AUI3702
EXAM PACK
,AUI3702 MAY/JUNE 2024 Examination:
QUESTION 1 – Multiple Choice (15 marks)
Answer format:
1.1 A
1.2 A
...
Answers:
1.1 A
1.2 A
1.3 A
1.4 B
1.5 D
1.6 B
1.7 D
1.8 C
1.9 C
1.10 D
1.11 A
1.12 C
1.13 A
1.14 B
1.15 C
QUESTION 2 – Matching Definitions (10 marks)
Answer format:
2.1 E
2.2 D
...
Answers:
2.1 E – Ordinary errors are being made.
2.2 D – Types of internal control activities.
2.3 G – Measure the effectiveness of the preventive control.
2.4 H – Must be signed and dated by the internal auditor who prepared it.
2.5 B – Information that supports engagement observations and recommendations and is
consistent with the objectives of the engagement.
2.6 J – Documentary evidence.
2.7 I – Sampling risk.
,2.8 C – A written description of the business process or business unit.
2.9 A – The characteristics in the sample are the same as those of the population.
2.10 F – Engagement procedures are performed to determine correctness.
QUESTION 3 – Revenue and Receipt Cycle (20 marks)
3.1 Collection of Cash from Registers (4 marks)
Cash collection should be done at regular intervals by a supervisor and cashier together.
Both parties should sign a count sheet.
The till rolls should be compared to cash counted.
Cash to be placed in a lockable, tamper-evident bag and stored in a safe until banked.
3.2 Recording and Reconciliation of Cash Sales (10 marks)
Daily sales per till roll vs daily cash received reconciliation.
Override reports reviewed and signed by supervisor.
Separate duties: cashier, supervisor, and bookkeeper.
Bookkeeper to post entries to the general ledger from till summaries.
Review cash shortages/overages report.
Maintain cash sales journals and validate with supporting till slips.
Supervisors approve voids and refunds.
Physical till roll retained as audit trail.
Cash register totals checked to avoid manipulation.
Daily reconciliation approved by Chanelle.
3.3 Banking Process of Cash (6 marks)
Cash should be banked daily or at least every 2nd day.
Two-person rule for banking preparation and deposit.
Bank deposit slips prepared by one staff member, verified by another.
Compare deposit slips to cash collection records.
Retain bank-stamped deposit slips and reconcile with bank statements.
Review and approval of deposit documentation by Chanelle/bookkeeper.
QUESTION 4 – Payroll Cycle and Fraud (25 marks)
4.1 Purpose of Each Control (10 marks)
a) Prevent unauthorised pay changes.
b) Confirm actual attendance.
c) Validate hours before payment.
, d) Detect anomalies in wages.
e) Provide transparency and proof of payment.
f) Ensure correct loan deductions.
g) Compliance with tax laws.
h) Reduce risk of hiring fraudulent/skilled imposters.
i) Prevent incorrect EFTs.
j) Enforce punctuality.
4.2 Audit Engagement Procedures (15 marks)
a) Inspect amendment forms and trace to authorisations.
b) Observe entry/exit procedures and inspect time logs.
c) Inspect foreman-signed time reports and reconcile hours.
d) Recalculate sample wage amounts and verify period-to-period differences.
e) Review sample payslips and verify EFT deposit.
f) Trace deductions to loan agreements.
g) Match PAYE deductions to SARS receipts.
h) Review HR files for background check documentation.
i) Review the EFT batch details and inspector sign-off logs.
j) Inspect warning letter log and correlate with attendance records.
QUESTION 5 – Financial and Operational Audit (30 marks)
5.1 General Control Weaknesses (20 marks)
Control Environment (3 marks)
IT reports to finance, not operations or CIO—weak independence.
Relaxed management style leads to limited oversight.
Lack of documentation of responsibilities and accountability.
Organisational Structure (5 marks)
IT duties are overlapping; poor segregation.
Single person (Michael) controls IT—risk of concentration.
No proper reporting lines to technical or operational governance.
Access Controls (10 marks)
Predictable access code (date) to computer room = weak physical security.
Unsecured network access via tearoom ports.
Weak password policy (easy to guess, shared format).
No user authentication or logging for system access.
Lack of role-based access control; everyone has broad access.
EXAM PACK
,AUI3702 MAY/JUNE 2024 Examination:
QUESTION 1 – Multiple Choice (15 marks)
Answer format:
1.1 A
1.2 A
...
Answers:
1.1 A
1.2 A
1.3 A
1.4 B
1.5 D
1.6 B
1.7 D
1.8 C
1.9 C
1.10 D
1.11 A
1.12 C
1.13 A
1.14 B
1.15 C
QUESTION 2 – Matching Definitions (10 marks)
Answer format:
2.1 E
2.2 D
...
Answers:
2.1 E – Ordinary errors are being made.
2.2 D – Types of internal control activities.
2.3 G – Measure the effectiveness of the preventive control.
2.4 H – Must be signed and dated by the internal auditor who prepared it.
2.5 B – Information that supports engagement observations and recommendations and is
consistent with the objectives of the engagement.
2.6 J – Documentary evidence.
2.7 I – Sampling risk.
,2.8 C – A written description of the business process or business unit.
2.9 A – The characteristics in the sample are the same as those of the population.
2.10 F – Engagement procedures are performed to determine correctness.
QUESTION 3 – Revenue and Receipt Cycle (20 marks)
3.1 Collection of Cash from Registers (4 marks)
Cash collection should be done at regular intervals by a supervisor and cashier together.
Both parties should sign a count sheet.
The till rolls should be compared to cash counted.
Cash to be placed in a lockable, tamper-evident bag and stored in a safe until banked.
3.2 Recording and Reconciliation of Cash Sales (10 marks)
Daily sales per till roll vs daily cash received reconciliation.
Override reports reviewed and signed by supervisor.
Separate duties: cashier, supervisor, and bookkeeper.
Bookkeeper to post entries to the general ledger from till summaries.
Review cash shortages/overages report.
Maintain cash sales journals and validate with supporting till slips.
Supervisors approve voids and refunds.
Physical till roll retained as audit trail.
Cash register totals checked to avoid manipulation.
Daily reconciliation approved by Chanelle.
3.3 Banking Process of Cash (6 marks)
Cash should be banked daily or at least every 2nd day.
Two-person rule for banking preparation and deposit.
Bank deposit slips prepared by one staff member, verified by another.
Compare deposit slips to cash collection records.
Retain bank-stamped deposit slips and reconcile with bank statements.
Review and approval of deposit documentation by Chanelle/bookkeeper.
QUESTION 4 – Payroll Cycle and Fraud (25 marks)
4.1 Purpose of Each Control (10 marks)
a) Prevent unauthorised pay changes.
b) Confirm actual attendance.
c) Validate hours before payment.
, d) Detect anomalies in wages.
e) Provide transparency and proof of payment.
f) Ensure correct loan deductions.
g) Compliance with tax laws.
h) Reduce risk of hiring fraudulent/skilled imposters.
i) Prevent incorrect EFTs.
j) Enforce punctuality.
4.2 Audit Engagement Procedures (15 marks)
a) Inspect amendment forms and trace to authorisations.
b) Observe entry/exit procedures and inspect time logs.
c) Inspect foreman-signed time reports and reconcile hours.
d) Recalculate sample wage amounts and verify period-to-period differences.
e) Review sample payslips and verify EFT deposit.
f) Trace deductions to loan agreements.
g) Match PAYE deductions to SARS receipts.
h) Review HR files for background check documentation.
i) Review the EFT batch details and inspector sign-off logs.
j) Inspect warning letter log and correlate with attendance records.
QUESTION 5 – Financial and Operational Audit (30 marks)
5.1 General Control Weaknesses (20 marks)
Control Environment (3 marks)
IT reports to finance, not operations or CIO—weak independence.
Relaxed management style leads to limited oversight.
Lack of documentation of responsibilities and accountability.
Organisational Structure (5 marks)
IT duties are overlapping; poor segregation.
Single person (Michael) controls IT—risk of concentration.
No proper reporting lines to technical or operational governance.
Access Controls (10 marks)
Predictable access code (date) to computer room = weak physical security.
Unsecured network access via tearoom ports.
Weak password policy (easy to guess, shared format).
No user authentication or logging for system access.
Lack of role-based access control; everyone has broad access.
