Understanding and assessing internal control
Case 4
You are the audit senior on the audit of Travel Unlimited Ltd, an Australian holiday experienc-es retailer. During 2018, the management of Travel Unlimited recognised that it needed to allow customers to make bookings online if it was to remain competitive. Travel Unlimited’s customers include the general public, as well as Australian and overseas travel agents selling packaged tours.
Given the need for an interface between the web-based booking system and the general ledger, Travel Unlimited upgraded its existing accounting software and acquired additional hardware to cope with the additional speed of processing and the increase in required storage space.
During the year ended 30 June 2019, Travel Unlimited upgraded its entire general ledger sys-tem to include an integrated purchasing module and an accounts payable module. The inte-grated purchasing module and the accounts payable module programs were installed on all company computers. As part of the audit planning, you have identified the following
relevant IT application controls (AC) and IT general controls (GC) from the integrated pur-chasing and accounts payable modules.
(a) The IT manager assigns each new staff member a user profile and an initial password, based on advice provided by the IT administrator. The initial password is generic. The first time the new employee logs onto a company desktop computer, they are automat-ically forced to change their password. Passwords must be changed every 30 days.
(b) There are clerks responsible for ordering and receiving (purchasing clerks) and clerks responsible for processing invoices and preparing remittance advices (processing clerks). Purchasing clerks only have access to the purchasing module, and processing clerks only have access to the accounts payable module. Each type of clerk has exclusive access to their module via a separate password-protected menu.
(c) The purchasing module automatically assigns each order a sequential purchase order number. The purchasing clerk only has to enter the supplier code, stock code and quantity ordered. The unit price is automatically generated and cannot be overridden by the purchasing clerk.
(d) Supplier information is contained in a supplier master file (SMF). Each supplier has a unique supplier code. If the purchasing clerk attempts to place an order with a supplier not in the SMF, the order cannot be processed.
(e) When goods are delivered, the purchasing clerk enters the order number and the date received. The quantity of goods received cannot be overridden by the purchasing clerk. A ‘Yes/No’ prompt confirms the receipt of the goods. The purchasing clerk is required to enter ‘No’ if the quantity received is incorrect. If ‘No’ is entered, the order cannot be processed for payment.
REQUIRED
For each of the IT controls described above, identify whether it is an IT application control (AC) or an IT general control (GC) and explain your answers.
Students succeed in their courses by connecting and communicating with an expert until they receive help on their questions
Consult our trusted tutors.