Lakeside Case 4 DQ 1

As you can see by the length of the suggested answer to this discussion question, the preliminary assessment of CR is not a trivial exercise in evidence gathering and exercise of professional judgement. It is also crucial as you develop your strategy! While this question could easily have been deferred until Module 3, it is included here to give you a feel for the reasons questions like these are asked by auditors and why the answers are so important to how you develop your audit approach … each question may corroborate what you know, or it may contradict what you know – the ramifications of each outcome is quite different for your subsequent audit work and therefore the need to adapt your audit plan.

ASA 315.12-24 identifies and describes the five components of internal control: the Control Environment, Risk Assessment Processes, Information and business processes relevant to financial reporting, Control Activities, and Monitoring. In addition each of these elements is discussed more fully in A50-AA121, and you are also referred to Appendices 1 & 2 for further discussion and lists of indicators to be aware of … once again, take the opportunity to apply the facts that illustrate relevant items in the standard.

Cline's questions appear to be designed to determine the degree of information that has been established to date about each of these elements. Question (3) asks about the information that the auditors could have looked at within the Lakeside Company in order to respond adequately to these queries. Auditors must be able to gather sufficient data in the early stages of an audit to assess the various risks involved in the examination.

In studying the control environment of a company, ASA 315 recommends that a number of factors should be assessed including those listed below. For several of these factors, the types of information that the Abernethy and Chapman auditors might use to make their evaluation is also discussed. A quick look at the discussion about the control environment component in the paragraphs mentioned above (summarised in 315, Appendix 1) will probably lead the auditors to the decision that Lakeside has not established the environment needed for adequate internal control – thus adding further corroboration to the oral evidence already obtained from Rogers and King and Co.

• Integrity and ethical values. The auditors should inquire as to policy statements and a code of ethics. They should also be aware of any actions by Lakeside's management to remove or reduce incentives and temptations that might prompt its employees to engage in dishonest, illegal, or unethical acts.
• Commitment to competence. Lakeside should have a training program to ensure that its employees have the knowledge and skills necessary to accomplish tasks. The auditors should inquire as to any such programs.
• Board of directors or audit committee participation. Abernethy and Chapman will need to determine the oversight role (if any) played by the board of directors. By looking at the minutes of the meetings, the auditors should be able to determine whether the board is actually serving in a control capacity. The case mentions that the board of directors had to approve of the hiring of new independent auditors. Thus, a separate audit committee probably does not exist. In addition, Rogers' assurance that the board would approve this request would seem to imply that the board does not provide significant control over the management of the company.
• Management's philosophy and operating style. By talking with Rogers and the other members of management, the auditors should be able to determine the actual priority placed on internal control by the company. Documentation of this should also be available for inspection. Rogers seems to understand that better systems are needed but has invested neither the time nor the money to develop such policies and procedures. This lack of support may indicate that the management is not serious about establishing adequate control within the company. Because of the company's growth, improvements in the future may be forthcoming, but at the present time the management appears (from what has been said) to have let the company outgrow its control policies and procedures.
• Organizational structure. If Lakeside has a chart presenting the various officials and their jobs, the auditors can assess whether control policies would be easy to circumvent. Although Exhibit 4-1shows the company divided into clearly distinct areas, the Assistant to the President does seem to be in a position to operate without proper control supervision. In addition, the President seems to hold a significant amount of power in this company, with very little control having been established.
• Assignment of authority and responsibility. This factor includes how authority and responsibility for operating activities are assigned and how reporting relationships and authorization hierarchies are established. Since Lakeside is not a huge organization, Rogers tends to intervene in many of the operating activities. However, as Lakeside continues to grow, this may become a major concern to the auditors.
• Human resource policies and practices. These policies and practices relate to hiring, orientation, training, evaluating, counselling, promoting, compensating, and remedial actions. The auditors should inquire and observe Lakeside's policies, including any standards for hiring the most qualified individuals, training, and performance appraisals.

Risk assessment is the second component of internal control. The auditors will determine and evaluate how Lakeside identifies, analyses, and manages risks relevant to the preparation of the financial statements. The auditors will want to pay particular attention to several changes occurring at Lakeside and how the management deals with these changes. These changes include the expansion of the company's stores, the concentration on the Cypress product line, intended expansion into computing equipment and the relatively new bonus system.

Next, the auditors will look at the actual control activities in place to see that specific control objectives are being met. This is about the design effectiveness of internal controls. Within this testing, the auditors should look at the following as goals of the company's internal control – is it designed to do the things you would expect of a retail/wholesale company operating in this industry based on your knowledge of this industry:

• Performance reviews. Independent checks on both performance and proper valuation of recorded amounts should be conducted. The auditors will want to verify that reconciliations and other comparisons are made at important junctures in the various systems.
• Information processing. The auditors will want to verify that Lakeside has both general controls and application controls. They will especially verify that proper authorization of transactions exist. The auditors can examine the documentation produced for a variety of transactions to ensure that each was authorized by the appropriate individual within the company. Further, the auditors will verify that Lakeside properly designs and uses adequate documents. By walking through the various systems, the auditors can determine if adequate documentation is required at each point and if those documents are preprinted and prenumbered to ensure that the proper information is gathered and retained.
• Physical controls. By physical observation of the warehouse, the stores, and other assets, the auditor can determine if Lakeside has adequate safeguards over its assets.
• Segregation of duties. By looking at the organization of a company, the auditors can determine if the necessary separation of responsibilities is in place to facilitate adequate control. For example, since Lakeside has a chart showing the various officials and their jobs, the auditors can assess whether a true system of checks and balances has been established. Although Exhibit 4-1 shows the company divided into clearly distinct areas, information in Exhibits 4-3 and 4-4 indicates, for example, that the Assistant to the President has a great many responsibilities, some of which raise the possibility of control problems.

Next, the auditors will have to examine any information that helps to ascertain the efficiency of the company's information and communication system. In the case presented, little data is provided to evaluate the information system except that Rogers & King & Co feel the systems are outdated for a company of this size. Therefore, the auditors should assess the design of the system and the people who operate the accounting system. For example, the auditors might want to select a number of transactions and trace them from the point of origination through the accounting system to see that the recording process is performed properly – this is an example of “walk-through” testing. This testing is designed to determine if the system is capable of performing the following tasks in an effective manner:

• Identify and record all valid transactions.
• Describe on a timely basis the transactions in sufficient detail to permit proper classification.
• Measure the value of transactions.
• Determine the time period in which transactions occurred.
• Present the transactions appropriately in the financial statements.

The final component of internal control is monitoring. Monitoring is the process that assesses the quality of internal control performance over time. Lakeside does not appear to have an extensive monitoring system, such as an internal audit function. Without an internal auditor, no independent party within the company serves to monitor and oversee the company's internal controls. The internal audit function can be extremely important in a company, especially where stores and sales representatives operate at a geographic distance from the home office. This is also an area to guard against too much dominance or influence being exerted by senior management … a fine balance for smaller entities as the ASA regularly points out.