<Previous Lesson

Fundamentals of Auditing

Next Lesson>




Having ascertained, confirmed and recorded the system, the auditor now needs to carry out a preliminary
evaluation of the system in order to make a decision as to whether he will:
Rely on internal controls and adopt a systems audit approach, or,
Perform extensive substantive testing. Using a verification approach to the audit.

Internal Control Questionnaire

An ICQ is a formal and usually standardized document which comprises:
3. A list of internal controls in existence and
4. Highlights any weaknesses.
Used in large company audit
Used to place reliance on internal controls
Used to design audit approach
(i) To

ascertain a

clients systems of accounting and internal control
(ii) To


the control system thus recorded, and hence
(iii) To


those controls which indicate strengths in the system upon which the auditor
will seek to place reliance, and
(iv) To


those areas over which there are weak or no controls and which therefore
must be subjected to more extensive substantive testing and reported by inclusion in the
Management Letter.

Construction of an ICQ

(I) It is good practice when designing ICQs to state, as a brief introduction:
(a) a list of control objectives which each sub-system under consideration should seek to achieve
(b) any business considerations specific to the enterprise under review which should be taken into
The reason for this is essentially to highlight for the audit staff key areas for their consideration to the audit
II) The questions in an ICQ should be designed to ascertain whether the control objectives are being
achieved and should therefore cover such aspects as:
(a) instructions given to staff in the performance of their duties
(b) authorization procedures
(c) documents and procedures used to originate transactions
(d) recording procedures
(e) sequence of procedures
(f) custody procedures
(g) relative independence of the persons involved at each stage of a transaction (i.e. segregation of
(III) The questions should be framed such that a Yes/No answer is given, with a No answer usually
indicating a control weakness.
(IV) An ICQ should carry such basic information as:
(a) the name of the document (ICQ)
(b) the system to which it relates (e.g. purchasing cycle)
(c) the client to whom it relates
(d) the accounting period under review
(e) evidence of who has prepared and reviewed the document
(f) the provision of columns for:
- Yes and No answers
- comments where neither Yes or No are applicable
- indicating the significance or otherwise of apparent weaknesses

page 69
- references to audit programs
- references to Management Letters.

Example of part of an ICQ

Prepared by: ________ Date: ________
CLIENT: ___________ PERIOD: _____
Reviewed by:________ Date: ________


(a) Control objectives.
(b) Business considerations.
(c) The questionnaire

a) Control objectives

To ensure that:
(i) Purchased goods/services are ordered under proper authorities and procedures
(ii) Purchased goods/services are only ordered as necessary for the proper conduct of the business
operations and are ordered to suitable suppliers
(iii) Goods/services received are effectively inspected for quality, quantity and condition
(iv) Invoices and related documentation are properly checked and approved as being valid before
being entered as trade payables
(v) All transactions relating to trade payables are valid (suppliers invoices, credit notes and
adjustments), and only those valid transactions should be accurately recorded in the accounting

b) Business considerations
Points Effect on audit procedures and on financial statements

(i) Nature of the company’s - Auditor must be aware of the
purchases. Varying nature of goods purchased.
(ii) The existence of a - As far as possible ordering should
purchasing department. be centralized.
(iii) The company’s - The fixing of minimum/maximum
purchasing policy. Inventory and re-order levels should ensure efficient control. However,
buying in bulk, with resulting higher inventory levels may be part of a
company policy to reduce unit costs, in which case inventory
obsolescence and storage cost problems may arise.
(iv) The selection of suppliers. - The purchasing department should maintain a supplier’s register to
record past purchases, prices, and satisfaction received etc. The constant
seeking of alternative sources of supply at keener prices is an indication of
efficient management

page 70
(C) Questionnaire


Initiation and authorization

No Comments References
• Are standard (Purchase) order
forms (SOFs) issued showing
names of suppliers, quantities
ordered and prices?
• Are copies of SOFs retained on
• Who authorizes orders and
what are their authority limits?
• Are the persons in 3 above
independent of those who issue
• Is a record kept, of orders placed
but not executed? (If yes, specify
type of record kept and filing


• Are goods from suppliers
inspected on arrival as to quantity
and quality?
• How is the receipt of supplies
recorded (e.g. by Goods Received
• Are these records prepared by a
person independent of those
responsible for:
- ordering functions?
- processing and
- recording?

Criticism on ICQs

ICQs represent an attempt at a formalized, systematic, approach to the audit of large complex
It is however increasingly apparent that such questionnaires can become too complex, lengthy and
detailed for meaningful evaluation of accounting systems.
There is a danger that ICQs can provoke too formalized an approach to an assignment; that will be
concentrating as they do on the controls themselves rather than upon the fraud or irregularity that the controls
are designed to prevent.

Internal Control Evaluation Checklists

To overcome the above discussed possible shortcomings, many auditing practices have amended their
approach to internal control evaluation by the adoption of a different type of document, Internal Control
Evaluation Checklists
The ICEC is designed to determine; whether desirable internal controls are present?, using key control
questions to ascertain where specific frauds or errors are possible.
It is normally employed where system’s information has already been recorded (usually in the form of
Key questions are asked in an ICEC, the answers to which prompt further supplementary questions.
Reference is made to a supporting flowchart which is the means of ascertaining the existing systems. This
makes the ICEC document shorter and less complex, but it may require more skill and judgment on the
part of the auditor to interpret the completed form.
Note that virtually all the rules applicable to the construction of an ICQ apply to the construction of an

page 71

Example of ICEC

Prepared by: ________ Date: ________
CLIENT: ___________ PERIOD: _____
Reviewed by:________ Date: ________


(a) Control objectives.
(b) Business considerations.
(c) The checklist

a) Control Objectives

As per ICQ

b) Business Consideration

As per ICQ

c) The Checklist


Comments Reference
1.1 Can goods be purchased without authority?

(a) purchase requisitions and order approvals?
(b) limit of buyers authority to order?
(c) purchasing segregated from receiving,
accounts payable and inventory records?
(d) un issued orders safeguarded against loss?

1.2 Can liabilities be incurred although goods
not received?

(a) receiving segregated from purchasing,
accounts payable and inventory records?
(b) are all goods passed directly to stores?
(c) GRNs or equivalent prepared independently?
(d) adequate comparison with order, claims for
short shipment etc?
(e) invoices, GRNs, direct to accounts payable not
(f) invoices checked to order and GRNs, prices
(g) check of extensions, additions, discounts?
(h) documents cancelled to prevent re-use?
(i) unmatched documents investigated regularly?
(j) freight checked, bills matched to
(k) purchase returns and allowances controlled -
(I) forward purchases controlled?

1.3 Can cut-off errors occur?

(a) time lapse from receipt of goods to invoice processing?
(b) valuation of unmatched GRNs?
(c) adequate control and recording of receipts?

1.4 Can invoices be wrongly allocated?

(a) nominal ledger analysis?
(b) analysis independently checked?
(c) staff purchases controlled?
(d) independent and regular review?

page 72

1.5 Can liabilities be recorded for goods or services not ordered?

(a) goods received without authority?

2 Payables
2.1 Can liabilities be incurred but not recorded?

(a) payables balances agreed periodically?
(b) suppliers statements independently reconciled?
(c) invoice register?
(d) forward contracts?
(e) order backlog follow up?
(f) debit balances controlled?

3 Payments
3.1 Can payments be made if not properly supported?

(a) discounts taken?
(b) control over invoices before validating complete?
(c) cheque signatories independent of purchasing, receiving, accounts payable and cheque
(d) signatories examine support for payment,
check completeness, cancel support?
(e) control over signature plates or pre-signed
(f) control where one signature?
(g) frequency with which cheques mailed?
(h) independent regular bank reconciliation, with
cheques directly from bank and review
(i) cheques crossed account payee only,
continuity accounted for, control over unused
(j) bank transfers controlled - standing orders?
(k) issue of bearer or cash’ cheques?
(I) advances and loans controlled?
(m) bank transfer payments, traders credits, direct

3.2 Can payments for non-routine purchases be made if not authorized or properly

services, expense accounts, taxation payments
in advance, staff purchases and goods on

3.3 Can non-current assets be acquired or removed without proper authorization and recording?
(a) approved

work orders for non-current assets
and major repairs?
(b) approval of cost over-runs?
(c) reporting of scrapping or disposals?
(d) detailed non-current asset register, regular
physical inspection and review of values?
(e) periodic insurance appraisals, adequate
(f) control over loose tools?

Limitations of the effectiveness of Internal Control

It is possible to reduce the volume of transaction testing required in conducting an audit if the internal
controls are sound and are operating effectively, but it is not likely that an auditor will be able to rely on
internal controls entirely. This is because all control systems have inherent limitations such as:
a) The need to balance the cost of the control with its benefits

page 73
b) The fact that internal controls are applied to regular, recurring transactions, not one off year
end adjustments or unusual transactions, which are often large and subject to error.
c) The potential for human error
d) The possibility of fraudulent collusion (two or more persons operating together) to ‘get round’
controls that segregate duties. For example; the supervisor responsible for checking and
authorizing overtime claims could collude with employees, to enable excess overtime payments
to be claimed.
e) The abuse of authority and override of controls by senior managers or the owners of the
business. Abuse of authority might involve ordering personal goods through the firm. It is very
easy for directors and managers of organizations of any size to instruct staff to bypass normal
procedures such as the requirement for authorization for payments.
f) The obsolescence of controls which have not changed to reflect changes in the business
activities or organization.
In practice, the training of auditors always involves a warning never to rely on internal controls entirely, no
matter how effective they may appear to be. Hence some verification of transactions is always carried out as
part of the auditor’s work.

<Previous Lesson

Fundamentals of Auditing

Next Lesson>


Lesson Plan


Go to Top

Next Lesson
Previous Lesson
Lesson Plan
Go to Top