AUI3703/202//2022

Tutorial Letter 202/2/2022

The Internal Audit Process:

Specific Audit Engagements and
Reporting
AUI3703

Semester 2

Department of Auditing
This tutorial letter contains important information about your module.

Bar code

Open Rubric
 AUI3703/202/2/2022

CONTENTS

1 BRIEFING ......................................................................................................................... 3
2 KEY TO ASSIGNMENT 02/2022 ...................................................................................... 4

2
 AUI3703/202/2/2022

1 BRIEFING

This tutorial letter contains the solution to Assignment 02 for this semester. The marks you
received for your answers to these questions will constitute your mark for this assignment and
will contribute towards your year mark.
You need to assess your answers to the unmarked questions yourself by comparing your
answers to those provided in this tutorial letter.
Use the marking plan as a guide to award yourself marks for your answers. Take care not to
mark the same concept more than once just because it appears more than once, perhaps in
different words or in a different format.
After you have marked your own answers, please reflect carefully on your results to determine
why you could not allocate full marks to your answers. Please ensure that you allocate marks
only to valid answers. It is imperative that you identify your problem areas now, while you can
still do something about them. If you do not solve all your problems as soon as you have
identified them, you may repeat the same mistakes in the examination, and that could prove
very costly.
Marking your answers should enable you to identify any problems you may be experiencing.
Your marks for this assignment will be an indication of your level of knowledge of the module
content at this stage. You should still have enough time left to revise the work and solve the
identified problem areas before the examination.
We trust that you have found the assignment both interesting and informative and that it has
served as an aid for your examination preparation. Should you encounter any difficulties
regarding this module in internal auditing, please do not hesitate to contact us.
Lecturer: AUI3703

3
 AUI3703/202/2/2022

2 KEY TO ASSIGNMENT 02/2022

Question 1 42 Marks

1.1 How performance audit can be carried out without duplicating the work that was
conducted by the external auditors.
Reference: Study guide, learning unit 8.4 & Learning Unit 4

The external auditors are involved in financial auditing to confirm the reliability and accuracy
of financial information and the fairness of the financial statements of the organisation. (1)
Operational auditing is carried out to support management on all levels of an organisation in
the effective discharge of their duties and the achievement of their objectives. (1)
During an operational audit, the economy, efficiency and effectiveness of sections, activities
and production processes are reviewed with the objective of optimisation. (1)
In operational audit, the focus is not only placed on financial figures and financial recording,
but on all procedures carried out within the organisation. (1)
Therefore, even though the external auditors have also performed an audit, the purpose and
focus of the audits are different and the work of the external auditors will not be duplicated.
(1)
(Mark as indicated, maximum 5 marks)
Feedback
This is a theoretical question. You had to explain what the difference between the scope for
external auditors (financial audits) is and for internal auditors. Then explain what is done by
external auditors and what is done by internal auditors and then you must conclude that their
work will not be duplicated.
1.2 Indicate whether each of the observations made in the scenario (1 to 6) relates to a
lack of economy, efficiency, or effectiveness
Reference: Study guide, learning unit 8.3

1. Efficiency
2. Economy
3. Efficiency
4. Effectiveness
5. Economy
6. Efficiency
7. Efficiency
8. Effectiveness
9. Economy
10. Effectiveness

(1 mark each, maximum 10 marks)

Feedback
This is an example of an application question. You should know the difference between
economy, efficiency and effectiveness. You should be able to define the elements of a

4
 AUI3703/202/2/2022
performance audit. You should also be able to identify for each scenario whether it relates to
economy, efficiency or effectiveness.

1.3 The description of the relationship between the economy, efficiency, and effectiveness
of a process in terms of inputs and outputs
Reference: Study guide, learning unit 8.4

Economy: The relationship between planned inputs and actual inputs in terms of unit costs
(1) is the extent to which a process gets the right quantity and quality of a resource at the
right time and best possible price. (1)

Efficiency: The relationship between actual inputs and actual outputs (1) is the extent to
which a process or activity has been optimised, such that, all other things remain constant,
its output has been maximised for a given amount of input and its input has been
minimised for a given amount of output. (1)

Effectiveness: The relationship between actual outputs and planned outputs. (1) is the extent
to which an activity achieves its stated performance objectives. (1)

(Marks as indicated, maximum 6 marks)

Feedback
Ensure that when the question states that ‘in terms of input and outputs” you have to refer
to the relationship between the actual and planned inputs and outputs. The relationship
between the input and output are explained in a diagram in the study guide.

1.4 Formulation six (6) audit procedures that provide assurance on the effectiveness of
the procedures followed by Box-it to…

References: Study guide, learning unit 8.3

1. Inspect whether Box-It has an approach to the development of realistic targets and
objectives (1½).

2. Verify whether Box-It has developed procedures for attaining targets and objectives (1½)

3. Inspect whether management have adequate methods of measuring effectiveness (1½)

4. Assess whether measures are in place to establish the extent to which results are being
achieved (1½)

5. Investigate whether factors that impede satisfactory performance are identified and
rectified. (1½)

6. Inspect whether the reporting on the performance of the distribution department is

monitored against the targets. (1½)

5
 AUI3703/202/2/2022
(½ mark will be allocated for correct formulation of audit procedure, i.e. use of correct action
word. 1 mark for relevant wording linked to effectiveness. Maximum 9 marks)

Feedback
Ensure that you formulate the audit procedure correctly. ½ mark will be allocated for the
correct formulation of the audit procedure and 1 mark will be allocated for the correct
application of effectiveness. Ensure that your audit procedure address the correct element of
economy, efficiency or effectiveness.

1.6 Formulate an audit finding

References: Study guide, learning unit 22

Condition (½): Most orders are delivered late, after the 24 hours turnaround time.
(½)

Criteria (½): All orders received from the administrative department should be
delivered within 24 hours. (½)

Cause (½): Shortage of staff (½)

Effect (½): Box-It will incur financial losses due to the 10% discount they have
to give to the stores for orders delivered after 24 hours. (½)

Recommendation (½): Box-It should investigate the reason for staff shortages and appoint
temporary staff or additional staff members to assist with the
distribution of the boxes. (½)

(Marks as indicated, maximum 5 marks)

Feedback
This is an application question. You must formulate your own finding based on the
information provided in the scenario. It is important that the finding is formulated based
on the information in the scenario.

1.7 Characteristics of good internal audit reporting

References: Study guide, learning unit 22

1. Only important matters should be reported.

2. Internal audit reports should be useful and timely.
3. Internal audit reports should be accurate and adequately supported by relevant vouchers.
4. The findings should prompt management and personnel involved to take action.
5. Audit reports should be objective and contain sufficient information to give their readers
the necessary perspective.

6
 AUI3703/202/2/2022
6. Internal audit reports should be clearly and simply presented.
7. Internal audit reports should be concise.
8. Internal audit reports should have a constructive impact.
9. Internal audit reports should be logically arranged and positive.

(Mark as indicated, maximum 7 marks)

Feedback
This is a purely theoretical question. You had to list the characteristics of a good internal audit
report.

Question 2 24 Marks

2.1 Identification of eight (8) red flags from the scenario and indicate whether the
identified red flag is a weakness in internal control or possible fraud

References: Study guide, learning unit 10

No Red Flag Control weakness or possible fraud

1. Orders are placed by unapproved customers. Control weakness

2. No procedures in place to ensure customers are Control weakness

vetted before they are approved.

3. There is staff shortage in the distribution Control weakness

department.

4. The two staff members are the brothers of Mr Possible fraud

Boom and he refuse to appoint additional staff.

5. Management does not require monthly reports Control weakness

from the distribution department.

6. Mr Boom accumulated leave, works every Possible fraud

weekend and does not take lunch breaks and
refuses to go on leave

7. Overtime claims approved by Mr Boom and not Possible fraud

senior management, refusal to submit claims for
further approval.

8. No policies and procedures that relate to the Control weakness

distribution department.

7
 AUI3703/202/2/2022
(Marks as indicated, maximum 16 marks)
Feedback
This is an application question. The red flags should be identified from the information
provided in the scenario. For every red flag you should identify if the red flag relates to
possible fraud or to a control weakness. Students tend to do well in identifying the red
flags as all the red flags are in the scenario. The red flag should be identified and
described in your own words and should not be directly copied from the scenario.

You should also be able to identify a control that will address the red flag. (Not required
in this question). The control should address the red flag and note that it should be a
control that can be implemented and not a suggestion.

2.2 Describe responsibility of internal auditors in fraud detection and reporting thereof
with reference to the Standards

Reference: Study guide, learning unit 12

The responsibilities of internal audit in fraud detection and reporting are indicated in the
following Standards:

1. IIA Standard 1200: Proficiency and Due Professional Care

• 1210.A2 – Internal auditors must have sufficient knowledge to evaluate the risk of
fraud and the manner in which it is managed by the organisation but are not
expected to have the expertise of a person whose primary responsibility is detecting
and investigating fraud. (1)

2. IIA Standard 1220: Due Professional Care

• 1220.A1 – Internal auditors must exercise due professional care by considering the
probability of significant errors, fraud, or noncompliance. (1)

3. IIA Standard 2120: Risk Management

• 2120.A2 – The internal audit activity must evaluate the potential for the occurrence
of fraud and how the organisation manages fraud risk. (1)
• IIA Standard 2210: Engagement Objectives 2210.A2 – Internal auditors must
consider the probability of significant errors, fraud, noncompliance, and other
exposures when developing the engagement objectives. (1)

4. IIA Standard 2060: Reporting to Senior Management and the Board

• Reporting must also include significant risk and control issues, including fraud risks,
governance issues, and other matters that require the attention of senior
management and/or the board. (1)
(Marks as indicated, maximum 8 marks)

8
 AUI3703/202/2/2022
Feedback
This is a theoretical question and you had to refer to the IPPF. If the standard was not
correctly quoted a mark will still be allocated for the explanation.

Question 3 34 Marks

3.1 The level of proficiency a non-IT specialist internal auditor should have in IT in terms of
the IIA Standards?

Reference: IIA Standards

Standard :1210 – Proficiency (1210.A3) (1)

Internal auditors must have sufficient knowledge of key information technology risks and
controls and available technology-based audit techniques to perform their assigned work. (1)
However, not all internal auditors are expected to have the expertise of an internal auditor
whose primary responsibility is information technology auditing (1)

Standard: 1220 – Due Professional Care (1220.A2) (1)

In exercising due professional care internal auditors must consider the use of technology-
based audit and other data analysis techniques (1)

(Marks as indicated, maximum 4 marks)

Feedback
This is a theoretical question and you had to refer to the IPPF. One mark was allocated for
quoting the correct standard and one mark for the explanation. If the standard was not
quoted a mark will still be allocated for the explanation. Take note that the questions
specifically stated that the standard number should be referenced.

3.3 Application and General Controls at Connect IT Limited

Reference: Study Guide, learning unit 16

1. Application control (1)

2. Application control (1)
3. General control (1)
4. General control (1)
5. Application control (1)
6. General control (1)
7. General control (1)
8. General control (1)
9. Application control (1)
10. General control (1)

9
 AUI3703/202/2/2022
11. Application control (1)
12. Application control (1)

(Marks as indicated, maximum 12 marks)

Feedback
This is an application question. You need to be able to identify for each control provided
whether it is a general or application control.

You should also be able to define and explain the difference between general and application
controls.

3.4 Discuss the three (3) performance implementation standards that specifically address
the internal auditor’s assurance engagement responsibilities regarding information
systems and technology

Reference: Study guide, section 16

Three performance implementation standards:

2120.A1 – T he internal audit activity must evaluate risk exposures relating to the
organization’s governance, operations, and information systems regarding the:
(1)
• Achievement of the organization’s strategic objectives.
• Reliability and integrity of financial and operational information.
• Effectiveness and efficiency of operations and programs.
• Safeguarding of assets.
• Compliance with laws, regulations, policies, procedures, and contracts

2130.A1 –. The internal audit activity must evaluate the adequacy and effectiveness of
controls in responding to risks within the organization’s governance, operations,
and information systems regarding the: (1)
• Achievement of the organization’s strategic objectives.
• Reliability and integrity of financial and operational information.
• Effectiveness and efficiency of operations and programs.
• Safeguarding of assets.
• Compliance with laws, regulations, policies, procedures, and contracts

2110.A2 – The internal audit activity must assess whether the information technology
governance of the organization supports the organization’s strategies and
objectives. (1)
(Marks as indicated, maximum 3 marks)

Feedback
This is a theoretical question and you had to refer to the IPPF. One mark was allocated for
quoting the correct standard and one mark for the explanation. If the standard number was
not quoted a mark will still be allocated for the explanation.

10
 AUI3703/202/2/2022
3.5 IT controls in a payroll cycle

Reference: Study guide, learning unit 16

A1. F
A2. E
A3. I
A4. M
A5. K
A6. B
A7. J
A8. C
A9. H
A10. G
(1½ mark each, maximum 15 marks)

Feedback
For this question you had to match column A to column B. It is an application question, and
you should match the definitions of column B with column A. Ensure that you work through
the solution.
©
Unisa 2022

11
AUI3703/202/2/2022

12