Illustrative Audit Case: Keystone Computers & Networks, Inc. Part II: Consideration of Internal Control This second part of the audit case of Keystone Computers & Networks, Inc. (KCN), illustrates the manner in which auditors obtain an understanding of internal control, perform tests of controls, and assess control risk. The process is illustrated with the revenue and cash receipts cycle and includes the following working papers: A questionnaire to document the control environment, risk assessment, and monitoring components of the companys internal control. Since this questionnaire is designed for nonpublic companies, it does not address factors that are generally found only in public companies, such as an audit committee of the board of directors. An organizational chart for the company. This working paper helps the auditors evaluate the overall segregation of functions within the company. A flowchart description of the revenue and cash receipts cycle of the company and the related controls prepared by the staff of Adams, Barnes & Co. (ABC), CPAs. ABCs working paper for assessment of control risk for accounts receivable and revenue as it would appear before any tests of controls are performed. This working paper identifies the controls and deficiencies for the revenue and cash receipts cycle. It also relates the controls and deficiencies to the various financial statement assertions about revenue and accounts receivable. The audit plan for tests of controls for the revenue and cash receipts cycle. This working paper describes the various tests of controls that were performed by the staff of ABC to obtain evidence about the operating effectiveness of the controls. These tests provide the support for the auditors assessed level of control risk. Page 488 ABCs working paper documenting the results of tests of controls that were performed using audit sampling. ABCs working paper for assessment of control risk for accounts receivable and revenue as it would appear after all tests of controls are performed. Notice that the auditors have checked the boxes indicating that the controls are operating effectively. This allows ABCs staff to arrive at the final assessed level of control risk as indicated at the bottom of the working paper. You should read through the information to obtain an understanding of the way in which auditors document their understanding of internal control and the assessment of control risk for a transaction cycle. You may also wish to review the planning documentation presented on pages 240247 of Chapter 6 to refresh your knowledge about the nature of the companys business. OBTAINING AND DOCUMENTING AN UNDERSTANDING OF THE REVENUE AND CASH RECEIPTS CYCLE ABCs consideration of the controls relating to the revenue cycle began by updating various working papers, including the following: Control Environment, Risk Assessment, and Monitoring QuestionnaireIC-3 and IC-4. Organizational Chart of KCNIC-5. Revenue and Cash Receipts Cycle FlowchartIC-8. Assessment of Control Risk Worksheet (before tests of controls are performed)IC-20.5 The Control Environment, Risk Assessment, and Monitoring Questionnaire (IC-3 and IC-4), the Organizational Chart (IC-5), and the description of Internal ControlSales and Collection Cycle (IC-8) required only limited updating because there were few changes in internal control during the year, and key personnel are the same as in the preceding year. After completing the description of internal control, the audit staff of ABC observed operation of the system and found that the controls had been placed in operation. The staff of ABC then used the documentation of internal control to identify controls and deficiencies on Schedule IC-20. This schedule includes check boxes in the appropriate columns to designate the financial statement assertions that are addressed by the internal control policy or procedure. For the deficiencies, an X is included in the appropriate columns. Before tests of controls are performed, the check boxes are blank because the auditors do not know whether the controls are operating effectively. Page 489 TESTING CONTROLS AND ASSESSING CONTROL RISK When obtaining an understanding of the overall internal control, ABCs audit staff first considered the elements of control environment, risk assessment, and monitoring as documented with the questionnaire (IC-3 and IC-4). As indicated on the questionnaire, they found these components to be strong for a nonpublic company and to reflect an atmosphere conducive to the effective operation of the accounting information system and control activities. Based on their understanding of internal control, ABCs staff planned assessed levels of control risk at a low level for completeness and at a moderate level for existence or occurrence, rights, and valuation. As with most small businesses, the auditors found that KCN had no effective controls to address the presentation and disclosure assertion. Based on the planned assessed levels, the audit staff of ABC designed a plan (IC-12 and IC-13) to test the controls. Schedule IC-15 illustrates how they determined sample size and evaluated the results of tests of controls that involved audit sampling. The completed Schedule IC-20 on pages 499500 includes check marks to indicate that the tests of controls demonstrated that the related controls were operating effectively. Based on these results, the auditors assessed levels of control riskindicated in the last row of Schedule IC-20were supported at their planned levels. These assessments will be used in conjunction with the inherent risk assessments to determine the nature, timing, and extent of substantive procedures for revenue and accounts receivable. These tests are illustrated in Part III of the case in Appendix 11B. Page 492 Appendix 11A Problems 11A1. A summary of the controls for the revenue and cash receipts cycle of Keystone Computers & Networks, Inc., appears on pages 487500. LO 11-2, 5, 6 Required: For the following three controls over sales, indicate one type of error or fraud that the control serves to prevent or detect. Organize your solution as follows: Control Error or Fraud Controlled Application controls are applied when customer orders are entered by the sales order clerk. The computer assigns numbers to sales invoices when they are prepared. Monthly statements are mailed to customers. For the following three controls over cash receipts, indicate one type of error or fraud that the control serves to prevent or detect. Organize your solution as follows: Control Error or Fraud Controlled Cash receipts are prelisted by the receptionist. The accounting manager reconciles control totals generated by the accounts receivable computer program. The computer summaries of cash collections and cash sales are reconciled to prelistings of cash receipts and cash deposits by the accounting manager. 11A2. As indicated on the control risk assessment working paper on page 490, the auditors identified two weaknesses in internal control over the revenue cycle of KCN. Describe the implications of each of the two weaknesses in terms of the type of errors or fraud that could result. LO 11-4, 5, 6 11A3. As indicated on the working paper on page 498, the auditors decided to apply audit sampling to three controls for the revenue and cash receipts cycle. LO 11-1, 5, 6 Required: Describe the characteristic that a control must possess in order to be tested with audit sampling. Assume that the auditors decided to use audit sampling to test the operating effectiveness of the procedures for matching sales invoices with delivery receipts. Determine the required sample size, using the following parameters. Risk of assessing control risk too low5 percent Tolerable deviation rate15 percent Expected deviation rate1 percent Prepare a working paper similar to the one on page 498 documenting the planned audit procedure described in part (b). Appendix 11B Illustrative Audit Case: Keystone Computers & Networks, Inc. Part III: Substantive TestsAccounts Receivable and Revenue This part of the audit case illustrates the manner in which the auditors design substantive tests of balances. The substantive tests are illustrated for two accountsreceivables and revenue. This aspect of the audit is illustrated with the following audit documentation: ABCs risk assessment working paper that combines the auditors assessments of inherent and control risks into an overall risk of material misstatement for the assertions. The substantive audit procedures for accounts receivable and revenue. The audit sampling plan for the confirmation of accounts receivable. Adams, Barnes & Co.s assessment of control risk is described in Part II of the audit case on pages 489500. To refresh your knowledge of the case, review that part as well as Part I on pages 240247 of Chapter 6. Page 502 Appendix 11B Problems 11B1. In Part III (Appendix 11B) of the audit case, the audit staff of Adams, Barnes & Co. identified specific revenue risks on working paper RA-12 (page 502). However, the Summary of Audit Approach section is incomplete (in process) for risks 2 and 3. Required: Review the audit plan (working paper B-6) on pages 503504 and identify the substantive audit procedures that were designed specifically to address these risks of material misstatement. 11B2. Assume that you have been assigned to the audit of Keystone after audit planning has occurred. Review the planning information on pages 240-247 and the audit plan for the accounts receivable and revenue (B-6 on pages 503504). The manager on the engagement has given you the task of reviewing the monthly revenue report on page 506 (B-11). LO 11-4, 6 Based on your review of the report, describe any unusual relationships that might indicate a risk of misstatement of revenues based on your knowledge of the company derived from a review of the information on page 502. Identify any procedures on the audit plan for receivables and revenue that might address the risk(s) identified in (a). Design two other procedures that would address the risk(s) identified in (a). 11B3. Keystone Computers & Networks, Inc. (KCN), has 933 accounts receivable, with a total book value of $10,235,457. From that population, Adams, Barnes & Co. (ABC), CPAs, selected a sample of 260 accounts (142 unique accounts) for confirmation for the year ended December 31, 20X5, as illustrated by the working paper on page 503. First and second confirmation requests resulted in replies for all but 10 of those accounts. ABC performed alternative procedures on those 10 accounts and noted no exceptions. Of the replies, five had exceptions as described below (with ABC follow-up): The balance of $120,000 is incorrect because we paid that amount in full on December 31, 20X5. Follow-up: An analysis of the cash receipts journal revealed that the check had been received in the mail on January 9, 20X6. Of the balance of $30,000, $330 is incorrect because on December 19 we returned a printer to Keystone when we found that we didnt need it. We ordered it in the middle of November when we had anticipated a need for it. When we received the printer, we realized it was unnecessary and returned it unopened. Follow-up: An analysis of the transaction revealed that it was received by Keystone on December 31, 20X5, and that the adjustment to the account had been processed on January 2, 20X6. The balance of $214,000 is correct, and we paid it on January 5, 19X6. Follow-up: An analysis of the cash receipts journal revealed that the check had been received on January 10, 20X6. Of the balance of $130,000, $10,000 is incorrect because it represents goods that we didnt receive until January 5, 20X6. Follow-up: Inspection of shipping records reveals that the item was shipped on January 3, 20X6. Of the accounts $18,000 balance, we paid $17,460 and the $540 (3 percent of the total) remains unpaid because the Keystone salesperson told us that she would be able to obtain a special discount beyond the normal. Follow-up: While inspection of the sales agreement indicated no such discount arrangement, discussions with Loren Steele (controller) and Sam Best (president) indicated that the salesperson had inappropriately granted such a discount to the client. On January 15 of 20X6, they processed the discount and credited the account for $540. Required: For each of the five exceptions, determine the accounts proper audited value. Use the probability-proportional-to-size method with your analysis from part (a) to evaluate your samples results. The risk of incorrect acceptance is 5 percent.