INTERNAL CONTROL SYSTEMS

Audit committees
An audit committee is a committee is a committee consisting of non-executive directors which is
able to view a company’s affairs in a detached and independent way and liaise effectively
between the main board of directors and the external auditors.
Best practice for listed companies:
 The company should have an audit committee of at least three non-executive directors (or, in
the case of smaller companies, two.
 At least one member of the audit committee should have recent and relevant financial
experience.

The objectives of the audit committee

 Increasing public confidence in the credibility and objectivity of published financial
information (including unaudited interim statements).
 Assisting directors (particularly executive directors) in meeting their responsibilities in
respect of financial reporting.
 Strengthening the independent position of a company’s external auditor by providing an
additional channel of communication.

The function of the audit committee

 Monitoring the integrity of the financial statements
 Reviewing the company’s internal financial controls.
 Monitoring and reviewing the effectiveness of the internal audit function.
 Making recommendations in relation to the appointment and removal of the external auditor
and their remuneration.
 Reviewing and monitoring the external auditor’s independence and objectivity and the
effectiveness of the audit process.
 Developing and implementing policy on the engagement of the external auditor to supply
non-audit services.
 Reviewing arrangements for confidential reporting by employees and investigation possible
improprieties (‘whistleblowing’)

Advantages of having an audit committee:

 It provides the internal audit department with an independent reporting mechanism
compared to reporting to the directors who may wish to hide or amend unfavorable internal
audit reports.
 The audit committee will assist the internal auditor by ensuring that recommendations in
internal audit reports are cautioned.
 Shareholder and public confidence in published financial information is enhanced because it
has been reviewed by an independent committee.
 The committee helps the directors fulfil any obligations under corporate governance to
implement and maintain an appropriate system of internal control within the company.
 The committee should assist in providing better communication between the directors,
external auditors and management arranging meetings with the external auditors.
 Strengthens the independence of company’s external auditor by providing a clear reporting
structure and separate appointment mechanism from the board.

Audit committee may lead to:

 Fear that their purpose is to catch management out.
 Non-executive directors being over-burdened with detail
 A two-tier board of directors
 Additional cost in terms, at least, of time involved.

The audit committee and internal audit

The functions of the audit committee are quite wide-reaching; therefore, it may be necessary to
establish an internal audit function in order to help them fulfil their responsibilities.

Best practice is that the audit committee should:

 Ensure that the internal auditor has direct access to the board chairman and to the audit
committee and is accountable to the audit committee.
 Review and assess the annual internal audit work plan.
 Receive and monitor management’s responsiveness to the internal auditor’s findings and
recommendations.
 Meet with the head of internal audit at least once a year without the presence of
management.
Monitor and assess the effectiveness of internal audit in the overall context of the company’s risk
management system

Internal audit department / functions ISA

It is an appraisal activity established in an enterprise to examine, evaluate and monitor the

adequacy and effectiveness of accounting systems and ICS
It involves independent and constant appraisal of the company’s activities operations controls so
as to safeguard the company’s assets ensure reliability of the records and efficiency of operations
which is aimed to assist the management to regulate the business operations.

Part two application question

Part 3
25. Pick your favorite theory. In several paragraphs defend why it is such a good theory.
I have chosen liberalism as my favorite theory. Liberalism is a moral and political ideology
which emphasizes on equality in the rule of law, democratic government, economic freedom,
equality and individual liberty. Liberal theory is important because it promotes equal treatment
of individuals before the law without taking into consideration sex, race and social status. The
theory encourages states to remain united besides embracing tie which encourage international
peace. Further, theory advocates for economic freedom by enabling the states to use their ties to
promote free international trade. This essentially promote interdependence among the states
enabling the states to harmoniously and peacefully interact with each other.
Liberalism leads to global cooperation among states thus moving beyond territorial boundaries.
This enables the states to join hands together especially when faced with common challenge.
Typical example is current pandemic of coronavirus where the countries are mutually supporting
each other besides working closely with each other find the solution to the challenge. This
undeniably affects how each states prepare and take prevention measures to reduce the spread of
the virus. Liberalism demonstrates the importance of interdependence as well as the role played
by international institutions such as World Health Organization in maintain peace.

It acts as a watchdog over each one and the entire/total controls designed and maintained by the
company.

Scope and objectives of internal audit function

The objectives of the internal audit functions will depend on the size and structure of the
company together with the responsibility assigned to the department by the management.

1. Review of accounting systems and ICS

The ICS instituted by the management requires proper attention and continuous review.
Such a function is assigned to the internal audit which designs the work plan that shows
areas required to be assessed and the control procedures that will be revealed during one
year.

2. Carrying out the examination of financial and operating information

This will include the detailed testing of the transactions, along and operating procedures
 3. Review of the enterprise compliance with the set laws and regulations
Internal audit function will review whether the company has put appropriate procedures
for adherence to the relevant laws and regulations e.g. taxation registration,
environmental protection regulations etc.

4. Review of the economy and effectiveness of the operations including non-financial

controls on the enterprise
5. Carrying out independent investigations into the affairs of the company as required by the
management e.g. where frauds are suspected, where there is inefficiency in the case of
resources etc.
6. It serves as a preventive measure against errors and frauds through one constant checking
of the ICS
7. It can be responsible to perform routine jobs such as the stock taking, verification of
assets and liabilities, counting of cash etc.

Advantages of internal audit function

1. It facilitates the achievement of the company’s policies as formulated by the top

management. This enables the company to meet the desired targets.
2. It acts as preventive measures against the errors and frauds through the constant checking
of the accounts.
3. It enhances the maintenance of strong ICS which enables the company to be run in an
orderly manner
4. It is used as a detective department to reveal the errors and frauds perpetrated in the
organization.
5. It assists the management to implement the company’s policies, procedures and
accounting systems e.g. computer based accounting system
6. It facilitates the maintenance of proper accounting records to assist in the preparation of
financial statements
7. It ensures the company’s assets are safeguarded against misuse or theft by dishonest
workers or employees

Disadvantages

1. The management may put overreliance on the department, relax their supervision which
the staff may take advantage to perpetrate frauds
2. The management may deny the departments due independence which may make it
inefficient
3. It is only ideal for large organizations since it is expensive to install and maintain by the
small companies.
 4. The management may ignore the recommendations made by this department. This lowers
the morale and ability to perform their functions effectively
5. The external auditor may depend on this department and relax their audit tests which may
leave errors and frauds undetected.

Factors to consider placing reliance on the work of the Internal Auditor.

Before deciding whether to rely on the work of the internal audit function with the intention of
reducing audit procedures/tests and time to be spent in the business, the external auditor should
determine how such reliance should be placed on the work of the department. For this purpose he
should consider the following factors:

1. Technical competence and experience – the external auditor, should review whether the
Internal Audit staff possesses the knowledge, skills and experience to perform the Internal
Audit work.
Other issues to consider include:-
a) Whether the internal Audit staff has any professional affiliation i.e. they are members of
ICPAK or institute of Internal Auditors.
b) Whether the head of Internal Audit has sufficient experience obtained as a result of working
for different organizations.
If the above matters are appropriate, the external auditor will place more reliance.
2. Scope of work- The external auditors should review whether the internal audit has
unlimited access in reviewing the entire operating activities of the company in case of any
restrictions placed by the management, it means that some of the departments may not be
audited and there’s a high chance of errors and frauds to occur. However, if there are no
restrictions and management acts on recommendations of Internal Auditor, then more
reliance will be placed.
3. Professional Due Care- External Auditor should evaluate whether the work of internal
auditor is properly planned, supervised, directed, recorded and reviewed. The existence of
audit plan, audit manuals and work papers provide evidence that the work is carried out in a
professional manner and more reliance will be placed.
4. Reporting standards- useful Internal Audit will provide high standard reports which are
acted upon by the management.
5. Resources Available- An internal Audit Department that is strained of resources will not be
very useful to the external auditor.
6. Independence- the Internal Auditor may be an employee of the organization but he may be
able to organize his own activities and report his findings to the management. An internal
auditor on whom the external auditor places reliance must be independent and be able to
communicate freely with the external auditor.
7. Consider the past experience with the internal auditor in terms of the degree of cooperation
received from them in the previous audit.
8. Consider efficiency of the ICS- the more efficient the system, the higher the reliability that
can be placed on the work done by internal auditor and vice versa.
- The assessment of Internal Auditor should be thorough and should be fully documented and
included in the work papers.
- If the conclusion is that, the I.A department is weak or unreliable, then this fact should be
communicated in the external auditors report to the management.

Special Ways of Reliance/ Extent to which external Auditor can rely on the Internal
Auditor.
1. The internal auditor may explain to the EA areas of weaknesses in the ICS so that the
external auditor may carry out more audit tests on those areas.
2. The E.A may use the I.A work papers in order to gather evidence of the company’s operation
programs or tests.
3. The I.A may explain to the E.A the technical operations and controls used by the clients
which may be beyond the E.A understanding.
4. The I.A may observe the following procedures on behalf of the E.A
a) Stock taking procedures
b) Wages payment procedures
c) Cash count procedures
d) Branch visits.
e) Follow up of the auditor’s correspondence with 3rd Parties.
5. The I.A may verify mobile assets on behalf of the E.A if the external auditor has not been
able to do so during his visits. In such cases the I.A needs to give the certificate of existence
of those assets to the E.A confirming that they have been verified as existing.
6. The I.A may prepare schedules of accounts to be used by the E.A for their review e.g. fixed
assets movement schedule, aged debtors analysis, tax payable, movement schedule etc.
7. The I.A will safeguard the company’s assets and ensure that the company maintains proper
books of accounts and this facilitates the work done by the external auditor.
8. The presence of the I.A may reduce chances of errors and frauds thereby reducing the
amount of work the external auditor has to do.

USING THE WORK OF AN EXPERT : ISA 620

An expert per ISA 620 is a person or firm possessing special skills, knowledge and experience in
a particular field other than accounting and auditing.
The expert may be engaged by the entity or the Auditor. He may also be employed by the client
or the auditor.
When using the work performed by an expert, the auditor should obtain sufficient appropriate
audit evidence that such work is adequate for the purpose of the audit.
Determining the need to use an expert
There are times the auditor may need independent audit evidence in the following parts, opinions
valuations,……….of an expert. Such as:
1. Valuation of certain types of assets e.g. land and buildings, plant and machinery,
precious stones etc.
2. Determining of quantities or physical condition of assets e.g. underground
minerals and petroleum reserves.
3. Measurement of work completed and to be completed on contracts in progress.
4. Legal opinions concerning the interpretations of agreements, statutes and
regulations.
When determining the need to use the work of an expert the auditor should consider;
1. The expert’s knowledge and previous experience of the matter being considered.
2. The materiality of the financial statement item being considered.
3. The risk of material misstatement based on the nature, and complexity and
materiality of the matter being considered.
4. The quantity and quality of other audit evidence expected to be obtained.
Competence and objectivity of the Expert
When planning to use the work of an expert the auditor should assess the professional
competence of the expert. The auditor should consider the following:
1. Professional qualification and license to practice
2. Experience and reputation in the field in which the auditor is seeking audit
evidence.
3. The experts independence (this reduces when he is employed or related with the
client).
Scope of the experts work
The auditor should obtain sufficient appropriate audit evidence that the scope of the experts work
is adequate for the purpose of the audit. The client should have written instructions to the expert
which should cover the following issues:
1 The objective and scope of the experts work.
2. A general outline of the specific matters the auditor expects the expert’s report to
cover.
3. The intended use by the auditor of the experts work.
4. The extent of the expert’s access to appropriate records and files.
5. Clarification of the expert’s relationship with the client.
6. Confidentiality of the entity’s information.
7. Information on the assumptions and methods intended to be used by the expert
and their consistency with those used in prior periods.
Assessing the work of an expert
The auditor should assess the appropriateness of the experts work as audit evidence regarding the
financial statements assertion being considered. Factors to consider include:
1. Source of data used, Auditor should establish if source data is sufficient,
relevant and reliable. He should also test and review the data used.
2. Assumptions and methods used. The appropriateness of assumptions and
methods used and their applications are the responsibility of the expert. The
auditor will however need to gain an understanding of the assumptions and
methods used and to consider whether they are appropriate and reasonable,
based on the auditors knowledge of the business and the results of other audit
procedures.
3. Results of the experts work. If the results of the experts work are not consistent
other audit evidence, the auditor should resolve the conflict . This may involve:
discussions with the entity and the expert applying additional audit procedures,
including possibility of engaging another expert or modifying the auditors
report.
Communicating with the expert
When communicating with the expert the auditor should include the following in his
communication to the expert:
1. Objectives and scope of the work.
2. Outline of items the auditor expects to be covered in the report.
3. Intended use by the auditor and disclosure to third parties as to experts identity
and extent of involvement.
4. Access of records and files by the expert.

Differences between internal and external audits

Internal audit External audit

1. it is not regulated by the company’s act 1. it is conducted according to the

provision as indicate in CAP 486 company’s act provision cap 486
2. it is conducted continuously throughout 2. it is conducted periodically or once a
the period year
 Internal audit External audit

3. it is conducted by an employee of the 3. it is carried out by independent person

enterprise
4. the auditor acts as a watchdog of the
management as the work is done on
behalf of the management
5. the auditor can be removed by the
management in case of inefficiency
6. the auditors remuneration is fixed by
the management
7. it is conducted by an competent
accountant
8. it is aimed at strengthening the
company’s ICS.
9. The scope of work is determined by the
management. It can be reduced or
increased
10. the auditor is not liable to the 3rd parties
11. the auditor’s report is addressed to the
management
12. the auditor advices the management on
how to run the business in an orderly
manner
13. the auditor checks all the transactions
recorded
as per the company’s act cap 486
4. the auditor acts as watchdog of the
shareholders as the audit is done on
behalf of the members
5. the auditor is removed by the
shareholders at the AGM
6. remuneration is fixed by the members or
management but approved by the
members
7. it is conducted by qualified auditor as
per the company’s act requirements.
8. It is aimed at proving the true and fair
view of the company’s affairs.
9. The scope of work is determined by the
company’s act or statutes. It can never
be reduced but it can be increased.
10. the auditor is liable to the 3rd parties
11. the auditor’s report is addressed to the
member
12. the auditors issues a report to the
members on the use of resources
available
13. The auditors may test – check the
transactions recorded.

Similarities between the internal and external audits

1. Both are concerned with the strength of the company’s ICS. Both will evaluate the
effectiveness of ICS and make appropriate recommendations.
2. Both have an interest in the proper books of accounts being maintained by the company a
required by the company’s act.
3. Both carry out independence review of the company’s operations to ensure they are run
as per the company’s act.
4. They are concerned of appropriate safeguard over the company’s assets.
5. Both submit a report concerning review of company’s operation which is to assist
management take appropriate action.
 6. Use similar techniques in the conduct of audit e.g. tests to be carried out audit
programmers etc.
7. They adhere to the professional ethics in the conduct of audit
8. They may undertake continuous audits especially in big enterprises with large
transactions to enhance the operations efficiency.

Benefit to the internal auditor where there is close coordination between with the external
auditor

1. Internal audit will benefit from management letter as it will be used to boost the strength
of ICS and enforce internal audit recommendation to the BOD
2. Internal audit will use of contents of the management letter with authority to facilitate
change in the company and increase the companies efficiency.
3. He will use the experience of external auditor which he has gained from the wide
exposure to the various companies such experience will enable him to improve the
companies operational efficiency and the controls.
4. The co-operation will boost the confidence of management in the internal audit work and
this will help to conduct efficient internal audits.
5. Auditor will obtain advice on the ways to improve the ICS audit test to be carried out and
the work programs to be designed.

Benefits to external auditor where there is coordination with internal auditor

1. Internal auditor can pinpoint the weaknesses in the ICS so that the external auditor can
concentrate the audit test on such areas.
2. He can use the internal working papers to gather evidence concerning the company’s
operations.
3. He can assist the auditors in explaining the technical operation or controls used by the
client that may be beyond the external auditor understanding.
4. He can undertake the verification of assists e.g. mobile assets which the auditor may not
have the chance to physically inspect e.g. goods which are in the arms of agents, motor
vehicles etc.
5. He will prepare schedule relating to the items in the accounts e.g. fixed assets schedule,
creditors schedule, debtors schedule etc.
6. He will assist the external auditor in giving the feedback as regards the efficiency of the
management in their routine controls this will act as the basis of writing the management
letter.
7. He will assist the ex-auditor in ensuring that the company keeps proper books of
accounts/.
 8. He can undertake the following task on behalf of external auditor e.g. counting of cash at
the branches stock taking etc.

Factors that have contributed to the fast growth of internal audit function

1. Size of modern business. There has been an increase in the size of modern books which
has reduced the efficiency of the management to have full control over the business hence
the need for the internal audit to boost such control.
2. Dynamic businesses – due to the changes in technology, a number of companies have
become so dynamic such that these controls have to be updated from time to time or on
continuous basis. This calls for the constant feedback to ensure that the controls are
adequate and operating effectively.
3. Compensation – in a perfect competition, companies can only survive if they are
operating effectively and these calls for adequate control and cost effectiveness and
operations which are only possible with the assistance of internal audit.
4. Evolution of IT – the increased use of computers has reduced the ability of accounting
department to keep close scrutiny of the accounting transactions. This has created gaps in
the auditing standards which are filled by the internal audit department.
5. Regulatory requirements – the company’s act provides that the management puts in place
adequate systems of control to regulate the operation. The internal auditor should report
the adequacy of control to the management so that necessary improvements can be
carried out.
6. The coming up of mergers, acquisitions and takeovers – this has necessitated the expert
controls in the subsequently formed companies hence the need for internal audit.

Limitations of the internal audit function

Reporting System
The chief internal auditor reports to the finance director. This limits the effectiveness of the
internal audit reports as the finance director will also be responsible for some of the financial
systems that the internal auditor is reporting on. Similarly, the chief internal auditor may soften
or limit criticism in reports to avoid confrontation with the finance director.

To ensure independence, the scope of work of the internal audit department should be decided by
the chief internal auditor, perhaps with the assistance of an audit committee.
Audit work
The chief internal auditor may audit their own work. This limits independence as the auditor is
effectively auditing his own work, and may not therefore identify any mistakes.
To ensure independence, the chief internal auditor should not establish control systems in the
company. However, where controls have already been established, another member of the
internal audit should carry out the audit of that system to provide some limited independence.
Lengths of service of internal audit staff
All internal audit staff may have been employed for a long period of time. This may limit their
effectiveness as they will be very familiar with the systems being reviewed and therefore may
not be sufficiently objective to identify errors in those systems.

To ensure independence, the existing staff should be rotated into different areas of internal audit
work and the chief internal auditor independently review the work carried out.
Appointment of chief internal auditor
The chief internal auditor is appointed by an executive director/CEO. Given that the CEO is
responsible for the running of the company, it is possible that there will be bias in the
appointment of the chief internal auditor; the CEO may appoint someone who he knows will
criticize his work or the company.
To ensure independence, the chief internal auditor should be appointment by an audit committee
or at least the appointment agreed by the whole board.
Variation of standards
Standards for audit are not uniform across the profession. Compares this with external auditors
who, on a global basis, have ISAs against which their performance can be measured.
TEST OF CONTROLS
Tests of control are distinguished from substantive tests
which are designed to detect material misstatements in the
financial statements.

Tests of control may include the following.

(a) Inspection of documents supporting controls or events to gain

audit evidence that internal controls have operated properly, eg
verifying that a transaction has been authorised

(b) Enquiries about internal controls which leave no audit trail, eg

determining who actually performs each function, not merely
who is supposed to perform it
 (c) Reperformance of control procedures, eg reconciliation of
bank accounts, to ensure they were correctly performed by
the entity

(d) Examination of evidence of management views, eg minutes of

management meetings

(e) Testing of internal controls operating on computerised

systems or over the overall IT function, eg access controls

(f) Observation of controls to consider the manner in which the control is

being operated

Auditors should consider:

• How controls were applied

• The consistency with which they were applied during the period
• By whom they were applied

Deviations in the operation of controls (caused by change of staff etc) may increase control risk
and tests of control may need to be modified to confirm effective operation during and after any
change