES
1. Explain the differences between reasonable and limited

assurance engagements.
2. Identify the conditions leading to an entity requiring an
independent review.
Describe which persons can perform independent reviews taking
3.
into account the public interest score of the entity.
4. Describe the requirements that have to be met to qualify as an
independent professional accountant.
5. Explain the differences between Reportable Irregularities for
independent reviews and for audits.
6. Understand the various pronouncements that dictate the scope of
an independent review.
7. Describe the primary differences and similarities between
independent reviews and audits in terms of:
a) Pre-engagement acceptance considerations;
b) Engagement planning considerations;
c) Considerations relating to the performance of the
engagement;
d) Considerations relating to the finalisation of the engagement;
e) Considerations relating to reporting on the conclusions
reached in the engagement; and
f ) Documentation of the engagement.
REFERENCE LIST

2013) International Standard on Review Engagements (ISRE) 2400
(Revised) Engagements to Review Historical Financial Statements.
Companies Act 71 of 2008, specifically section 30.
Companies Regulations 2011, specifically regulations 26, 28 and 29.
16.1.1 e nature of an independent review
Independent reviews as a general type of assurance engagement have
existed for many years, but were only recently introduced as an
alternative to the audit for South African companies that meet certain
requirements by the Companies Act 71 of 2008 and the Companies
Regulations 2011 and, like the more traditional audit engagement, also
result in the issuing of a conclusion on the fair presentation of a set of
financial statements. e work effort associated with an independent
review is less onerous than the work effort in an audit and so
independent reviews may be seen to be a more cost-effective form of
assurance. Independent reviews do not, however, provide the same
level of assurance as the audit.
In terms of ISRE 2400 (Revised) (Engagements to review historical
financial statements), a review of historical financial statements – or
an independent review as we refer to it in South Africa – is a limited
assurance engagement. You will recall from Chapter 1 that a distinction
was made between reasonable assurance and limited assurance
engagements.
Audits are reasonable assurance engagements in that they are
designed to reduce audit risk to acceptably low levels in order to
provide relatively high levels of assurance or comfort to users of
financial statement information (remember from Chapter 12 that audit
risk is the risk that the auditor expresses an inappropriate opinion when
the financial statements contain material misstatement). Reasonable
assurance engagements result in a positive form of expression of
opinion in the auditor’s report – in other words, ‘based on the work we
have performed, the financial statements are fairly presented’.
Reviews, however, are limited assurance engagements. ey are
designed to reduce engagement risk1 to acceptable levels, but it is a
given that these levels will always be higher than those of a reasonable
assurance engagement. Review reports will therefore always provide
less assurance or comfort to users of financial statement information
than reports issued on the basis of an audit. Limited assurance
engagements result in a negative form of expression of opinion in the
review report – in other words, ‘based on our review, nothing has come
to our attention that suggests that the financial statements of X do not
present fairly in all material respects’.
erefore, whereas an independent review may be a more cost-
effective form of assurance, users must realise that the extent of reliance
that they can place on the content of this type of assurance is lower.
Table 16.1 provides a summary.
Table 16.1: Reasonable versus limited assurance engagements
REASONABLE ASSURANCE LIMITED ASSURANCE

ENGAGEMENT ENGAGEMENT
Audit Independent review
Aimed at reducing audit risk to Aimed at reducing engagement

acceptably low levels risk to acceptable levels, but
these levels will always be
higher than for audits
Higher degree of comfort can be Lower degree of comfort can be

drawn from the opinion drawn from the opinion
Opinion expressed in the Opinion expressed in the

positive negative
More onerous and so possibly Less onerous and so possibly

more costly less costly
16.1.2 Differences between independent

reviews and audits
Given that both the audit and the independent review result in an
opinion (in the case of an independent review, actually a conclusion)
being expressed about the financial statements, there are bound to be
similarities in the process followed during the performance of each one.
Both types of engagement have to be accepted, planned, performed,
finalised and then reported on.
e levels of assurance provided by each are, however,
fundamentally different and in that regard, because the levels of
assurance provided by a review are less than those provided by an audit,
the process and procedures undertaken during a review (i.e. the work
effort) tend to be less onerous and more limited in comparison to those
of an audit.
One of the fundamental differences between a review and an audit
is that the conclusions reached through performing a review
engagement are primarily supported by enquiry and analytical
procedures (and not through the inspection of documentation arising
through the testing of transactions (i.e. substantive tests of details), nor
through the testing of operating effectiveness of internal controls (i.e.
tests of controls)). ese fairly limited substantive procedures (which
have the effect of increasing detection risk), coupled with an absence of
evidence regarding the reliability of internal controls (resulting in high
control risk), lead to the higher levels of engagement risk in review
engagements (and hence a lower level of assurance expressed by the
practitioner).
At this stage in the text, you should have a good understanding of
the assurance process as it relates to audit engagements. ere would
be no value in duplicating aspects of this process that are common to
the independent review process. In section 16.3 of this chapter we will
therefore work through the various stages of the review and only
highlight, for each stage, the key differences between independent
reviews and audits.
Before doing this, however, it is important first to consider the
statutory and regulatory requirements leading to and surrounding an
independent review.
16.2 What are the statutory and regulatory
requirements surrounding an
independent review?
16.2.1 Applicability of independent reviews
In Chapter 3 we saw that if a company does not have to be audited in
terms of the Companies Act and Companies Regulations (Chapter 3,
section 3.1), then it must either be voluntarily audited or independently
reviewed (Chapter 3, section 3.2). e only exception to this is for
companies that do not have to be audited and are owner-managed (i.e.
the shareholders/owners are also all directors of the entity).
In general, the Companies Act thus aims to ensure that:

• All companies with high levels of public interest must be audited;
• Companies with very limited levels of public interest (the owner-
managed exception above) do not need any external opinion on
their financial statements (i.e. they require neither an audit nor a
review); and
• Companies in between these two extremes of public interest must at
least be independently reviewed (remember that they can also be
voluntarily audited if their Memorandum of Incorporation requires
it or if their board of directors choose to do this).
CRITICAL THINKING
Might a company that doesn’t require an audit or an
independent review, voluntarily elect to have their statements
reviewed rather than audited?
Technically, there is nothing that prevents a company from doing
this. The independent review might then present a more cost-
effective solution to a company that at least wants to provide
some assurance to users about their statements.
16.2.2 Persons eligible to perform independent

reviews
e Companies Regulations stipulate which persons may perform
independent reviews and under which circumstances (regulation 29(4))
and create two distinct categories of independent review for this
purpose, based on the company’s public interest score.
16.2.2.1 Category 1: Companies with a public interest score

of 100 or more
For companies that fall into this first category, there are two types of
persons who may perform the independent review:
• A Registered Auditor (RA) (i.e. registered with the IRBA and eligible
to perform statutory audits); or
• A member in good standing with a professional body that has been
accredited in terms of section 33 of the Auditing Profession Act 26 of
2005 (APA). Currently, the only professional body accredited in
terms of this section in the APA is SAICA. e second type of person
who is therefore able to perform an independent review of a
company is a member of SAICA. When the Companies Act and
regulations were promulgated, Chartered Accountants (SA) were
the only members of SAICA.
16.2.2.2 Category 2: Companies with a public interest score

of less than 100
For companies in this second category, there are three types of person
who may perform the independent review:
1. A Registered Auditor (same as the first category); or
2. A member in good standing with SAICA (same as the first
category); or
3. A person qualified to be appointed as an accounting officer in
terms of section 60(1), (2) or (4) of the Close Corporations Act 69 of
1984.
CRITICAL THINKING
Which organisations currently qualify to have their members
act as accounting of cers in terms of the Close Corporations
Act?
The Companies and Intellectual Property Commission (CIPC)
currently recognises the following accounting professions for
purposes of appointment as accounting of cers in terms of the
Close Corporations Act 69 of 1984:
• The South African Institute of Chartered Accountants (SAICA);
• Auditors registered in terms of the provisions of the APA (RA);
• The Southern African Institute of Chartered Secretaries and
Administrators (ICSA);
• The Chartered Institute of Management Accountants (CIMA);
• The South African Institute of Professional Accountants
(SAIPA);
• The Institute of Accounting & Commerce (IAC) – members who
have obtained the Diploma in Accountancy;
• The Association of Chartered Certi ed Accountants (ACCA);
• The Chartered Institute of Business Management (MCIBM);
• The South African Institute of Business Accountants (SAIBA);
and
• The South African Institute of Government Auditors (SAIGA).
Note: e Companies Regulations speci cally exclude section 60(3) of the

Close Corporations Act. is section enables members or employees of a
close corporation, or a rm whose partners or employees are also
members of or employed by the corporation, to act as that corporation’s
accounting officer if all members agree to this decision in writing.
In terms of regulation 29(5) of the Companies Regulations, an
independent review of a company’s annual financial statements cannot
be carried out by an independent professional accountant who was
involved in the preparation of those annual financial statements. In
other words, the independent reviewer cannot also have prepared the
annual financial statements.
CRITICAL THINKING
What is an independent professional accountant?
In terms of regulation 26(1)(d), an independent professional
accountant is:
1. A person who quali es to perform an independent review in
terms of regulation 29; and
2. Does not have a personal nancial interest in the company or
a related or interrelated company; (Typical examples of
personal nancial interests include owning shares in the
company or having lent money to the company. Related or
interrelated companies include holding companies,
subsidiary companies or fellow subsidiary companies (i.e.
any company within a group of companies of which the
company concerned is a part)); and
3. Is not involved in the day-to-day management of the
company’s business, nor has been so involved at any time
during the previous three nancial years; or
4. Is not a prescribed of cer, or full-time executive employee of
the company or another related or interrelated company, nor
has been such an of cer or employee at any time during the
previous three nancial years; and
5. Is not related to any person set out above in points 2, 3 or 4.
16.2.3 Reportable Irregularities discovered
during an independent review
Regulation 29(6) requires that independent reviewers send a written
report, without delay, to the Companies and Intellectual Properties
Commission (CIPC) when they are satisfied or have reason to believe
that a Reportable Irregularity has taken, or is taking, place.
Although the guidance relating to Reportable Irregularities for
review engagements in the Companies Regulations is fairly brief, the
principles behind these irregularities are the same principles that drive
the Reportable Irregularities that are required to be communicated by
auditors to the IRBA in terms of the APA.
It is, however, important to note that there are some differences
between these review engagement Reportable Irregularities and their
requirements and those required to be reported on by auditors in terms
of the APA.
Reportable Irregularities within an audit context are covered
extensively in Chapter 3 (section 3.5) and this section therefore focuses
only on the differences between Reportable Irregularities in the context
of a review engagement as opposed to an audit engagement.
16.2.3.1 What is a Reportable Irregularity for purposes of a

review engagement?
Regulation 29(1)(b) defines a Reportable Irregularity for purposes of an
independent review as being:
1. Any act or omission;
2. Committed by any person responsible for management of a
company;
3. Which
a) Unlawfully has caused or is likely to cause material financial
loss to the company or to any member, shareholder, creditor,
or investor of the company in respect of his, her or its dealings
with the company; or
b) Is fraudulent or amounts to theft; or
c) Causes or has caused the company to trade under insolvent
conditions.
We hope you spotted the major difference in this definition compared

to the one for audit purposes.
e third qualifying aspect (3(c) above) that would trigger the need
to report is different to the one contained in the APA regarding audits.
In the auditing context, there is a reference to ‘any material breach of
fiduciary duty’. With the independent review, this has been replaced
with only one specific breach of fiduciary duty (albeit a fairly serious
one) that would trigger the need to report.
Section 22 of the Companies Act prohibits a company from trading
under insolvent conditions. Insolvent conditions are where the
company’s assets (fairly valued) do not exceed its liabilities and the
company is therefore unlikely to be able to honour any new third-party
transactions it enters into, let alone be able to settle existing liabilities.
16.2.3.2 What are the reporting requirements that have to

be met should a Reportable Irregularity be
identified during an independent review?
Regulation 29(6) indicates that the duty to report arises where an
independent reviewer is satis ed or has reason to believe that a
Reportable Irregularity has taken place, or is taking place.
is suggests that as soon as an independent reviewer believes there
is an irregularity, it has to be reported. e reviewer does not therefore
require hard proof to substantiate his or her reason to believe. Having
said this, regulation 29(10) does allow an independent reviewer to ‘carry
out such investigation as he may consider necessary’ when the duty to
report arises.
Bear in mind that the first reporting duty is to the CIPC directly and
not to the company.
So, what is the reporting path that has to be followed once an
independent reviewer becomes satisfied (or has reason to believe) that
a Reportable Irregularity has taken place or is currently taking place?
When compared to the reporting requirements for the auditor, the

process to be followed for the independent reviewer is identical:
Step 1 – Notify the regulatory body.
Step 2 – Advise the board of directors of the company.
Step 3 – Discuss the Reportable Irregularity with the members of the
board of the company.
Step 4 – Send a second report to the regulatory body.
Within these four steps, there are however two subtle differences in how
Reportable Irregularities are dealt with in an independent review
compared to when an audit is involved:
1. e regulatory body for the independent reviewer is the CIPC,
whereas for the auditor it is the IRBA.
2. Independent reviewers have 20 business days to discuss the
contents of the report with the members of the board of the
company, whereas auditors have 30 days (no reference to business
days).
CRITICAL THINKING
Is an RA who conducts an independent review of a company’s
annual nancial statements and who identi es a Reportable
Irregularity during the review engagement, guided by the APA
or by the Companies Regulations?
The guideline document published by the IRBA on Reportable
Irregularities for auditors speci cally excludes the independent
review from the de nition of an audit that an RA would have to
report on in terms of the APA’s Reportable Irregularity
requirements.
In other words, RAs performing independent reviews are not
doing so in their capacity as RAs but rather as independent
professional accountants, and so they need to comply with the
Companies Regulations’ regarding independent reviews and their
Reportable Irregularities requirements (and not with the APA
requirements).
16.2.4 e scope of an independent review

It is important to note that reviews are not conducted in accordance
with requirements set out in the ISAs – these are applicable to audits.
Instead, they are conducted entirely in terms of the requirements set
out in the International Standard on Review Engagements 2400
[ISRE 2400 (Revised)]. Para 19 of the ISRE requires practitioners (the
person(s) who perform the review) to ‘comply with each requirement of
this ISRE, unless that requirement is not relevant …’
Given that ISRE 2400 (Revised) is only one standard that spans 85
pages in length and that there are 37 separate ISAs covering many
hundreds of pages in total, it should not be surprising to learn that the
requirements applicable to reviews are significantly fewer than those
applicable to audits.
Practitioners performing reviews are required to comply with
‘relevant ethical requirements, including those pertaining to
independence’. e explanatory paragraphs then make specific
reference to the need to comply with the five fundamental principles set
out in the IESBA International Code of Ethics for Professional
Accountants (on which the SAICA/IRBA Code of Professional Conduct
is based). ese principles, and ethics in general. have been covered in
depth in Chapter 2.
Like audits, reviews are also carried out within the scope of ISQC 1,
a quality control standard that aims to ensure that all professional
service engagements performed by the firm are conducted in
accordance with the applicable engagement and ethical standards, and
that the reports issued are appropriate in the circumstances.
Also similar to audits, practitioners are required by the ISRE to
conduct reviews with professional scepticism and through exercising
professional judgement.
Now we turn to some further differences and further similarities
between independent reviews and audits.
16.3 How does one conduct an

independent review?
As mentioned in the introductory section to this chapter, given that a
review results in assurance being provided on financial statement
information, it is not surprising that conducting the review will follow
the same basic format as an audit in terms of acceptance, planning,
performing, finalising and reporting activities.
We will now consider each of these stages in turn and highlight the
differences and similarities between the review requirements (in terms
of ISRE 2400 (Revised)) and the audit requirements (in terms of the
ISAs) for each stage.
16.3.1 Activities prior to, and during, the

acceptance of the engagement
Paragraphs 25(d)(i) and (ii) of ISRE 2400 (Revised) require that the
engagement partner for a review:
• Be satisfied that appropriate procedures regarding acceptance and
continuance of client relationships and engagements have been
followed; and
• Be satisfied that the engagement team collectively has the
appropriate competence and capabilities, including assurance skills
and techniques and appropriate expertise in financial reporting, to
be able to meet the ISRE requirements.
More detailed guidance on these acceptance and continuance

procedures is provided in paragraphs 29 (which prescribes the
conditions under which a practitioner should not accept a review
engagement) and 30 (which includes the same preconditions for
accepting a review engagement as those that apply to audit
engagements).
Paragraphs 36 and 37 of the ISRE require that the terms of the review
engagement be agreed on and be reduced to writing in an engagement
letter.
In essence, therefore, the requirements for pre-engagement
activities in independent reviews are very similar to those for audits.
16.3.2 Planning the engagement

Planning activities typically involve understanding the entity in order to
identify and assess risks of material misstatement, designing responses
to reduce these identified risks to acceptable levels, and setting
planning materiality guidelines. Although the review requirements
address all three of these aspects, it is in significantly less detail than
those prescribed by the ISAs (discussed in detail in Chapter 12). ere is
a greater need for professional judgement when planning a review
engagement.
16.3.2.1 Understanding the entity

Paragraphs 45 and 46 of the ISRE require that the practitioner obtain an
understanding of the entity and its environment to identify areas in the
financial statements where material misstatements are likely to arise
and thereby provide a basis for designing review procedures to address
these areas.
Although the guidance provided in the ISRE is substantially less

detailed than that contained in ISA 315, what has to be understood
about the entity that is subject to the review engagement is not
dissimilar to what is required when performing an audit of an entity,
and includes an understanding of:
• e industry, regulatory and other external factors affecting the
entity;
• e nature of the entity itself;
• e entity’s accounting systems and accounting records; and
• e entity’s selection and application of accounting policies.
However, in a review, considerably less emphasis is placed on the need
to understand internal control components than in the case of an audit.
ere is also no reference to formal risk assessment to the same
degree as contained in ISA 315. For example, risk of material
misstatement does not have to be assessed at both financial statement
and account balance/class of transactions/disclosure level. e
requirement in a review is simply that sufficient understanding of the
entity has to be obtained in order to identify areas in the financial
statements that may contain material misstatement.
16.3.2.2 Designing procedures to respond to identified risks

In obtaining sufficient evidence to support his or her conclusions in a
review engagement, the practitioner normally designs and performs
enquiry and analytical procedures only.
Available responses to address identified risks are therefore much
more limited in a review engagement than in an audit engagement, but
then it is important to remember that review engagements only provide
limited assurance, thus making it unnecessary to perform extensive
procedures in support of the conclusions that are reached.
Paragraph 49 requires that consideration be given to the adequacy
of the data from the entity’s accounting system when considering the
design of analytical procedures.
16.3.2.3 Setting planning materiality guidelines

Paragraph 43 of the ISRE requires that the practitioner determines
materiality for the financial statements as a whole and that this should
be applied when designing procedures and when evaluating results
obtained through those procedures.
ere is, however, no detailed guidance as to how to determine
materiality similar to what is provided by ISA 320 for the audit process.
ere is also no reference to performance materiality in a review.
Paragraph 44 reminds practitioners of the need to consider revising
materiality should new information come to light during the course of
the review. is is also required for audit engagements.
CRITICAL THINKING
Why is it not a requirement to set performance materiality
levels for a review engagement?
Because reviews primarily incorporate enquiry and analytical
review procedures, the resulting evidence aims to provide a
measure of comfort about reasonableness rather than any
assessment of exact numerical correctness (which is what we
require for an audit).
In an audit, performance materiality is primarily used to
assist in determining the type of procedure to perform (the
nature of procedures to respond to identi ed ROMM) and the
associated extent of these procedures (sample sizes, for
example). Given that reviews only incorporate enquiry and
analytical review procedures, there is a limitation in terms of the
choice of the nature of testing, and furthermore, given that a
review does not plan for the use of substantive tests of detail,
there is no need to determine sample sizes.
Materiality is thus only considered for the nancial
statements as a whole in a review engagement.
16.3.3 Performing the engagement

As already indicated, one of the primary differences between reviews
and audits is that reviews consist primarily of enquiry and analytical
procedures. Reviews will not ordinarily include the testing of internal
control nor the performance of substantive tests of details.
e nature of the enquiries and analytical procedures performed in
a review engagement are identical to those utilised during an audit
engagement. ese procedures have been discussed in Chapter 13
(sections 13.3.3.3 and 13.3.3.4 respectively).
Paragraph 48 requires that as a minimum, during the performance of a
review engagement, enquiries addressing the following areas be made:
1. How do management make any significant accounting estimates?
2. Identification of related parties and related party transactions.
3. Any significant, unusual, or complex transactions, events or
matters, including:
a) Any changes in business activities or operations.
b) Any changes to terms of contracts (finance/debt) that
materially affect the financial statements.
c) Any significant journal entries or other adjustments to the
financial statements.
d) Any significant transactions occurring or recognised near the
end of the reporting period.
e) Status of any previously identified uncorrected misstatements.
f) Effects or possible implications of any related party
transactions or relationships.
4. Existence of any actual, suspected or alleged fraud, illegal acts, or
areas of material non-compliance with laws and regulations.
5. Whether management have identified and addressed any adjusting
subsequent events.
6. Management’s basis for the assessment of the entity’s ability to
continue trading as a going concern.
7. Are there any events or conditions that appear to cast doubt over
the going concern ability of the entity?
8. Are there material commitments, contractual obligations or
contingencies that may affect the financial statements?
9. Are there any material non-monetary transactions (or transactions
for no consideration) in the financial reporting period?
Although nowhere near the depth provided in the specific ISAs dealing
with these aspects from an audit perspective, the ISRE does provide
specific guidance with regard to:
• Related parties (paragraphs 50 and 51);
• Fraud and non-compliance with laws or regulations (paragraph 52);
• Use of work performed by others (paragraph 55); and
• Written representations (paragraphs 61 to 65).
Paragraph 56 specifically requires that the practitioner reconciles the

financial statements to the underlying accounting records.
CRITICAL THINKING
Why do you think the requirement in paragraph 56 has been
speci cally included?
The focus of an independent review is on enquiry and analytical
procedures. These procedures will generally be performed on the
nancial statement information, because this is what the
independent reviewer is seeking to express his or her review
opinion on. There may therefore be little need for the
independent reviewer to examine any of the actual accounting
records and he or she may thus not pick up any inconsistencies
between the nancial statements and accounting records
through the normal course of review procedures.
It is clearly important that the nancial statements do agree
with the underlying records (which contain the details of the
underlying transactions and events in the business) and hence
the requirement that the independent reviewer speci cally seeks
to con rm this.
It is important to note that if the enquiries or analytical procedures

conducted during the review highlight that the financial statements
may be materially misstated, the practitioner is required to design and
perform additional procedures to conclude on whether the matter
identified does in fact materially misstate the financial statements or
not. ese additional procedures may include further enquiry or
analytical procedures or may include other procedures (such as
substantive tests of details – e.g. external confirmations).
Now that you have a better understanding of the kind of procedures
that are required for an independent review, let’s compare the audit and
review procedures further by looking at an example.
For both an audit and a review engagement, the practitioner is
required to reach a conclusion about the completeness of revenue. How
will the audit practitioner approach this objective, in comparison with
the review practitioner?
Table 16.2: A comparison between audits and independent reviews
NATURE OF THE
PROCEDURES TO
BE PERFORMED THE INDEPENDENT
THE AUDIT
ON THE REVIEW
COMPLETENESS
OF REVENUE
Tests of control The auditor is While the independent

required to obtain reviewer is required to
an understanding obtain an understanding
of the revenue of the revenue
information accounting system and
system and accounting records, he
related control or she is not required to
activities and, understand the related
provided the control activities.
control activities
The independent
are well designed reviewer will never
and properly choose to place reliance
implemented by on control activities
the entity, is likely contributing to the
to opt to place completeness of revenue
reliance on these
and will therefore never
NATURE OF THE perform tests of controls
PROCEDURES TO on the control activities
BE PERFORMED that
THE affect the
INDEPENDENT
THE AUDIT completeness of
ON THE REVIEW
COMPLETENESS revenue.
OF REVENUE
control activities
and thus perform
tests of controls
to obtain the
necessary
assurance that
the control
activities
contributing to the
completeness of
revenue are
operating
effectively.
Enquiry The auditor For the independent

typically performs reviewer, enquiry is used
an enquiry during to obtain evidence about
the understanding the completeness of
of the entity/risk revenue. The responses
assessment to the enquiries do not,
phase of the audit however, need to be
but it will not be to veri ed unless they
obtain evidence indicate the possibility of
about the material misstatement.
completeness of
Enquiry thus becomes
revenue. Rather, an important source of
the results of the evidence for the
enquiry will direct independent reviewer.
the design of
NATURE OF THE further audit
PROCEDURES TO procedures.
BE PERFORMED The auditor may THE INDEPENDENT
THE AUDIT
ON THE also use enquiry REVIEW
COMPLETENESS to follow up on
OF REVENUE any anomalies
identi ed during Questions that may be
tests of details (or asked include:
other procedures
1. Are all sale
performed).
transactions
For the auditor, recorded?
enquiry is 2. How do you know
generally regarded that all
as the least deliveries/services
reliable form of provided by the entity
evidence and it are invoiced?
almost always 3. Why are there
needs to be changes to the gross
corroborated by pro t percentage and
further evidence. might these indicate
the incomplete
recording of revenue?
Unless the responses to
these enquiries appear
unreasonable and/or
indicate potential
misstatement, further
investigation or
corroboration thereof
may not be necessary.
Substantive analytical The auditor does The independent

procedures not have to reviewer has to perform
perform analytical procedures in
NATURE OF THE addition to the enquiries
PROCEDURES TO made.
BE PERFORMED THE nature
The INDEPENDENT
of the
THE AUDIT
ON THE REVIEW procedures
analytical
COMPLETENESS performed by the
OF REVENUE independent reviewer is
substantive likely to be similar to
analytical that of those performed
procedures and by the auditor and will
will make a also be designed to
decision about highlight potential
whether this misstatement in the
source of completeness of
evidence is revenue.
necessary to Where analytical
support his or her procedures highlight
conclusions potential misstatement,
(primarily through the independent reviewer
ef ciency is required to perform
considerations). further procedures
It is, however, (usually additional
likely that enquiry or further
analytical analytical procedures) to
procedures will be investigate.
performed to
assist in drawing
conclusions about
the completeness
of revenue.
The auditor is
likely to use
external data
(historical
information or
NATURE OF THE
PROCEDURES TO
THE AUDIT
ON THE REVIEW
COMPLETENESS
OF REVENUE
production gures,
for example) to
predict monthly
sales, gross pro t
percentages, etc.
Where
expectations are
in line with actual
revenue gures,
this provides the
auditor with
corroborating
audit evidence
about the
assertion. Where
they are not in
line, further
investigations will
need to be made
and
substantiated.
NATURE OF THE
PROCEDURES TO
THE AUDIT
ON THE REVIEW
COMPLETENESS
OF REVENUE
Other substantive Unless there are The independent

tests of details low levels of reviewer does not plan to
inherent and perform any substantive
control risk, the tests of details.
auditor invariably The only time that an
has to perform independent reviewer
substantive tests may perform substantive
of details on the tests of details is where
completeness of he or she believes it to
revenue. This be necessary in
involves selecting response to enquiry or
sales transactions analytical procedures
from source and suggesting that there
tracing them may be material
through to misstatement.
recorded
transactions in the
general ledger to
ensure that all
sales events that
have taken place
during the year
have been
recorded.
16.3.4 Finalising the engagement

Finalisation procedures for an audit include going concern assessment,
subsequent events testing, and the evaluation of uncorrected
misstatements. ese three components are all discussed in detail from
an audit perspective in Chapter 15.
Review engagements do require that these three steps be
undertaken, but, as we have seen before, ISRE 2400 (Revised) is much
less prescriptive than the ISAs.
16.3.4.1 Going concern

Paragraphs 53 and 54 provide guidance to practitioners on the need to
consider going concern. e consideration of going concern and the
response to any identified indicators of problems with going concern
ability are both dealt with primarily through enquiry.
Paragraph A93 makes reference to the same list of financial,
operating, and other indicators casting doubt on the entity’s ability to
continue as a going concern as the list contained in ISA 570.
16.3.4.2 Subsequent events

What is interesting about the review requirements in this regard is that
the practitioner is not specifically required to perform procedures to
identify adjusting subsequent events (as is the case for audit
engagements in terms of the requirements of ISA 560).
Enquiry from management as to whether they have identified any
adjusting subsequent events is one of the minimum enquiries that has
to be made when conducting a review (see above) but, other than this,
the practitioner is only required to respond to adjusting subsequent
events if he or she becomes aware of them (refer to paragraph 58).
16.3.4.3 Evaluation of uncorrected misstatements

Paragraph 70 requires the practitioner to consider the impact of
uncorrected misstatements identified during the review (and during the
previous year’s review) on the financial statements as a whole when
formulating his or her conclusion on the financial statements.
e practitioner is also required to consider the qualitative aspects
of the entity’s accounting practices, including indicators of possible bias
in management’s estimates, when formulating his or her conclusions.
is is not dissimilar to the requirements of an audit, although ISA
450 provides much more detailed guidance in this area to the auditor.
16.3.5 Reporting on the engagement

Auditor’s reports are discussed in depth in Chapter 15. How does a
review report then differ from an auditor’s report?
e two obvious differences are the reference to the practitioner’s
responsibilities and the wording of the opinion:
• Auditors conduct their audit engagements in terms of the ISAs,
whereas independent reviewers conduct their review engagements
in terms of the ISRE.
• Audit opinions are expressed in the positive (the financial
statements ‘present fairly in all material respects’), whereas review
conclusions are expressed in the negative (nothing has come to our
attention that causes us to believe that the financial statements ‘do
not present fairly’).
Both ISA 700 and ISRE 2400 (Revised) provide examples of the
forms of the report issued on these engagements.
Read illustrative example 1 in Appendix 2 of ISRE 2400
(Revised) for the content of the report issued for a review
engagement.
Then read illustrative example 1 in the appendix to ISA 700.
Pay particular attention to the differences in wording in
respect of the Auditor’s/Practitioner’s Responsibility and
Opinion/Conclusion paragraphs in the two reports.
Review reports can also contain either a modified or unmodified

conclusion. If modified, as with the audit opinion, the review
conclusion can be:
• A qualified conclusion (‘except for XYZ, nothing has come to our
attention that causes us to believe that the financial statements do
not present fairly …’);
• An adverse conclusion (‘the financial statements do not present
fairly …’); or
• A disclaimer of conclusion (‘the practitioner is unable to obtain
sufficient appropriate evidence as a basis for the expression of a
conclusion on the financial statements …’).
As with auditor’s reports, if the practitioner believes it to be necessary,

he or she may also include an Emphasis of Matter and/or an Other
Matter paragraph following the Conclusion paragraph in the report. e
reasons for including these would be identical to the reasons for
including such paragraphs in an auditor’s report. Refer to Chapter 15
section 15.5.4 for further discussion on this.
If allowed in terms of legislation, paragraph 81 requires that a
practitioner withdraw from a review engagement if, subsequent to
accepting the engagement, the practitioner encounters a material and
pervasive scope limitation that prevents him or her from obtaining
sufficient appropriate evidence to support a conclusion.
16.3.6 Documenting the engagement

As with the audit engagement, paragraphs 93 to 96 of ISRE 2400
(Revised) also require that the independent reviewer adequately
documents his or her considerations, decisions, findings and
conclusions reached.
ere is a specific requirement that the results of discussions with
(enquiries from) management are suitably documented.
1. A limited assurance engagement results in a positive expression of
the practitioner’s conclusion in the review report. (LO 1 & 7)
2. Any company can always voluntarily elect to have an independent

review instead of an audit performed on its financial statements.
(LO 2)
3. Independent reviews and audits are both conducted in accordance

with the requirements set out in the ISAs. (LO 6)
4. When assessing risk of material misstatement in a review

engagement, the practitioner does not have to differentiate
between risk at financial statement level and risk at account
balance/class of transactions/disclosure level. (LO 7)
5. One of the main differences between performing review and audit

engagements is that review engagements normally consist only of
enquiry and analytical procedures, whereas audit engagements
consist of other procedures too. (LO 7)
For questions 6 to 7, select the most appropriate answer(s) from the

options provided:
6. Which one of the following persons may not perform an
independent review for an entity that has a public interest score of
150? (LO 3)
a) A member of SAICA
b) A member of SAIPA
c) A Registered Auditor
d) None of the above – they can all perform the review
7. Which of the following statements pertaining to Reportable

Irregularities identified during an independent review are false?
(More than one answer is possible.) (LO 5)
a) Practitioners have to report to the CIPC and not to the IRBA.
b) A company that trades while insolvent will always result in a
Reportable Irregularity being raised during an independent
review.
c) It is a precondition for a Reportable Irregularity arising on an
independent review that there must initially be a
contravention of a law or regulation before anything else is
considered.
d) Practitioners have 30 business days from the date of the first
report to discuss the irregularity with management prior to
their sending their second report to the CIPC.
8. Describe the conditions that have to be met in order to qualify as

an independent professional accountant. (LO 4)
1 For purposes of this chapter, engagement risk is defined as ‘e risk that the practitioner
expresses an inappropriate conclusion when the financial statements are materially
misstated’ (consistent with the definition in ISRE 2400 (revised) para 17(b)).
Appendix
APPENDIX: EXAMPLES OF CYCLE

DOCUMENTATION RELATED TO THE BUSINESS
CYCLES
1A CUSTOMER ORDER FORM
1B INTERNAL SALES ORDER
1C PICKING SLIP
1D MASTER FILE AMENDMENT FORM
1E DELIVERY NOTE
1F CUSTOMER INVOICE
1G CUSTOMER RECEIPT
1H DEPOSIT SLIP
1I(a) CREDIT APPLICATION FORM
1I(b) CREDIT APPLICATION FORM ANNEXURE - CREDIT LIMIT APPROVAL
1J GOODS RETURN VOUCHER
1K CREDIT NOTE
1L DEBTORS AGE ANALYSIS
1M EXTRACT FROM SALES JOURNAL

2A PURCHASE ORDER
2B GOODS RECEIVED NOTE
2C MASTER FILE AMENDMENT FORM
2D SUPPLIER TAX INVOICE
2E SUPPLIER STATEMENT
2F REMITTANCE ADVICE
2G PROOF OF PAYMENT
2H PURCHASE REQUISITION
2I GOODS RETURNED TO SUPPLIER VOUCHER

2J DEBIT NOTE
2K PURCHASES JOURNAL
2L GENERAL JOURNAL VOUCHER
2M CREDITORS AGE ANALYSIS

2N SUPPLIER STATEMENT RECONCILIATION
3A PRODUCTION SCHEDULE
3B PRODUCTION ORDER
3C GOODS TRANSFER NOTE

3D PRODUCTION REPORT
3E INVENTORY TAGS
EMPLOYMENT CONTRACT 4A(a)
EMPLOYMENT CONTRACT 4A(b)
4B SCALE TARIFF AMENDMENT FORM

4C DEDUCTION AUTHORISATION FORM
4D TERMINATION OF SERVICE
4E MASTER FILE AMENDMENT FORM
4F TIME CARD
4G PAY SLIP
4H UNCLAIMED WAGES REGISTER
4I RETURNS FOR DEDUCTIONS
4J WAGES JOURNAL
4K SALARIES JOURNAL
5A FIXED ASSET REGISTER

Bibliography
Books and journals

South African Institute of Chartered Accountants (2017). SAICA Student
Handbook 2017/2018 Volume 2C (Legislation), Durban: LexisNexis, 2013.
International Federation of Accountants (IFAC) 2017. Handbook of
International Quality Control, Auditing, Review, Other Assurance, and Related
Services Pronouncements. Glossary of Terms, New York: IFAC.
Reports
Cadbury Schweppes (South Africa) (2008) Annual Report: Cadbury
Schweppes (South Africa), Johannesburg: Cadbury Schweppes (South
Africa), [n.d.].
Institute of Directors Southern Africa (2009) King Report on
Governance for South Africa, King Code of Governance Principles for South
Africa, Cape Town: Juta Law, 2010.
Governance for South Africa 2016.
Treadway, JC Jr. (Chairman) et al. (Oct 1987) Report of the National
Commission on Fraudulent Financial Reporting, US: National Commission on
Fraudulent Financial Reporting, 1987.
Legislation
Auditing Profession Act 26 of 2005
Close Corporations Act 69 of 1984
Companies Act 71 of 2008
Companies Regulations 2011 (Companies Act 71 of 2008)
Electronic Communications and Transactions Act 25 of 2002 Local
Government: Municipal Systems Act 32 of 2000
National Credit Act 34 of 2005
Prevention and Combating of Corrupt Activities Act 12 of 2004
Protection of Personal Information Act 4 of 2013
Public Finance Management Act 1 of 1999
Sarbanes-Oxley Act of 2002 (US Public law 107-204 July 30, 2002)
Internet sources
Independent Regulatory Board for Auditors (IRBA) (November 2016)
South African Auditing Practice Statement (SAAPS) 3 (Revised
November 2015) Illustrative Reports. [Online] Available:
https://www.irba.co.za/upload/SAAPS%203_Illustrative%20Reports_Re
vised_Nov%202015_PDF.pdf
Independent Regulatory Board for Auditors (IRBA) (Oct 2005) South
African Auditing Practice Statement (SAAPS) 4 Enquiries Regarding
Litigation and Claims. [Online] Available:
https://www.irba.co.za/upload/5%20SAAPS%204%20-
%20Enquiries%20regarding%20litigation%20and%20claims.pdf
Independent Regulatory Board for Auditors (IRBA) (July 2013) South
African Auditing Practice Statement (SAAPS) 6 External Con rmations
from Financial Institutions. [Online] Available:
https://www.irba.co.za/upload/SAAPS%206%20External%20Con rmat
ions%20from%20Financial%20Institutions%20-
%20Issued%20July%202013_ nal.pdf
Independent Regulatory Board for Auditors (IRBA) (2014) (Revised)
Rules Regarding Improper Conduct and Code of Professional Conduct
for Registered Auditors. [Online] Available:
http://www.irba.co.za/index.php/ethics-standards-functions-73/127?
task=view
International Accounting Standards Board (IASB) (2003) (Revised) IAS
2 Inventories. [Online] Available:
http://www.iasplus.com/en/standards/ias/ias2
International Accounting Standards Board (IASB) (2005) (Revised) IAS
10 Events after the Reporting Period. [Online] Available:
http://eifrs.ifrs.org/eifrs/bnstandards/en/IAS10.pdf
International Accounting Standards Board (IASB) (Dec 2015) IAS 16
Property, Plant and Equipment. [Online] Available:
https://www.ifrs.org/issued-standards/list-of-standards/ias-16-
property-plant-and-equipment/
International Accounting Standards Board (IASB) (April 2009)
(Amended) IAS 18 Revenue. [Online] Available: http://www.
iasplus.com/en/standards/ias/ias18
International Accounting Standards Board (IASB) (Dec 2017) IFRS 9
Financial Instruments. [Online] Available: https://www.ifrs.org/issued-
standards/list-of-standards/ifrs-9- nancial-instruments/
2009) International Standard on Auditing (ISA) 200 Overall Objective of
the Independent Auditor and the Conduct of an Audit in Accordance
with International Standards on Auditing. [Online] Available:
http://www.ifac.org/sites/default/ les/downloads/a008-2010-iaasb-
handbook-isa-200.pdf
2009) International Standard on Auditing (ISA) 210 Agreeing the Terms
of Audit Engagements. [Online] Available:
2009) International Standard on Auditing (ISA) 230 Audit
Documentation. [Online] Available:
2009) International Standard on Auditing (ISA) 240 e Auditor’s
Responsibilities Relating to Fraud in an Audit of Financial Statements
(Speci cally Paragraphs 1 to 30 and Related Application and Other
Explanatory Material). [Online] Available:
2009) International Standard on Auditing (ISA) 300 Planning an Audit of
Financial Statements. [Online] Available:
Understanding the Entity and its Environment. [Online] Available:
hand-book-isa-315.pdf
International Auditing and Assurance Standards Board (IAASB) (April
2007) International Standard on Auditing (ISA) 320 Materiality in
Planning and Performing an Audit. [Online] Available:
2009) International Standard on Auditing (ISA) 330 e Auditor’s
Responses to Assessed Risks. [Online] Available:
2009) International Standard on Auditing (ISA) 450 Evaluation of
Misstatements Identi ed During the Audit. [Online] Available:
2009) International Standard on Auditing (ISA) 500 Audit Evidence.
[Online] Available:
2009) International Standard on Auditing (ISA) 505 External
Con rmations. [Online] Available:
2009) International Standard on Auditing (ISA) 520 Analytical
Procedures. [Online] Available:
2009) International Standard on Auditing (ISA) 530 Audit Sampling.
[Online] Available:
2009) International Standard on Auditing (ISA) 540 Auditing
Accounting Estimates, Including Fair Value Accounting Estimates and
Related Disclosures. [Online] Available:
2009) International Standard on Auditing (ISA) 560 Subsequent Events.
[Online] Available:
2016) International Standard on Auditing (ISA) 570 (Revised) Going
Concern. [Online] Available: https://www.ifac.org/publications-
resources/international-standard-auditing-isa-570-revised-going-
concern
2009) International Standard on Auditing (ISA) 580 Written
Representations. [Online] Available:
2009) International Standard on Auditing (ISA) 610 Using the Work of
Internal Auditors. [Online] Available: http://www.ifac.org/publications-
resources/isa-610-revised-2013-using-work-internal-auditors
2009) International Standard on Auditing (ISA) 620 Using the Work of
an Auditor’s Expert. [Online] Available:
2016) International Standard on Auditing (ISA) 700 (Revised) Forming
an Opinion and Reporting on Financial Statements. [Online] Available:
https://www.iaasb.org/system/ les/publications/ les/ISA-700-
Revised_8.pdf
2016) International Standard on Auditing (ISA) 701 Communicating
Key Audit Matter in the Independent Auditor’s Report. [Online]
Available: https://www.ifac.org/system/ les/publications/ les/ISA-
701_2.pdf
2016) International Standard on Auditing (ISA) 705 Modi cations to the
Opinion in the Independent Auditor’s Report. [Online] Available:
https://www.ifac.org/system/ les/publications/ les/2016-2017-
IAASB-Handbook-Volume-1.pdf
2016) International Standard on Auditing (ISA) 706 Emphasis of Matter
Paragraphs and Other Matter Paragraphs in the Independent Auditor’s
Report. [Online] Available:
https://www.ifac.org/system/ les/publications/ les/2016-2017-
IAASB-Handbook-Volume-1.pdf
2013) International Standard on Review Engagements (ISRE) 2400
(Revised) Engagements to Review Historical Financial Statements.
[Online] Available:
http://www.ifac.org/sites/default/ les/publications/ les/At_a_Glance-
ISRE%202400- nal_0.pdf
South African Institute of Chartered Accountants (January 2014) Code
of Professional Conduct for Chartered Accountants. [Online] Available:
https://www.saica.co.za/Technical/Discipline/CodeofProfessionalCon
duct/tabid/701/language/en-ZA/Default.aspx
Independent Regulatory Board for Auditors (IRBA) (2018) (Revised)
Rules Regarding Improper Conduct and Code of Professional Conduct
for Registered Auditors. [Online] Available:
https://www.irba.co.za/guidance-to-ras/technical-guidance-for-
auditors/ethics:-the-rules-and-the-code/the-rules-and-the-code
International Ethics Standards Board for Accountants (IFAC) (April
2018) (Revised) International Code of Ethics for Professional
Accountants including International Independence Standards) [Online]
Available: https://www.ifac.org/publications-resources/ nal-
pronouncement-restructured-code
South African Institute of Chartered Accountants (2017/2018) Code of
Professional Conduct for Chartered Accountants. [Online] Available:
https://www.saica.co.za/Technical/Ethics/CodeofProfessionalConduct
/tabid/2975/language/en-US/Default.aspx
South African Institute of Chartered Accountants (Sept 2016) By-law 34
Punishable Offences. [Online] Available:
https://www.saica.co.za/Portals/0/documents/BY_LAWS_.pdf
Index
Page numbers in italics point to tables.
A
access controls 125, 162–167
access control systems in human resources cycle 384–385
accounting estimates 618–620
accounting information systems 187–190
accounting records
Companies Act 71 of 2008, requirements 11–12
examples 7
purpose and need for 6–8
responsibility for 8–9
accounting scandals
international 21–25
South Africa 25–26
advanced technologies, identifying controls
electronic commerce and electronic funds transfers 181
service organisations, outsourcing and data warehousing 182
application controls
error protection process 176
input controls 171–173
master le change controls 178–180
other controls 180
output controls 178
processing controls 176–177
recording of data 173–175
assurance
and non-assurance engagements 16–19
providing 15–19
audit approach and plan 523
audit committees 110–111
audit evidence obtained in prior audits, relying 577–578
appropriateness of audit evidence 457
characteristics 456–457
computerised environments, impact 464
documentation 455–457
obtaining 461–462
obtained in prior audits, relying 577–578
sufficiency of audit evidence 456
auditing and accounting professions
international accounting bodies 27–28
professional bodies 26–29
in South Africa 28–29
auditing postulates 20
audit objectives 541–542
audit opinions, types 668–672
auditors
appointment 96
dismissal 97
ethical misconduct, examples 34–36
rms as registered auditors 100
independence 20
inspections of 101
liability for losses suffered by the client and/or third
parties 101–103
limitations on what auditors may do 100–101
replacement auditor, appointment 97
requirements to be met by the auditor in order to be
appointed 94–96
resignation 96–97
rotation 97
shareholders and directors, relationship with 6
statutory duties 101
statutory rights 98
types of 20–21
auditor’s report
audit opinions, types of 668–672
contents 663–668
modi ed opinion 668–672
audit risk
factors affecting level 495
at nancial statement level vs risk at account balances
level 500–503
see also risk
audit sampling 579–582
audits vs independent reviews 681
B
barcode scanning 215
breaches of independence 73
business continuity controls 167–169
business relationships with clients 76
C
cash and bank 594–600
combined assurance 110
combined testing vs substantive testing, implications 519–523
Companies Act 71 of 2008
accounting records and nancial statements,
requirements 11–12
appointment of auditor 96
companies that must be audited 90, 94
independent reviews 681
rotation 97
statutory rights of auditors 98
substantive tests of details 571–573, 571–574
completion of the audit
auditor’s report, drafting 663–676
auditor’s responsibility 657–658
business rescue and its impact on the audit 658–659
nal materiality 660–661
going concern basis of accounting 654–659
introduction 650–651
management’s responsibility 655–657
materiality of uncorrected misstatements, evaluating 661–663
misstatements identi ed during the audit 659–660
subsequent events, auditor’s responsibility 651–654
uncorrected misstatements 659–663
various periods pertaining to subsequent events 652
see also auditor’s report
computer-assisted audit techniques (CAATs)
application in the audit process 638–639
basics 625–630
computer software, use to assist in the audit 630–636
planning and performing 640–642
reasons for using 636–638
computer controls, categories 150–152
computer information systems, key components 148–149
computerised environments, impact on external audit
process 464
computerised environments, risks and controls
advanced technologies, identifying controls 181–182
company computer information systems, reasons for governing 144–
146
computer accounting systems, how they operate 149–150
computer controls, categories 150–152
computer information systems, key components 148–149
information technology, development 141–144
King IV™ 144–145
upgrading from manual to electronic accounting systems 146–148
computer software used to assist in the audit 630–636
computer vs manual controls 171
con icts of interest
professional accountants in business 50–51
professional accountants in public practice 62–63
control activities
human resources cycle 389–409
inventory and production cycle 340–356
investment and nancing cycle 444–446
purchases and payments cycle 286–307
revenue and receipts cycle 221–222
control objectives
vs audit objectives 542
human resources cycle 387
and management’s assertions 218–221
revenue and receipts cycle 216–221
control risk 497–498
controls relating to the computerised processing of business
transactions
background 169–171
manual vs computer controls 171
see also application controls
corrective controls 152
credit management 198
creditors reconciliations 604–605
custody of client assets 70–71
D
databases and master les
human resources cycle 376
inventory and production cycle 333
revenue and receipt cycle 205–206
data warehousing, service organisations and outsourcing 182
detection risk 498–499
at account balance/class of transactions disclosure
level 518–519
at the nancial statement level, response 515
detective controls 152
documentation of audit and audit evidence 455–457
documenting independent review engagements 689
dual purpose audit procedures 574
due care and professional competence 44–45
E
electronic commerce and electronic funds transfers 181
electronic data interchange in the purchases and payments cycle 281
electronic funds transfer (EFT) 215
controls 184–186
error vs fraud, difference 510
ethical codes and rules applicable to external auditors in South Africa
36–37
ethical misconduct by auditors, examples 34–36
ethical threats to professional accountants in public practice 60
ethics
and audit process 81–82
misconduct by auditors, examples 34–36
nature of 33
reasons for professions having codes 33–36
rules-based vs principles-based codes 34
evaluating, concluding and reporting 462–464
expected errors 580
external audit process
evaluating, concluding and reporting 462–464
objectives of audits 453–454
planning activities 457–461
pre-engagement activities 457
stages 457–463, 465
substantive procedures 461–462
sufficiency of audit evidence 456
terminology 453
tests of controls 461, 462
external audits
adding value 13
de nition 19
inherent limitations 15–16
purpose 14–15
external con rmations 606–617
F
family or personal relationships with clients 76
fees
overdue 74
relative size 73–74
nancial interests, compensation and incentives, linked 53–54
nancial interests in clients 74–75
nancial reporting
nature of 15
risks 384
timeliness and balance between bene t and cost 16
nancial statement level risks 436–437
nancial statements
assertions made by preparers 9–10
Companies Act 71 of 2008, requirements 11–12
objective of and need for 8–9
responsibility for 8–9
truth and fairness 20
forensic auditors 21
fraud risk factors 510–512
fraud vs error, difference 510
fraudulent nancial reporting techniques 211–213
G
general controls, categories
access controls 162–167
business continuity controls 167–169
delegation of responsibility 154
operating controls and system maintenance controls 169
organisational controls and personnel practices 153–156
personnel practices 156
reporting, supervision and review 156
segregation of duties 154–156
system development and acquisition 158–161
system development and change controls 157–162
see also computerised environments, risks and controls; control
activities; control objectives
gifts and hospitality 74
going concern indicators 655–656
going concern, independent reviews 688
governance
de nition 115–116
and internal control, relationship 116–119
government auditors 21
H
history of auditing 13–14
human resources cycle 363–418
I
independence
breaches of independence 73
business relationships with clients 76
employment with an audit client 77–78
family or personal relationships with clients 76
fees, overdue 74
fees, relative size 73–74
nancial interests in clients 74–75
gifts and hospitality 74
independence 72–73
litigation, actual or threatened 74
loans and guarantees 75–76
long association of senior personnel with an audit client 79–80
provision of non-assurance services to audit clients 80–81
recent service with an audit client 77
serving as a director or officer of an audit client 77
temporary staff assignments 78–79
Independent Regulatory Board for Auditors (IRBA) 29
code of professional conduct 42–43
disciplinary process 40–41
inspections 101
registration 29, 99–100
reportable irregularities, duty to report 105–106
rules regarding improper conduct 37–38
and SAICA codes of professional conduct 37, 42–48
and SAICA, compared 36–37
independent reviews 679–689
inducements including gifts and hospitality 54–56, 69–70
information technology, development 141–144
inherent limitations of internal control systems 127
inherent risk 496–497
input controls 171–173
integrity 44
interim substantive procedures 577
interim tests of controls 576
internal auditors 21
internal control, and governance, relationship 116–119
internal control systems
compensating controls 135–136
components 120–127
control activities 124–126
control environment 120
design 128–136
diagrammatic representation 126–127
entity’s risk assessment process 121
formulation of control objectives 130–133
impact of failure to operate as intended 128
information system 121–123
inherent limitations 127
key controls 135
monitoring of controls 126
operational controls 135
preventative versus detective and corrective controls 134
inventory counts, attendance 600–604
investing activities 421–423, 424, 425, 437–438
J
JSE listings requirements 108
K
King IV™ 109–111, 116, 117, 119, 154, 370, 486
L
legal responsibilities of auditors
companies that do not have to be audited 94
companies that have to be audited 90–94
good corporate governance, role of auditor 109–111
legislation and regulations governing the audit function 88
legislation and regulations with which the auditor has to be familiar
88–89
other legislation or regulations 108–109
public sector vs private sector auditing 107–108
reportable irregularities 99–103, 103–106
statutory and regulatory requirements for an audit 89–94
statutory requirements to practice 99–103
legislation and regulations
auditor’s duty to be familiar with 88–89
governing the auditing function 88
regarding the disclosure of directors’ emoluments 370–371
level of detection risk, options available to auditor 515–518
limited assurance engagements 17
link between control objectives and management’s assertions 388–389,
441–444
litigation, actual or threatened 74
loans and guarantees 75–76
long association of senior personnel with an audit client 79–80
low-risk engagements 495
M
management’s written representations 617–618
manual vs computer controls 171
master le change controls 178–180
materiality 524–531
guidelines 685–686
performance materiality 529–530
of uncorrected misstatements, evaluating 661–663
medium risk engagements 495
modi ed opinion 668–672
N
nature of further audit procedures
determinants 542–543
dual purpose audit procedures 574
substantive procedures 553–574
tests of controls 543–553
tests of controls vs substantive procedures 574–575
non-assurance engagements 16–19
non-compliance with laws and regulations (NOCLAR) 56–58, 71–72
O
objectives of audits 453–454
objectivity 44
obtaining understanding of the entity 483–494
operating controls and system maintenance controls 169
organisational controls and personnel practices 153–156
other parties in the audit, use of 620–625
output controls 178
outsourcing, data warehousing and service organisations 182
overall audit strategy 473
P
payroll software 385
personnel practices 156
planning activities 457–461
aspects of entities to be understood 484–491
audit approach and plan, updating throughout the audit 523
audit risk concept 494–495
desired changes to level of detection risk, options 515–518
detection risks at the nancial statement level, responding to 515
engagement documentation 482–483
identi ed risks of material misstatement, responding to 514–515
level of detection risk, options available to auditor 515–518
logistics of the audit 532
materiality 524–531
obtaining understanding of the entity 483–494
overall audit strategy, audit plan and audit approach 473–474
risk arising from going concern issues 508–509
risk assessment, conceptual aspects 494–508
risk of fraud 510–512
risk of material misstatement, assessing 494–514
signi cant risks 512–514
planning and performing CAATs 640–642
point-of-sale systems 215
postulates 20
pre-engagement activities
agreeing the terms of audit engagements 476
application of statutory requirements 478–482
engagement letter, contents 483
statutory requirements 475–478
preparation and presentation of information 51–52
pressure to breach the fundamental principles 59
preventative controls 152
principal-agent theory 5
processing controls 176–177
professional accountants in business
acting with sufficient expertise 52–53
con icts of interest 50–51
nancial interests, compensation and incentives, linked 53–54
inducements including gifts and hospitality 54–56
non-compliance with laws and regulations, responding 56–58
preparation and presentation of information 51–52
pressure to breach the fundamental principles 59
professional accountants in public practice
con icts of interest 62–63
custody of client assets 70–71
ethical threats 60
fees and other types of remuneration 67–69
inducements including gifts and hospitality 69–70
non-compliance with laws and regulations (NOCLAR) 71–72
professional appointment, changes in professional appointment 65–
66
professional appointment, client and engagement acceptance 63–65
second opinions 66–67
professional behaviour 45
professional bodies for accountants and auditors 26–29
professional competence and due care 44–45
prohibited actions for external auditors 37–39
provision of non-assurance services to audit clients 80–81
public sector vs private sector auditing, legal responsibilities 107–108
R
reasonable assurance 15
reasonable assurance engagements 17
recent service with an audit client 77
recording of data, application controls 173–175
reportable irregularities 682
audits 103–106
independent reviews 682–684
reporting, supervision and review, categories of general controls 156
revenue and receipts cycle 191
risk
arising from going concern issues 508–509
audit risks vs business risk 487
control risk 497–498
detection risk 498–499
nancial reporting risks 210–213
of fraud 510–512
identifying 128–130
inherent risk 496–497
management 116–119
of material misstatement, assessing 494–514
misappropriation risks 213–215
possible risks and their related controls 445–446
risk assessment, conceptual aspects 494–508
risks for which substantive procedures alone do not provide sufficient
audit evidence 514
rules-based vs principles-based codes of ethics 34
S
SAICA Code of Professional Conduct (CPC)
applicable in South Africa 36–37
background 41–43
complying with the Code 44–48
con dentiality 45
integrity 44
multiple rms and assisted holding out 46
objectivity 44
professional behaviour 45, 46
professional competence and due care 44–45
convention for reports or certi cates 46
sample sizes 580
Sarbanes-Oxley Act of 2002 108–109
second opinions 66–67
segregation of duties 125, 127, 136, 154–156, 172, 221–222, 286–287, 342,
391
service organisations, outsourcing and data warehousing 182
signi cant risks 512–514
signing convention for reports or certi cates 46
South African Institute of Chartered Accountants (SAICA) 28
continuing professional development 99
disciplinary process 39–40, 41
punishable offences 38–39
see also SAICA Code of Professional Conduct (CPC)
statistical and non-statistical sampling 581–582
Steinhoff accounting scandal 25–26
substantive procedures 582
external audit process, overview 461–462
further audit procedures, nature of 553–574
system development and change controls 157–162
T
temporary staff assignments 78–79
tests of controls
circumstances under which auditor should consider performing
522–523
nature of 543–553
overview 461, 462
vs substantive procedures 574–575
timeliness of nancial reporting and balance between bene t and cost
16
timing of further audit procedures
audit evidence obtained in prior audits, relying on 577–578
interim substantive procedures 577
interim tests of controls 576
tolerable and expected errors 580
truth and fairness in nancial statements 20
U
uncorrected misstatements
evaluating 688–689
impact on nancial statements and auditor’s report 663
upgrading from manual to electronic accounting systems, impact 146–
148
W
wage payouts, attendance 592–594

Auditing Fundamentals in A SA Context 2e

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Auditing Fundamentals in A SA Context 2e

Uploaded by

Copyright:

Available Formats

[SECOND EDITION]

Frans Prinsloo (editor) Pieter Von Wielligh (editor)

PART A: THE CONTEXT WITHIN WHICH THE EXTERNAL

PART B: THE AUDITEE’S RESPONSIBILITY FOR

Chapter 4 Basic concepts of governance and internal

PART C: THE EXTERNAL AUDIT PROCESS

Chapter 11 Overview of the audit process

Appendix: Examples of cycle documentation related to the

PART A: THE CONTEXT WITHIN WHICH THE EXTERNAL

2.1 What is the nature of ethics?

CHAPTER 3 Legal responsibilities of the auditor

PART B: THE AUDITEE’S RESPONSIBILITY FOR

CHAPTER 4 Basic concepts of governance and internal control

4.1 What is governance?

CHAPTER 5 Introduction to risks and internal controls in a

CHAPTER 6 Revenue and receipts cycle

6.1 What are the nature, purpose and accounting

CHAPTER 7 Purchases and payments cycle

CHAPTER 8 Inventory and production cycle

8.1 What are the nature, purpose and accounting

CHAPTER 9 Human resources cycle

CHAPTER 10 Investment and nancing cycle

10.1 What are the nature, purpose and accounting

PART C: THE EXTERNAL AUDIT PROCESS

CHAPTER 11 Overview of the audit process

CHAPTER 13 Audit procedures: Essential concepts

13.1 Where do audit procedures t into the audit process?

CHAPTER 14 Audit procedures: Speci c considerations

CHAPTER 15 Completion of the audit

CHAPTER 16 The independent review

16.1 What is an independent review?

e publisher, editors and authors appreciate the valuable

roughout the development of this text, from conceptualisation to

In order to address the confusion that students often experience in

e nal chapter (Chapter 16) deals with a very topical type of

Other key features used in the text are:

Pieter von Wielligh is Professor and Division Head of Auditing and

Frans Prinsloo (Editor) BCom (Accounting) (cum laude), BCom

Frans Prinsloo is Professor and Division Head of Auditing in the School

Rolien Kunz BCompt (UNISA), BCompt Honours (UNISA),

Rolien Kunz is a Senior Lecturer in the Department of Auditing at the

Vincent Motholo BCom (Accounting Sciences) (Pretoria), BCom

Vincent Motholo is a Director in the Assurance Division of SNG Grant

Dana Nathan (Josset) BCom (Wits), BAcc (Wits), MCom (Accounting)

Dana Nathan is the Subject Coordinator for Auditing at the Institute of

Graeme O’Reilly is a Director of NSOA Learning (Pty) Ltd. He has been

Gerrit Penning BAcc Honours & CTA (Free State), (Accounting

Gerrit Penning is a Senior Lecturer in the Department of Auditing at the

Riaan J Rudman BBusSc Honours (Cape Town), PGDA (Cape Town),

Riaan Rudman is an Associate Professor at Stellenbosch University. He

Auditing Fundamentals in a South African Context is a practical, applied

Brief description of features

Learning outcomes: e learning outcomes serve as a guide to the

Running case study: e book starts with an introduction to, and an

‘Why?’ feature: is feature introduces reasons and rationales

‘What if?’ feature: is feature is used to encourage students to think

Source documents: An appendix to the text provides examples of

De nitions: e most important terms and concepts particular to the

Diagrams, pictures and tables: ese are included throughout for

1. Company history and principal business

4. Ntsimbi Piping’s strategies

A diagram of the company structure is presented in Figure 1.

6. Management and staff