Expert Answer :10 QUESTION 4 50 marks You are the audit manager a

Solved by verified expert :10QUESTION 4 50 marksYou are the audit manager assigned to the 2004 external audit of Burlap Ltd, a company thatassembles and distributes personal computers. The company has a June year end and is listed onthe JSE Securities Exchange South Africa. You have recently completed the interim audit fieldwork,which focused on updating your knowledge of the risks faced by the business and on validating theinternal control processes implemented by the company to address those risks.During a meeting Mr Bean, the Financial Director, briefed you on a new governance process beingimplemented by the board of directors in order to meet their obligations under the King Code 2002with regard to internal controls. Of particular concern to the directors is the requirement under theKing Code to report in the annual financial statements that?? adequate accounting records and an effective system of internal controls and risk managementhave been maintained;?? the system is regularly reviewed for effectiveness; and?? there is an ongoing process for identifying, evaluating and managing the significant risks faced bythe company, including those relating to business continuity.Accordingly, the directors have established an Audit Risk and Control Committee whose terms ofreference, amongst others, include ensuring that risks arising in the business are appropriatelyidentified and managed and, in particular, that significant internal control weaknesses or noncompliancewith laws and regulations identified by management, internal audit or the external auditorsare appropriately addressed.Mr Bean requested that your firm be present at future meetings of the Audit Risk and ControlCommittee in order to assist the committee members with the identification and assessment of risksand to suggest improvements to internal control and risk management processes. Your firm hassubsequently been provided with committee papers which are to be tabled at the next meeting. Theaudit partner has asked you to consider the issues set out in the attached extracts from those papersand then brief him for that meeting, as he is keen to provide value-added advice to the meeting.Your overall audit plan does not specifically address the issues in the attached extracts.BURLAP LTDAUDIT RISK AND CONTROL COMMITTEEEXTRACTS FROM PAPERS TO BE TABLED AT THE MEETINGTO BE HELD ON 15 MAY 20041 Matters noted by internal audit1.1 Proposed software upgradeThe sales order processing application software will be upgraded from version 4.1 toversion 4.5 during the first week of June 2004.1.2 CompetitionAs part of a price war in the personal computer market, a major competitor hasrecently introduced a new range of computer models with specifications significantlyin excess of Burlap Ltd’s existing products. Management is currently considering afurther reduction in the sale price of its computers, but is concerned that the companywill not be able to recover its overheads unless it can increase sales volumes.112 Matters arising from internal audit work2.1 Statutory recordsAudit findingThe company register for one of the company’s subsidiaries has been mislaid.BackgroundThe company cancelled its contract with Secretarial Services Ltd in October 2003, interms of which the statutory records of the company and its subsidiaries had beenmaintained by that third party. All company registers of the group in possession ofSecretarial Services Ltd were returned to the company.Management comment (Mr Bill Evans – company secretary)We will undertake a company records search at the Registrar of Companies and reestablishthe register.2.2 Warranty repairsAudit findingAlthough technicians document the nature of repairs made to customer equipment,they do not always specify whether the cause was a manufacturing defect, with theresult that management information regarding warranty repairs may be incomplete.BackgroundIT equipment supplied to customers carries a 12-month warranty, in terms of whichthe company has to repair the equipment at no cost to the customer if the fault is dueto an inherent manufacturing defect.Customers have the option of entering into a maintenance contract in terms of whichthe company will repair the equipment in return for a fixed monthly fee payment bythe customer. The standard maintenance contract is for three years, which is theestimated useful life of the equipment.Management comment (Mr Amyas MacDougall – service manager)We accept that there may be instances where warranty repairs are not specificallyidentified by the technician. We will in future ensure that technicians receiveappropriate training in this regard.2.3 Business continuity planningAudit findingAlthough a disaster recovery plan for the sales and marketing division was drawn upand tested during 2002, business continuity for the organisation as a whole has notbeen addressed.It should be an organisation policy requirement that a business continuity plan formspart of normal operational requirements for both the IT function and all other businessunits. IT policies and procedures should require the following:12?? A consistent philosophy and framework for the development of contingencyplans;?? Prioritisation of applications with respect to timeliness of recovery and return;?? Assessment of risk and insurance needs for loss of business in contingencysituations, with regard to both the IT function and IT users;?? An outline of specific roles and responsibilities for contingency planning, withspecific test, maintenance and update requirements; and?? Formal contract arrangements with vendors to provide services in the event of adisaster, including a back-up site facility or relationship, in advance of actualneed.Management comment (Ms Anna Fischer – IT manager)A three-year plan is in place for the development and testing of disaster recovery plansfor all business units.2.4 Cheque signing proceduresAudit findingThe validity of supporting documentation should be assessed by both chequesignatories prior to authorising creditor payments.BackgroundManagement discovered a fraud in October 2003, in which an employee with a longservice history had managed to accumulate R2,5 million in a personal bank account byprocessing invalid creditor payments over a number of years. The employee submittedpayment requisitions in respect of invoices from a fictitious supplier. As the paymentswere regular and not individually large, the requisitions were authorised as a matter ofcourse.Management comment (Mr Ivan Counter – financial manager)We consider this fraud to be an isolated incident and are satisfied that the company’scheque signing procedures are adequate.2.5 IT environment controlsAudit findingManagement should consider the following recommendations for improving its ITenvironment controls relating to physical security:?? There should be no water pipes/drainage pipes or water sprinkler systems in theserver room.?? Appropriate fire extinguishers should be available for fire fighting.?? A register of maintenance of the uninterrupted power supply hardware (UPS) andemergency power generator should be maintained.Management comment (Mr Mohammed Clay – physical security manager)These recommendations will be investigated and considered and, where appropriate,they will be implemented.133 Matter raised by the external auditors3.1 Reconciliation procedures – accounts payableAudit findingThe accounts payable balances in the creditors sub-ledger should be reconciled withunderlying supplier statements and reviewed by the financial manager on a monthlybasis. These balances are at present reconciled with suppliers’ invoices, but not withcreditors’ statements.Management comment (Ms Betty Ndlovu – accounts payable supervisor)We do not view this as a risk as all payments are effected on the basis of approvedcreditors’ invoices. However, individual creditors accounts will in future be reconciledwith the creditors’ statements on a monthly basis.REQUIRED(a) For each of the issues set out in the attached extracts of committee papers –(i) identify the potential risk to the business; and(ii) list the specific factors that should be considered in assessing the significance of the risk.(25)(b) Discuss the effect on the overall audit plan of the issues identified from the attached committeepapers, including any increases in audit scope of which management would have to beadvised. (15)(c) Discuss the issues that should be considered in accepting of the invitation to attend the AuditRisk and Control Committee meetings, and arising from the SAICA Code of Conduct. (5)(d) List ways in which your firm could assist the directors in fulfilling their responsibilities under theKing Code 2002 as required to be reported on in the annual financial statements. (5)