ASPECTS OF INTERNAL CONTROLS AND CORPORATE GOVERNANCE-AUE2602
AUE2602/ep/ag
EXAMPACK
ASPECTS OF INTERNAL CONTROLS AND CORPORATE GOVERNANCE-AUE2602
LUCIANO SCHOOL OF LAW & SOCIAL SCIENCES [LSLSS]
© 2015
Authored by: Naphtali
, 2
WWW.LSLSS.CO.ZA 012 751 7588
Contents
STUDY NOTES ............................................................................................................................................................... 3
HOW TO EARN MARKS ............................................................................................................................................... 17
Access Controls ........................................................................................................................................................... 19
Examples of tests of controls questions ................................................................................................................. 2
1. Board of directors ......................................................................................................................................... 6
Composition of the board ........................................................................................................................................ 6
What is an independent non-executive director? (Principle 2.18 (par 67), King Report) ........................................ 6
2. Board committees ........................................................................................................................................ 7
3. Governance of risk ........................................................................................................................................ 9
4. Governance of Information Technology....................................................................................................... 9
5. Internal audit .............................................................................................................................................. 10
6. Sustainability, integrated reporting and disclosure ................................................................................... 10
7. The link between governance principles and law ...................................................................................... 11
Introduction ........................................................................................................................................................... 13
May/June 2013 ....................................................................................................................................................... 16
OCTOBER / NOVEMBER 2014 ................................................................................................................................. 26
MAY/JUNE 2014 EXAM PACK ................................................................................................................................. 29
May 2014 References ............................................................................................................................................. 33
Exam Paper ............................................................................................................................................................. 36
Nov 2013 Memo References .................................................................................................................................. 45
Question papers are attached on separate sheets, and some are
also accessible on myunisa.
, 3
WWW.LSLSS.CO.ZA 012 751 7588
STUDY NOTES
Introduction
Students often ask where internal control and controls in a computerized environment fit into the audit
process.
In terms of ISA 315 (par 5 and 6), auditors are required to perform risk assessment procedures. These
procedures are performed to obtain an understanding of the entity and its environment (including
internal control) sufficient to identify and assess risks of material misstatement, whether due to fraud
or error.
When the auditor identifies and assesses the risks of material misstatement, it should be done at:
(i) the financial statement level;
AND
(ii) the assertion level for classes of transactions, account balances and disclosures.
This provides a basis for designing and performing further audit procedures.
ISA 315 (par 26) highlights the following for this purpose:
• identification of risks (through the process of obtaining an understanding of the entity and its
environment and by considering classes of transactions, account balances, and disclosures in the
financial statements) and identification of relevant controls that relate to these identified risks
(covered specifically in this tutorial letter);
• assessing and evaluating these identified risks;
• relating the risks to what can go wrong at the assertion level; and
• considering the likelihood of material misstatement (refer to Appendix 2 of ISA 315 for
conditions and events that may indicate risks of material misstatement).
All of these procedures apply to both tutorial letters 103 and 104.
It is important to note that the understanding that the auditor has to obtain of the entity and its
environment includes an understanding of the entity‟s internal control.
, 4
WWW.LSLSS.CO.ZA 012 751 7588
What is internal control?
ISA 315 (par 4) stipulates that it is
• the process designed, implemented and maintained;
• by those charged with governance (refer to ISA 260 par 10 for definition), management and
other personnel;
• to provide reasonable assurance about the achievement of an entity’s objectives with regard
to:
reliability of financial reporting;
effectiveness and efficiency of operations; and
compliance with applicable laws and regulations.
ISA 315 (par 12) stipulates that the auditor has to obtain an understanding of internal control relevant to
the audit.
Internal control is designed and implemented to address identified business risks that threaten the
achievement of any of the above objectives.
When the auditor obtains an understanding of internal control, he/she has to (ISA 315 par 13):
• evaluate the design of those controls. Does a control (individually or in combination with others)
effectively prevent, or detect and correct material misstatements?
• determine whether these controls have been implemented. It is no use having brilliant controls
in theory if they are not implemented and used effectively by the entity.
Inquiry from the entity‟s personnel alone is not sufficient. Other procedures (e.g.
observation, inspection, etc.) have to be performed in addition.
Internal control, according to ISA 315 (par 14-24), consists of the following components:
• the control environment;
• the entity’s risk assessment process;
• the information system (including the related business processes) relevant to financial reporting
and communication;
AUE2602/ep/ag
EXAMPACK
ASPECTS OF INTERNAL CONTROLS AND CORPORATE GOVERNANCE-AUE2602
LUCIANO SCHOOL OF LAW & SOCIAL SCIENCES [LSLSS]
© 2015
Authored by: Naphtali
, 2
WWW.LSLSS.CO.ZA 012 751 7588
Contents
STUDY NOTES ............................................................................................................................................................... 3
HOW TO EARN MARKS ............................................................................................................................................... 17
Access Controls ........................................................................................................................................................... 19
Examples of tests of controls questions ................................................................................................................. 2
1. Board of directors ......................................................................................................................................... 6
Composition of the board ........................................................................................................................................ 6
What is an independent non-executive director? (Principle 2.18 (par 67), King Report) ........................................ 6
2. Board committees ........................................................................................................................................ 7
3. Governance of risk ........................................................................................................................................ 9
4. Governance of Information Technology....................................................................................................... 9
5. Internal audit .............................................................................................................................................. 10
6. Sustainability, integrated reporting and disclosure ................................................................................... 10
7. The link between governance principles and law ...................................................................................... 11
Introduction ........................................................................................................................................................... 13
May/June 2013 ....................................................................................................................................................... 16
OCTOBER / NOVEMBER 2014 ................................................................................................................................. 26
MAY/JUNE 2014 EXAM PACK ................................................................................................................................. 29
May 2014 References ............................................................................................................................................. 33
Exam Paper ............................................................................................................................................................. 36
Nov 2013 Memo References .................................................................................................................................. 45
Question papers are attached on separate sheets, and some are
also accessible on myunisa.
, 3
WWW.LSLSS.CO.ZA 012 751 7588
STUDY NOTES
Introduction
Students often ask where internal control and controls in a computerized environment fit into the audit
process.
In terms of ISA 315 (par 5 and 6), auditors are required to perform risk assessment procedures. These
procedures are performed to obtain an understanding of the entity and its environment (including
internal control) sufficient to identify and assess risks of material misstatement, whether due to fraud
or error.
When the auditor identifies and assesses the risks of material misstatement, it should be done at:
(i) the financial statement level;
AND
(ii) the assertion level for classes of transactions, account balances and disclosures.
This provides a basis for designing and performing further audit procedures.
ISA 315 (par 26) highlights the following for this purpose:
• identification of risks (through the process of obtaining an understanding of the entity and its
environment and by considering classes of transactions, account balances, and disclosures in the
financial statements) and identification of relevant controls that relate to these identified risks
(covered specifically in this tutorial letter);
• assessing and evaluating these identified risks;
• relating the risks to what can go wrong at the assertion level; and
• considering the likelihood of material misstatement (refer to Appendix 2 of ISA 315 for
conditions and events that may indicate risks of material misstatement).
All of these procedures apply to both tutorial letters 103 and 104.
It is important to note that the understanding that the auditor has to obtain of the entity and its
environment includes an understanding of the entity‟s internal control.
, 4
WWW.LSLSS.CO.ZA 012 751 7588
What is internal control?
ISA 315 (par 4) stipulates that it is
• the process designed, implemented and maintained;
• by those charged with governance (refer to ISA 260 par 10 for definition), management and
other personnel;
• to provide reasonable assurance about the achievement of an entity’s objectives with regard
to:
reliability of financial reporting;
effectiveness and efficiency of operations; and
compliance with applicable laws and regulations.
ISA 315 (par 12) stipulates that the auditor has to obtain an understanding of internal control relevant to
the audit.
Internal control is designed and implemented to address identified business risks that threaten the
achievement of any of the above objectives.
When the auditor obtains an understanding of internal control, he/she has to (ISA 315 par 13):
• evaluate the design of those controls. Does a control (individually or in combination with others)
effectively prevent, or detect and correct material misstatements?
• determine whether these controls have been implemented. It is no use having brilliant controls
in theory if they are not implemented and used effectively by the entity.
Inquiry from the entity‟s personnel alone is not sufficient. Other procedures (e.g.
observation, inspection, etc.) have to be performed in addition.
Internal control, according to ISA 315 (par 14-24), consists of the following components:
• the control environment;
• the entity’s risk assessment process;
• the information system (including the related business processes) relevant to financial reporting
and communication;
