QUESTION 1

1. How would the five components of the entitys internal control be affected by the
change to an IT-based accounting system?

IT provides potential benefits of effectiveness and efficiency for internal control because it
enables the entity to practically widen its capacity of internal control and strengthen up its
procedures within department and for the entire organization as a whole.

IT-based accounting system could consistently apply predefined rules of accounting system
and perform complex calculations in processing large volumes of transactions or data. The
system could be predefined by the entity itself based on their nature of business and their
easiness of running business which could lead to comfortable in dealing with the system and
maneuver it if there is any inconvenient cause in the future.

IT-based accounting system could also enhance the timeliness of captured information,
availability of data and information and also accuracy of data and information. It could lead
to perfect and accurate decision making by the management team if the data and information
are captured and kept securely for further study and historical references.

IT-based accounting system also could facilitate the additional analysis of information,
whereby these kind of information are always being misplace and taken for granted. We have
to take into account on any additional analysis of information because it might be useful
when a round table discussion find a dead end in conclude its decision.

1 | Page

IT-based accounting also could enhance the ability to monitor the performance of the entitys
activities and its policies and procedures. This could be understood whereby in any
accounting policies and procedures, there must be some documents need to be accounted for
and be kept safe for future reference from the board of directors, accountant, auditors and
also legal entity such as the Inland Revenue Board. By enhancing the monitoring activities on
the policies and procedures, all the said things could be safely apprehended.

IT-based accounting also could reduce the risk that controls will be circumvented. In any
organization, risk management is crucial because it could result to the entitys performance.
By having the IT-based accounting system, any risk on misconduct or fraudulent activities
among the personnel could be prevented earlier or else, corrective action needs to be taken if
the activities had been overlooked.

IT-based accounting also could enhance the ability to achieve effective segregation of duties
by implementing security controls in applications, databases and operating systems. This is
important because duties and responsibilities within the organization need to be segregated
accordingly and it should be controlled effectively so that the outcome could be in command
together with the companys objectives.

The clients Accounting Information System must not be confused with Information
Technology. Although these days IT has helped us develop much better information systems
but information system is simply a system through which entity records, processes and
communicates information regarding entitys financial position, performance, just to name a
few, and this system can be in manual form and even today around the world manual
information system is maintained alongside IT based information system. Information system
2 | Page

helps entity to capture business transactions and classify, measure, records and report on
timely basis and in this process IT can help us in different ways.

2. For the development and operation of the sales system, identify the type of general
controls and the application control that are required.

For the development and operation of the sales system, it is important for the client and its
staffs to understand the relationship and difference between application control and general
controls. Otherwise, an application control review may not be scoped appropriately, thereby
impacting the quality of the system as a whole.

General controls apply to all systems components, processes and data present in an
organization or the system environment which in this case, the sales system environment. The
objectives of theses controls are to ensure the appropriate development and implementation
of applications, as well as the integrity of the sales program and sales data files. The common
general control in the sales system would be:

Logical access controls over infrastructure, applications and data.

System development life cycle controls.
Program change management controls.
Physical security controls over the data center.
System and data backup and recovery controls.
Computer operation controls.

3 | Page

Because application controls of the sales system relate to the transactions and data pertaining
to each computer-based application system, they are specific to each individual application.
The objectives of application controls are to ensure the completeness and accuracy of sales
records, as well as validity of the entries made to each sales record, as the result of sales
program processing.

3. Under what circumstances would the auditors consider hiring an IT specialist to

assist in the audit? If the firm hires an IT specialist, what information should the
auditors ask the specialist to provide?

The auditor's education and experience enable him or her to be knowledgeable about business
matters in general, but the auditor is not expected to have the expertise of a person trained for
or qualified to engage in the practice of another profession or occupation which in this
situation, the IT-based accounting system.

During the audit, however, an auditor may encounter complex or subjective matters
potentially to obtain relevant information from the IT accounting system. Such matters may
require special skill or knowledge and in the auditor's judgment require using the work of a
specialist to obtain appropriate evidential matter. The auditors should ask the specialist to
provide relevant information regarding on:

How the accounting system works.

What are the policies and procedures pertaining the accounting system.
How to retrieve important information and data from the system.
4 | Page

 If there is any difficulties occur during audit process, how the auditor could manage to
maneuver the situation perfectly.

This kind of information is important for the auditor to obtain from the specialist because in
the future, the auditor might face the same situation with different clients, so that the auditor
could be more cautious and prepared for dealing with the same application of IT-based
accounting system. The auditor should obtain an understanding of the nature of the work
performed or to be performed by the specialist. This understanding should cover the
following:

The objectives and scope of the specialist's work.

The specialist's relationship to the client.
The methods or assumptions used.
A comparison of the methods or assumptions used with those used in the preceding
period.
The appropriateness of using the specialist's work for the intended purpose.
The form and content of the specialist's findings that will enable the auditor to make
the evaluation.

The auditor should evaluate the relationship of the specialist to the client, including
circumstances that might impair the specialist's objectivity. Such circumstances include
situations in which the client has the ability through employment, ownership, contractual
right, family relationship, or otherwise to directly or indirectly control or significantly
influence the specialist.

5 | Page

When a specialist does not have a relationship with the client, the specialist's work usually
will provide the auditor with greater assurance of reliability. However, the work of a
specialist who has a relationship with the client may be acceptable under certain
circumstances. If the specialist has a relationship with the client, the auditor should assess the
risk that the specialist's objectivity might be impaired. If the auditor believes the relationship
might impair the specialist's objectivity, the auditor should perform additional procedures
with respect to some or all of the specialist's assumptions, methods, or findings to determine
that the findings are not unreasonable or should engage another specialist for that purpose.

QUESTION 2
You are required to develop a strategy and state your audit methodology in ensuring that
there are no material fraud in the operational transactions of buying and sell of used cars.

An effective strategy in ensuring there are no fraudulent activities in the operational

transactions for Maju Sdn Bhd needs to be approached with the effective fraud risk
management which could provide MSB with tools to help manage the risk in a manner
consistent with regulatory requirements as well as the MSBs business needs and marketplace
expectations. The strategy should contain four elements which are:

1. Assessment of Risks Assessing the needs of the organization based on its nature of
fraud and misconduct that risk controls are intended to mitigate and the adequacy of
existing controls of Maju Sdn Bhd.

6 | Page

2. Design Developing controls to prevent detect and respond to identified risks in a

manner consistent with legal and regulatory criteria and other leading practices in
Maju Sdn Bhd.
3. Implementation Deploying a process in Maju Sdn Bhd for implementing the new
controls and assigning responsibility to individuals with the requisite level of
authority, objectivity, and resources to support the process.
4. Evaluation Evaluating the design and operating effectiveness of controls through
control self-assessment, substantive testing, routine monitoring and separate
evaluations.

Besides that, the audit methodologies are also crucial for Maju Sdn Bhd in order to prevent
the fraudulent activities in buying and selling used cars to occur.

a. Set clear standards - One of the best ways to help safeguard Maju Sdn Bhd business
is to set clear standards from the beginning. This includes an appropriate example and
ethical tone, starting from the top down. An employee manual can be helpful in
establishing the principles and values to guide MSD as an organization. In a small
organization like MSB, an employee manual levels the playing field and keeps the
rules from becoming arbitrary. The rules apply to everyone. If someone is dismissed
and you find yourself in court, the manual can be a reference that explains what
actions warrant dismissal.

b. Check employee references - When hiring new employees, check references and
perform background checks that include employment, credit, licensing and criminal
history. The cost is far outweighed by the benefit for Maju Sdn Bhd. For example, a
7 | Page

Maju Sdn Bhd should be wary of hiring a bookkeeper with bad credit because the
weight of crippling financial obligations could turn an otherwise honest person into a
thief.

c. Secure the organization - Some deterrents are simple to initiate, but often go ignored.
Secure organizations, for example, closely guard and monitor Maju Sdn Bhd checks.
Using renumbered checks enables MSB to audit for missing checks. Also, checks
clearing out of sequence can be spotted more easily. All checks should be kept under
lock and key, and keys should not be distributed. Other precautions include having a
voided check procedure and never signing blank checks. All disbursements should
be reviewed on a regular basis. Scan for, then scrutinize, checks made out to suppliers
you dont recognize, checks made out to an amount for cash, and missing check
numbers or checks appearing out of sequence.

d. Safeguard payroll - Payroll is another area subject to abuse. Small-business owners

and managers like Maju Sdn Bhd should take the extra time to review every payroll
check personally. Although time consuming, this procedure provides a monitor to
assure employees are being paid appropriately. This can be especially important when
a business has temporary and part-time staff. Although not always possible in a small
business, certain duties should be maintained separately. For instance, the person who
cuts or has custody of the checks of Maju Sdn Bhd should never be the person who
has authority to sign. The person opening the mail should not record the receivables
and reconcile the accounts. Even a small business can take some steps to separate
important functions.

8 | Page

e. Control who reviews sensitive documents Maju Sdn Bhd should control who first
receives the bank statements and other sensitive documents. It is not farfetched for a
small-business owner to have a separate post office box for the purpose of receiving
bank statements, customer receipts or any other sensitive documents. This helps
eliminate the possibility that someone intercepts the mail first for the purpose of
stealing or covering up an earlier theft.

f. Consider independent review - All account reconciliations and general ledger

balances should have an independent review by a person removed from the day-today transactions, because theft often occurs when bookkeeping is sloppy and
unsupervised. People outside the direct bookkeeping function within Maju Sdn Bhd
should be familiar with the companys bookkeeping and record system. This permits
spot checks and reviews, better ensuring nothing is amiss and providing a deterrent
for fraudulent activities.

9 | Page