Course Schedule

Course Modules

Review and Practice

Exam Preparation

Resources

Module 9: Human resources management, treasury, and strategic planning

Overview
Module 9 continues the application of internal auditing concepts and methodologies. It addresses three other major functions typical of many organizations: human resources management, treasury, and strategic planning. For each function, the topics cover the role, main activities, risks, and the method for designing and performing an internal audit. In the treasury function, you consider the role of the internal auditor in the financial reporting process, specifically in relation to the review of quarterly and other information before it is distributed to shareholders and others. Audit programs designed for Nut Case, Inc., illustrate the risk-based internal audit approach to human resources planning, treasury, and strategic planning. You practise using technological tools in the workplace by working through a sample ACL analysis provided for a specific area under the human resources audit. As in Module 8, you should focus on the potential contribution of each of the illustrative functions to the organizations achievement of its strategic, operational, and financial goals. Concentrate on how the internal auditor, through the application of the evaluative methodology, assesses management systems and practices in order to identify opportunities to improve the potential for organizational achievement and highlight management process strengths to be maintained and built on.

Test your knowledge

Begin your work on this module with a set of test-your-knowledge questions designed to help you gauge the depth of study required.

Learning objectives
9.1 Human resources management Explain the role, main activities, and risks of human resources management in an organization. (Level2) Human resources planning audit Case study Develop an audit program for a risk-based internal audit of human resources planning. (Level1) Human resources planning audit Data analysis Use ACL to analyze payroll data. (Level 2) Treasury Explain the role, main activities, and risks of the financial and treasury functions in an organization. (Level2) Treasury audit Case study Develop an audit program for a risk-based internal audit of the treasury function. (Level1) Auditing the financial reporting process Explain the role of the internal auditor in the financial reporting process and regulatory reporting requirements in light of the Sarbanes-Oxley Act of 2002 and International Financial Reporting Standards. (Level 1) Strategic planning Explain the role, main activities, and risks of strategic planning in an organization. (Level2) Strategic planning audit Case study Develop an audit program for a risk-based internal audit of strategic planning. (Level1) Module summary Print this module

9.2

9.3

9.4

9.5

9.6

9.7

9.8

Course Schedule

Course Modules

Review and Practice

Exam Preparation

Resources

MU1 Module 9: Test your knowledge

1. Which one of the following situations represents an internal control weakness in the payroll department? a. b. c. d. Payroll department personnel are rotated in their duties. Pay cheques are distributed by the employees immediate supervisor. Payroll records are reconciled with quarterly tax reports. The timekeeping function is independent of the payroll department.

2. Employees using personal computers have been reporting occupational injuries and claiming substantial workers compensation benefits. Which of the following should be included in the working papers of an operational audit to determine the extent of company exposure to such personal injury liability? a. Analysis of claims by type of equipment and extent of use by individual employees b. Confirmation from insurance carriers about claims paid under workers compensation policies in force c. Reviews of documentation supporting purchases of personal computers d. Listing of all personal computers in use and the employees who use them 3. An internal auditor would be concerned about the possibility of fraud in which of the following situations? a. Cash receipts, net of the amounts used to pay petty cash-type expenditures, are deposited in the bank daily. b. The monthly bank statement reconciliation is performed by the same employee who maintains the perpetual inventory records. c. The accounts receivable subsidiary ledger and accounts payable subsidiary ledger are maintained by the same person. d. One person, acting alone, has sole access to the petty cash fund (except for a provision for occasional surprise counts by a supervisor or auditor). 4. Which of the following controls could be used to detect bank deposits that are recorded but never made? a. Establishing accountability for receipts at the earliest possible time b. Listing receipts to other internal accountabilities (that is, collections to either accounts receivable or sales) c. Consolidating cash receiving points d. Having bank reconciliations performed by a third party 5. An internal auditor has just completed an on-site survey to become familiar with the companys payroll operations. Which of the following should be performed next? a. b. c. d. Solutions Assign audit personnel. Establish initial audit objectives. Write the audit program. Conduct field work.

Course Schedule

Course Modules

Review and Practice

Exam Preparation

Resources

MU1 Module 2: Test your knowledge solutions

1. a. Incorrect. Periodic rotation of payroll personnel inhibits the perpetration and concealment of fraud. b. Correct. An unscrupulous person could terminate an employee, fail to report the termination, then clock in and out for the employee, keeping the pay cheque. c. Incorrect. This analytical procedure may detect a discrepancy. d. Incorrect. Timekeeping should be independent of asset custody and employee records. 2. a. Correct. Claims analysis is appropriately included because it permits determination of the importance of the two key factors (equipment in use and time spent by employees at such equipment) leading to claims. b. Incorrect. Confirmations of workers compensation claims fail to identify exposure to risk; they only support claims paid by the carrier under the workers compensation policies. c. Incorrect. Documentation supporting purchases of personal computers cannot be expected to address risk assessments. d. Incorrect. Listings of all personal computers in use and the employees using them fairly indicate the risks associated with the extent of usage and the type of equipment. a. Correct. Paying petty cash expenditures from cash receipts facilitates the unauthorized removal of cash before deposit. All cash receipts should be deposited intact daily. Petty cash expenditures should be handled through an imprest fund. b. Incorrect. The monthly bank reconciliation should not be performed by a person who makes deposits or writes cheques, but the inventory clerk has no such responsibilities. c. Incorrect. There is no direct relationship between the transactions posted to the accounts receivable and accounts payable ledgers; having the same person maintain both does not create a control weakness. d. Incorrect. To establish accountability for petty cash, only one person should have access to the fund. a. Incorrect. Control is implemented before deposits are prepared and recorded in the companys books. b. Incorrect. Control is implemented before deposits are prepared and recorded in the companys books. c. Incorrect. Control is implemented before deposits are prepared and recorded in the companys books. d. Correct. Having an independent third party prepare the bank reconciliations would reveal any discrepancy between recorded deposits and the bank statements. a. Incorrect. Audit personnel are usually assigned before the on-site survey. b. Incorrect. Initial audit objectives are established at the beginning of the planning process. c. Correct. The audit program is normally prepared after the on-site survey. The onsite survey allows the auditor to become familiar with the auditee, and therefore provides input to the audit program. d. Incorrect. Field work can be performed only after the audit program has been written.

3.

4.

5.

Course Schedule

Course Modules

Review and Practice

Exam Preparation

Resources

9.1Human resources management

Learning objective

Explain the role, main activities, and risks of human resources management in an organization. (Level2)
Required reading

Reading 9-1, Human resources activities and risks (Level 2) Reading 9-2, Who Works for You? (Level 2)
LEVEL 2

Role of human resources management

Human resources management (HRM) deals with the management of people on the job. Skilled, motivated, healthy people are the most important resource of any organization. The commitment to provide remuneration through salaries, benefits, and various incentives, as well as an appropriate work environment for staff, normally requires a substantial, ongoing financial investment by the organization. This large-scale financial investment applies to manufacturers, retailers, and service organizations alike, and equally to for-profit or not-for-profit organizations. Because HRM, like information technology covered in Module 7, affects almost every operation, activity, and task in an organization, the proper management of this resource is vital to the effective fulfillment of the organizations vision and objectives. HRMs role is to acquire, train, deploy, motivate, and reward employees so that each employee contributes as much as possible toward the achievement of the organizations strategic, operational, and financial goals. Human resources activities include planning, training, administering benefits and compensation, recruiting, and labour relations.

Activities and risks

While some variation is to be expected from organization to organization, HRM is usually responsible for the following types of management activities: Planning Organization design Resourcing Monitoring Reading 9-1 describes these activities and the accompanying risks. Reading 9-2 emphasizes the critical importance of HRM to the bottom line of business. The article describes several examples of the importance of effective workplace risk management.

Course Schedule

Course Modules

Review and Practice

Exam Preparation

Resources

9.2Human resources planning audit Case study

Learning objective

Develop an audit program for a risk-based internal audit of human resources planning. (Level1)
Required reading

Reading 9-3, Nut Case, Inc. human resources planning audit program (Level 1)
LEVEL 1

In this topic, you apply the concepts and analytical methodologies used to design an internal audit program for human resources management activities. Because the breadth of HRM activities makes it unlikely that all aspects of human resources management would be considered in a single internal audit engagement, this illustration focuses on the internal audit of human resources planning (HRP). A general approach for conducting a human resources audit usually begins with senior management (executives) asking questions of line management, such as Why do we have such a high staff turnover? rather than procedural questions. To help identify problem areas and determine where audit recommendations may have the most effect, survey questions can be designed around a list of overall audit objectives. The following table shows both the senior management and auditor perspective of the same issues.
Senior managements concerns Why does it take 20 weeks to staff a vacant position? Internal auditors objectives Does the organization know how many people it needs and what skills the organization requires? (HRP) Survey questions Does the organization know how many employees it needs and what skills are required?

Why do we have such a high staff turnover?

Are there adequate strategies in Do the employees have the necessary skills? place to ensure it has people with How do compensation packages compare with appropriate skills? those of other companies who might offer Are compensation packages employment to the organizations employees? competitive? Does the organization provide an Is the environment one that environment that motivates employees to motivates employees? achieve the targets? Are staff deployed efficiently? (HRP) Have appropriate performance targets been established and communicated to employees? Are staff employed efficiently? Do employees know what appropriate performance targets are expected of them?

Are we hiring the right staff? Do we know whether the performance appraisal we introduced is producing the desired results?

After interviewing senior executives, the auditor would then interview senior personnel specialists to determine what they consider to be problem areas and how they are addressing them. A sample of line managers would be interviewed next, especially those who have undergone a major change or are expecting changes in organizational structure and staffing. The audit should concentrate on areas where audit recommendations can make a difference to future practices. It is important to determine the impact of any problems found and to keep management aware of findings throughout the audit. This continual dialogue makes it more likely that audit findings and recommendations will be accepted by management. The audit needs to continue until there is sufficient evidence to support the audit findings and to assure management that the human resources systems in place are effective and operating as intended.

The human resources audit methodology will parallel the material in the module notes.

Nut Case, Inc., audit of human resources planning

The audit program in Reading 9-3 is part of the Nut Case, Inc., internal audit and focuses on controls to ensure adequate human resources are available to the organization.

Course Schedule

Course Modules

Review and Practice

Exam Preparation

Resources

9.3Human resources planning audit Data analysis

Learning objective

Use ACL to analyze payroll data. (Level2)

Required reading

Online reading 9.3-1 Computer illustration 9-1: Audit of human resources costs (Level 2)
LEVEL 2

In this topic, you will use ACL to analyze data compiled from an audit program from an audit of the management of overtime. Go to Online reading 9.3-1 and perform the ACL analysis of overtime costs in Computer illustration 9-1.

Course Schedule

Course Modules

Review and Practice

Exam Preparation

Resources

9.4Treasury
Learning objective

Explain the role, main activities, and risks of the financial and treasury functions in an organization. (Level2)
Required reading

Reading 9-4, Internal Audit Report: Internal Controls over Cash Management Corporate Treasury Review (Level 2)
LEVEL 2

Role of financial managers

Traditionally, financial managers have been expected to ensure that effective internal control systems are in place and that all transactions are properly accounted for and reported. They are also responsible for making sure that there are systems and practices for all levels of decision-makers. All financial managers, from responsibility centre managers to members of the board of directors, need financial information that is timely, accurate, and complete. Most importantly, they should advise operational managers on all matters with financial implications, such as the purchase of new equipment, plant expansion, and negotiations of collective agreements with employees.

Organization of the financial function

In most large organizations, the financial function is headed by the chief financial officer (CFO) (or the vicepresident of finance), who is usually assisted by a treasurer and a controller. Although the allocation of responsibilities may vary from company to company, following are the usual responsibilities assigned to each of these three positions.
Chief financial officer

The CFO provides overall direction for the management of the financial affairs of the organization. Main duties include formulating financial policies and duties related to the direction of the organization, such as raising capital, overseeing financial management, and acquiring other companies.
Treasurer

The treasurers main responsibilities are managing the cash and financing activities; these include banking arrangements, management of short-term and long-term investments, and management of foreign exchange risks.
Controller

The controller is responsible for the design and control of internal control systems, establishing and monitoring accounting policies and procedures, and providing financial and management information to senior and operational managers.

Activities and risks of the treasury function

Treasurys most vital role is to manage cash inflows and outflows to ensure that current obligations will be paid on time and that any excess cash will be invested to earn income. An effective treasury function is essential to corporate risk management. Achieving strategic goals often depends on timely provision of financial resources.

Other treasury activities and risks:

Ensuring that cash flow planning is consistent with and supports corporate plans developed by line management. The CFO usually coordinates all corporate plans. There is a risk of inadequate financial resources to achieve plans. Managing the consolidation and reporting of funds from decentralized and geographically dispersed regions. Treasury must ensure maximum use of available funds and minimum fees associated with decentralized cash operations. There is a risk of loss of income from underreporting balances, or of excess fees from inefficient banking operations. Managing foreign exchange risk through hedging of significant amounts of foreign currency transactions . Risks include high foreign exchange losses. Ensuring that cash budgets are coordinated with operating budgets. Treasury must ensure that sufficient resources will be available to complete managements operating budgets and plans. The finance function can assist with budget preparation and help analyze data. Cash must be available when needed to finance operations and to avoid the risk of not being able to pay debts when due. Managing the capital budgets. Operating managers determine the physical facilities and equipment necessary to achieve their goals. Treasury normally develops long-term cash budgets to finance the needed capital expenditure. There is a risk of inadequate financial resources to achieve plans. Analyzing capital and operating budgets together to ensure financial resources are available to meet all needs in the short and long term. The treasurer then determines any financing needs and the alternative sources of financing, including borrowing, capital stock, or bond issues. There are several risks here: inadequate resources to finance expansion; excessive borrowing, which impacts cost of capital, financial leverage and cash flow; and overly risky investments, which compromise assets and liquidity.
Additional risk considerations for treasury: Globalization of financial markets and the electronic efficiency of exchanging information and movement of resources between investors and financiers Decentralization of financial decision making, allowing operational managers to make financial strategy decisions locally Risks associated with electronic funds transfer (EFTs): The legal burden of proof for errors is usually on the customer rather than the bank. Action regarding errors must be taken quickly. The emergence of new financial instruments to meet investor needs and attract new capital to the corporation: Treasury must be aware of the advantages and risks of these innovative new instruments, such as forward contracts and future contracts. Stronger and more vocal advocates for individual and institutional investors, which have resulted in greater management accountability, creating new risks related to accountability for management actions Reading 9-4 is a detailed example of a cash management internal audit report.

Course Schedule

Course Modules

Review and Practice

Exam Preparation

Resources

9.5Treasury audit Case study

Learning objective

Develop an audit program for a risk-based internal audit of the treasury function. (Level1)
Required reading

Reading 9-5, Nut Case, Inc. cash management audit program (Level 1)
LEVEL 1

Cash management is one of the most important assets in many organizations. Because it is always critical to the success of any business enterprise and is the most liquid and portable of assets, cash must be tightly controlled. Good cash management minimizes financial risk, provides for profit opportunities, and creates confidence among creditors and shareholders. Many multinational companies with exposure to international business take cash positions in fluctuating currency markets on a daily basis. You must already be familiar with the cash management cycle and its key controls from your prerequisite financial accounting and auditing courses.

Nut Case, Inc., audit of cash management

The audit program in Reading 9-5 describes the audit approach for Nut Case, Inc.s internal audit of cash management.

To extend your knowledge, here is a sample checklist of internal controls for treasury (not examinable).

Course Schedule

Course Modules

Review and Practice

Exam Preparation

Resources

9.6Auditing the financial reporting process

Learning objective

Explain the role of the internal auditor in the financial reporting process and regulatory reporting requirements in light of the Sarbanes-Oxley Act of 2002 and International Financial Reporting Standards. (Level 1)
No required reading LEVEL 1

With the implementation of the Sarbanes-Oxley Act of 2002 in the United States and similar laws and regulations by legislators and securities administrators elsewhere, chief executive officers and chief financial officers are often required to certify the accuracy of information supplied to regulatory agencies and the public. This topic explains the role of the internal audit function with respect to such information and certifications. Prior to the introduction of the revised Standards in 2000, one of the elements of the scope of internal auditing was to assess the controls over the reliability and integrity of financial information created within the organization. This included both financial information filed with regulatory agencies (including the annual financial statements) and information used by management in decision-making. In the current Standards , Standard 2120.A1 states that the internal audit activity must evaluate risk exposures relating to the organizations governance, operations, and information systems regarding the achievement of the organizations strategic objectives; reliability and integrity of financial and operational information... Standard 2130.A1 states further that the internal audit activity must evaluate the adequacy and effectiveness of controls in responding to risks within the organizations governance, operations, and information systems regarding the achievement of the organizations strategic objectives; reliability and integrity of financial and operational information...

Role of the internal audit function in regulatory reporting

The internal audit function can often play a role with respect to quarterly financial reporting, disclosures, and management certifications in light of the Sarbanes-Oxley Act of 2002 and subsequent U.S. Securities and Exchange Commission (SEC) requirements. These requirements have given internal auditors an opportunity to provide value-added services to senior management and the governing boards of their organizations. Organizations should adopt formal policies to govern the processes involved in the preparation of quarterly financial reports, disclosures, and management certifications. These processes mitigate the risks faced by the organization with respect to such information and should be part of the organizations enterprise risk management processes. As such, they should be subject to assessment by the internal audit function as to their appropriateness and effectiveness. The internal auditors role in these processes should be clearly set out. While the chief audit executive should be an ex-officio member of the disclosure committee set up to review information before it is filed with regulatory authorities, it is important that such participation not compromise the independence and objectivity of the internal audit function. The SEC requires that the management of listed companies report at least annually on the state of controls within their organizations. It also requires the external auditor of listed companies to attest to such representations, including the effectiveness of internal control over financial reporting. Management may either conduct its own assessment of controls or may rely on assessments conducted by the internal audit function of the organization. If management conducts its own assessment of controls, the internal audit function should evaluate managements assessment and supporting documentation. Another financial reporting challenge is the worldwide move from national generally accepted accounting principles to International Financial Reporting Standards (IFRS). There is an opportunity for internal audit to assist the board and the finance team with this reporting challenge as IFRS are continually updated.

Course Schedule

Course Modules

Review and Practice

Exam Preparation

Resources

9.7Strategic planning
Learning objective

Explain the role, main activities, and risks of strategic planning in an organization. (Level2)
Required reading

Reading 9-6, Introduction to Strategic Planning (Level 2) Reading 9-7, Has planning become too complicated? (Level 2)
LEVEL 2

Role of corporate planning

Corporate planning is the process of predicting conditions the organization may face, determining objectives and alternative ways of meeting them, and choosing a course of action. Corporate planning should help management to do the following: Make better decisions about how to meet present and future opportunities and challenges. Maintain and improve the organizations efficiency and effectiveness. Monitor operations and determine which managers are responsible for specific operations and results. Evaluate actual corporate performance against strategic goals. The fundamental purpose of corporate planning is to initiate and support the organizations directions, decisions, and actions. Most organizations have long-term, medium-term, and short-term plans. Long-term plans emphasize setting directions for the organization, while short-term plans aim to maintain and improve operating efficiency and effectiveness. Long-term (strategic) planning determines the basic objectives of the organization and the policies and strategies that will govern the acquisition and use of resources to achieve them. Strategic plans deal with highlevel, conceptual long-term objectives and strategies. Medium-term planning allocates resources to attain more specific objectives according to approved policies and strategies. It results in the development of highly detailed operational plans for each year of the planning period. Short-term planning sets operational targets and goals for day-to-day activities and plays an important part in management control of operations. Because of the range of planning activities, this module covers only long-term (strategic) planning.

Main activities of strategic planning

Strategic planning results in formal strategic plans that guide the affairs of the organization over the medium to long term (three to five years). It should be realistic, achievable, and communicated clearly to the organizations staff. In preparing a strategic plan, the organization should analyze the environment in which it is operating and the changes it expects to occur. For example, the organization should consider issues such as economic and political conditions, anticipated customer demand for products and services, technological change in the industry, the nature of competition, and changes occurring in the marketplace. The organization should then define corporate objectives and priorities based on an assessment of its strengths, weaknesses, and its performance capabilities, and identify and evaluate alternative approaches to meeting these goals.

Risks of strategic planning

Strategic planning should be linked with operational and financial planning, as well as to the performance plans of individual staff, with the aim of achieving goal congruence. If the goals of managers and staff are not aligned toward a common or shared purpose, chaos will result, and confusion and conflict among managers will prevail over cooperation and collaboration. To ensure that there is no controversy and the organization can achieve at the highest possible level, strategic plans must be in place to guide the development of operational plans. In turn, operational plans should set the stage for short-term decisions on resource allocation, budget preparation, plans for the use of human resources, and specific projects. Reading 9-6 provides an overview of strategic planning, particularly as it applies to small businesses. Reading 9-7 discusses various planning tools and methods currently in use. The author suggests that many of these methods, although technically valid, are too complicated and difficult to be practical, and leave most employees out of the process. The questions raised in this article are useful for an internal audit of corporate planning.

Course Schedule

Course Modules

Review and Practice

Exam Preparation

Resources

9.8Strategic planning audit Case study

Learning objective

Develop an audit program for a risk-based internal audit of strategic planning. (Level1)
Required reading

Reading 9-8, Nut Case, Inc., strategic planning audit program (Level 1)
LEVEL 1

Role of the internal auditor in strategic planning

Auditing an organizations planning activities is difficult. Much professional judgment is needed to identify the cause-and-effect relationships between planning decisions and subsequent results. The auditor must use considerable judgment in assessing what the organization could reasonably have been expected to do under the circumstances, especially if management had to respond promptly to unforeseen conditions.

Nut Case, Inc., audit of strategic planning

Reading 9-8 illustrates the strategic planning audit program for Nut Case, Inc.

Course Schedule

Course Modules

Review and Practice

Exam Preparation

Resources

Module 9 summary
Human resources management, treasury, and strategic planning
This module provides further examples of how the approach to internal auditing described in the first half of the course may be applied to three more functional areas: human resources, treasury, and strategic planning. The structure of this module is similar to that of Module 8. The role, main activities, and risks of each area are described, followed by a sample audit program for each function. In addition, an ACL illustration from the human resource audit program is outlined. Although the example is from the human resources area, you will be expected to analyze data from any functional area.

Explain the role, main activities, and risks of human resources management in an organization.
The role of human resources within the organization is to provide support and guidance to management in these activities: Acquire, train, deploy, motivate, and reward employees so that each employee contributes towards the achievement of the organization's goals Human resources main activities are as follows: Planning Organization design Resourcing Staff training and development Compensation management Labour relations Monitoring Issues facing human resources, which are potential risks for the organization, include the following: The speed of change in international competition, information exchange, and HRM knowledge The need for HR to provide consultative services to the organization New legal and ethical issues in areas touching human resources Pressure to develop information systems that go beyond record-keeping The need to attract, retain, and motivate good staff through innovative recruiting, training, and management approaches

Develop an audit program for a risk-based internal audit of human resources planning.
A complete audit program is outlined for Nut Cases human resources function. This follows the same format as outlined in Module 5: Audit objectives Audit criteria Audit procedures Planning Examination Reporting and monitoring

Use ACL to analyze payroll data.

Computer illustration 9-1 is drawn from Nut Cases audit program for human resources and analyzes overtime payments that exceed the maximum 15% of an employees regular hours. This illustration provides detailed instructions on how to do the analysis. Working through it will assist you in mastering ACL.

Explain the role, main activities, and risks of the financial and treasury functions in an organization.
The financial function within the organization includes financial management, treasury and controllership. The role undertakes the following activities: Provides financial information that is timely, accurate, and complete Formulates financial policies, procedures, and duties related to the direction of the organization Manages the cash and financing activities of the organization Advises operational managers on all matters with financial implications Ensures that effective internal control systems are in place and that all transactions are properly accounted for and reported Treasurys main activities are as follows: Cash management Long-term financing activities Assistance with corporate planning and resourcing Assistance with budget preparation and control Planning and control of capital expenditures Issues facing the treasury function, which are potential risks for the organization, include the following: Globalization of financial markets Continuously emerging technologies Decentralization of financial decision-making Decentralization of operations and the resulting geographical dispersion of company funds Increased risk due to the pervasiveness of electronic fund transfers Ever-growing complexity of financial instruments Vocal institutional and individual investor advocates demanding greater management accountability

Develop an audit program for a risk-based internal audit of the treasury function.
A complete audit program is outlined for Nut Cases cash management function. This follows the same format as outlined in Module 5: Audit objectives Audit criteria Audit procedures Planning Examination Reporting and monitoring

Explain the role of the internal auditor in the financial reporting process and regulatory reporting requirements in light of the Sarbanes-Oxley Act of 2002 and International Financial Reporting Standards.
The role of the internal audit function is to perform procedures to provide a level of assurance to senior management and the board. These procedures ensure that controls surrounding the processes supporting the development of financial reports are effective. The processes used to produce quarterly financial reports, disclosures, and certifications should be included in annual internal audit plans according to their assessed risk.

Internal auditors should ensure that their involvement in such processes is clearly defined and does not compromise the independence and objectivity of the internal audit function.

Explain the role, main activities, and risks of strategic planning in an organization.
The role of strategic (corporate) planning within the organization is to do the following: Predict conditions that the organization may have to face. Determine objectives and alternative ways of meeting them. Choose a course of action. Initiate and support the organization's directions, decisions, and actions. Strategic (corporate planning) happens at three levels: Long-term (strategic) planning: develop high-level, conceptual, long-term objectives and strategies. Medium-term planning: develop highly detailed operational plans for each year of the planning period. Short-term planning: develop operational targets and goals for day-to-day activities. Strategic plannings main activities are as follows: Analyze the environment and the expected changes. Define corporate objectives and priorities based on the organization's strengths, weaknesses, and performance capabilities. Identify and evaluate alternative approaches to meeting these goals. The risk of not achieving goal congruence among all the members of the organization is highlighted as a main risk for this area.

Develop an audit program for a risk-based internal audit of strategic planning.

A complete audit program is outlined for Nut Cases strategic planning initiative. This follows the same format as outlined in Module 5: Audit objectives Audit criteria Audit procedures Planning Examination Reporting and monitoring

Course Schedule

Course Modules

Review and Practice

Exam Preparation

Resources

Module 9: Self-test
1. Computer question The use of a stratified sampling technique can help the internal auditor focus on potentially questionable disbursements. ACL is used to scan the entire population of transactions both to extract items using simple logical programmed conditions and to select and highlight questionable transactions. The technique is effective and efficient in large organizations with numerous suppliers, departments, and cost centres. The audit objective is to test the effectiveness of the companys control over the disbursement function, by focusing the auditors attention on the most questionable purchases. For example, a dishonest department manager may create, approve, and subsequently forward fictitious invoices to the accounts payable department for payment. It may also be difficult for the accounts payable department to verify the legitimacy of certain service invoices. To help detect possible fictitious invoices, the auditor can develop a stratified sample of disbursement transactions. The auditor first makes the assumption that a vendor who deals with more than one department is likely to be legitimate. The strata can then be compiled by selecting only those disbursement transactions for a vendor number that are charged to only one department code and cost centre.
Material provided

The project DISB.ACL is linked to the dBASE table disb . The fields in this table are listed below:
RECORD_DELETED DATE VEND AMT DEPT_NO deleted record flag date of payment vendor number amount of payment department number

Required Part 1

a. Sort the table of disbursement transactions for the year by vendor and department code. Then summarize to obtain a total of the field amount and count for each department for each vendor. You can sort by vendor and department code at the same time. b. Further summarize the result by vendor to produce the number of departments for each vendor. Detail records must be examined further if one department code only occurs at this level. This only happens if the count field in the highest level vendor segment of the hierarchical record has a value of one. Disbursement transactions for which there are two or more unique department codes for each vendor are ignored on the basis of the auditors assumption that a vendor that deals with more than one department is likely to be legitimate. For those vendors that are questionable, the auditor would review the original invoices. Print a list of vendor numbers for follow-up.
Part 2

What procedures might the auditor use to verify the legitimacy of these vendors?
Procedure

a. Start CGA ACL. b. Open the project DISB.ACL and retrieve the table disb in the Tables folder. c. Save all the required reports after using the appropriate ACL commands. d. Compare your answers to the solutions provided.

Hint: In solving this question, consider the following ACL commands, in addition to other ACL commands that you may use: Window > Show Command Line Data > Sort Records Analyze > Summarize Data > Report

Note: Should you experience difficulties when attempting to send output to screen (for example, if ACL system crashes), log back into ACL. If prompted, restore to the last-saved version of your file. Repeat the exercise, but before running the report, click Output > Print or Output > File to select that option.

Solution 2. Multiple choice

a. Which of the following audit procedures would provide the least relevant evidence in determining that payroll payments were made to actual employees? 1. Reconcile time cards in use to employees on the job. 2. Examine cancelled cheques for proper endorsement and compare with personnel records. 3. Test for segregation of the authorization for payment from the hire/fire authorization. 4. Test the payroll account bank reconciliation by tracing outstanding cheques to the payroll register. b. Which of the following procedures would provide the best evidence of the effectiveness of a credit-granting function? 1. 2. 3. 4. Observe the process. Review the trend in receivables writeoffs. Ask the credit manager about the effectiveness of the function. Check for evidence of credit approval on a sample of customer orders.

c. The internal auditor of a company with a recently automated human resource system reviews the retirement benefits plan and determines that the pension and medical benefits have been changed several times in the past 10 years. The auditor wishes to determine whether further audit investigation is justified. The most appropriate audit procedure would be which of the following?

1. Review the trend of overall retirement expense over the last 10 years. If the retirement expense increased, it would indicate the need for further investigation. 2. Use generalized audit software to take a dollar-unit sample of retirement pay and determine whether each retired employee was paid correctly. 3. Review reasonableness of retirement pay and medical expenses on a per-person basis stratified by which plan was in effect when the employee retired. 4. Use generalized audit software to take an attribute sample of retirement pay, and perform detailed testing to determine whether each person chosen was given the proper benefits. Solution 3. CASE STUDY T9-1: Wendall Company Limited Wendall Company Limited (WCL) is a Canadian manufacturer of public transportation equipment. Sales for the year ended March 31, 20X1, amounted to $530 million, on which the company realized a net profit after taxes of $75 million. The company has experienced considerable growth in the last three years, mainly through acquisitions and the development of new product lines. The transportation equipment industry is highly competitive and is characterized by a small number of large companies located mainly in Canada, the United States, Germany, England, and Japan. Growth is critical to the survival of WCL. The finance function at WCL is responsible for the coordination of strategic planning. Each vicepresident is responsible for developing objectives and strategies for the activities under his or her responsibility. A corporate planning committee has been established to decide the key corporate objectives and strategies based on the vice-presidents plans. WCL has decided on the following corporate objectives for 20X2: To increase sales by $50 million To generate a 15% return on shareholders equity To increase research and development expenditures to 5% of sales To increase the companys share of the new subway car market by 5% in North America The president of WCL, Don Ho, believes that strategic planning is the key to survival. He believes that without proper strategic planning, the company will be rapidly outpaced by its competitors. Consequently, he requested that the internal audit department review WCLs strategic planning systems and practices, focusing on the process for the preparation of the five-year corporate plan, which was completed in October 20X0. As a senior auditor in WCLs internal audit department, you have been asked by the chief audit executive to prepare a memo in which you will identify the key areas to review in the strategic planning activity, develop high-level (general) criteria to be used in this audit, and outline the audit procedures in performing this work.
Required

Prepare the memo requested by the chief audit executive. Solution 4. CASE STUDY T9-2: CanDrug Limited CanDrug Limited is a large public corporation incorporated under the Canada Business

Corporations Act . The company is an important manufacturer of pharmaceutical products and operates three plants in Canadas largest cities. The corporate head office is located in Vancouver. The following information appeared in the corporations financial statements for the years ended December 31, 20X1 and December 31, 20X0:
Sales Cost of sales Selling and administration Net profit after taxes Cash and short-term deposits Accounts receivable Inventories Accounts payable Long-term debt 985 640 125 101 41 106 94 76 98 20X1 ($000,000s) 910 585 110 106 49 91 117 59 85 20X0

All customer orders are transmitted by sales agents to head office by fax and are then entered into head offices computerized sales order system. The computer system automatically determines the plant from which products will be shipped to customers. The computer system invoices customers according to shipping information entered by each plant, and invoices are forwarded to customers by mail. CanDrug maintains bank accounts in each province where it operates. Customers are instructed on invoices to deposit funds directly into these bank accounts. The treasury function at head office is responsible for managing all bank accounts. The purchasing function is also centralized at head office. For the year ended December 31, 20X1, purchases of raw materials amounted to $410 million. Purchase orders are prepared at head office according to purchase requisitions prepared by each plant. All suppliers invoices are received at head office where all payments are made. To finance its growth in the last three years, the company has also negotiated long-term loans and credit lines with two Canadian banks to finance its short-term capital needs. All excess funds are invested in short-term deposits. The treasury function is also responsible for all borrowing and investing activities. Cash management is a critical area for the success of CanDrug Limited, and this activity has been selected for review by the internal audit group in 20X2. To plan this audit, the director of internal audit has asked Ana Mendes, audit manager, to prepare an outline of an audit plan in which she will identify the following: a. The main areas to be examined b. The audit criteria to be used c. The audit procedures to be followed to satisfy audit criteria in each area
Required

Assume the role of Ana Mendes and prepare the outline of a draft audit plan requested by the director. Note : For part (b), high-level (general) criteria are sufficient at this stage. Solution 5. CASE STUDY T9-3: Smith, Colbert and Associates

Smith, Colbert and Associates is a firm of architects with offices in Victoria, Vancouver, Edmonton, Calgary, Regina, and Winnipeg. The firm offers a wide range of architectural and design services to its clients and employs over 1,500 professionals. The firm spent over $1.2 million on training in 20X1. It operates a professional development group, located at the Edmonton office, which is responsible for managing the entire training activity for the firm. Some courses are designed by the training group and delivered by senior staff. The firm also sends employees, mainly students, to university courses. In addition, the firm purchases courses from professional education firms and modifies them as necessary. Stephen Baines, the internal audit director of the firm, has asked you, the audit manager, to review the firms training activities and make recommendations to improve the cost effectiveness of this important activity. Before you start the work, Stephen would like you to prepare a memo outlining the specific areas you will examine and the criteria that will be used to assess actual training activities.
Required

Prepare the memo requested by Stephen Baines. Recommendations are not required. Note: High-level (general) audit criteria are sufficient at this stage. Solution

Self test 9 Solution 1

Computer solution Requirement 1

a.

Retrieving the table and viewing its contents

1. Open the project DISB.ACL and retrieve the table disb in the Tables folder. The status bar indicates that there are 499 records in the table.

Sorting records by vendor (VEND)

1. 2. 3. 4. 5. 6. Select Data > Sort Records to display the Sort dialog box. Click the Sort On button to display the Selected Fields dialog box. Double-click (in the order shown) to select VEND and DEPT_NO from the list view. Click OK to return to the Sort dialog box. In the To text box, type SRTDISB. Click OK and ACL creates a new table, SRTDISB. There are 499 sorted records. Leave this table on-screen for the next section.

Summarizing selected records by vendor (VEND) and department number (DEPT_NO)

1. Select Analyze > Summarize to display the Summarize dialog box. 2. Click the Summarize On button to display the Selected Fields dialog box. 3. Double-click to select the fields VEND and DEPT_NO, then click OK to return to the Summarize dialog box. 4. Click to select AMT from the Subtotal Fields list view. 5. Click Output > File. 6. In the Name text box, type SUMDISB. 7. Click OK and ACL creates a new table, SUMDISB. There are 483 sorted records. b.

Summarizing selected records by vendor (VEND)

1. 2. 3. 4. 5. Select Analyze > Summarize to display the Summarize dialog box. Click VEND in the Summarize On list view. Click AMT in the Subtotal Fields list view. Click Output > File. In the Name text box, type SUM2DISB.

6. Click OK and ACL creates a new table, SUM2DISB. There are 182 sorted records. 7. Choose Tools > Options > View tab, then make sure the Hide Filtered Records box is checked. If not, click to check it. Click OK. 8. In the Filters text box at the top of the results window, type count=1, then press ENTER. 9. Select Data > Report > Output > Screen. Click OK. There are 42 selected records.
VEND AMT COUNT V101 492.64 1 V108 3669.75 1 V120 1595.63 1 V126 896.26 1 V132 1814.57 1 V135 202.29 1 V139 10744.63 1 V142 15168.93 1 V152 1470.02 1 V164 514.16 1 V165 254.57 1 V167 280.39 1 V171 454.37 1 V173 335.20 1 V174 167.71 1 V175 399.74 1 V179 1236.90 1 V180 1855.86 1 V184 494.58 1 V187 1432.86 1 V190 1668.07 1 V191 825.16 1 V196 7993.62 1 V197 258.54 1 V198 2066.83 1 V207 18911.02 1 V214 493.97 1 V218 33869.64 1 V229 2222.65 1 V230 2629.35 1 V235 5466.91 1 V250 4867.98 1 V259 513.51 1 V262 2064.55 1 V272 494.65 1 V287 414.12 1 V291 892.13 1 V296 2171.42 1 V297 2124.76 1 V298 2180.80 1 V299 243.53 1 V300 1209.01 1 137063.28 42

10. Select Data > Report > Output > File. 11. In the Name text box, type the directory and the name of the document you are using for your work, or select the Name button to search for the correct path, and then type a name and click Save. (If prompted, click Append.) ACL will then insert the 42 selected VEND records into your document. Save the document with a .txt extension.

12. Close all windows and exit ACL. If prompted to save the changes, click Yes. 13. Now, open (with Notepad) the document you just saved and review the results.

Requirement 2
To verify the legitimacy of these purchase invoices, the auditor would perform the following audit procedures: Manually pull the original copy of the paid invoice from the files in accounts payable. Review the invoice for indications of legitimacy, such as pre-printed form with company logo, printed numerical sequence, company address and phone number, contact person. Note any deficiencies or suspicious evidence. Attempt to verify the legitimacy of the vendor by reference to the telephone book, business listings, discussion with purchasing, and telephone contact with the company by the auditor. Check the description of the goods or services ordered and discuss with the person ordering and receiving the goods/services. Any unusual evidence should be documented and discussed with the chief audit executive.

Course Schedule

Course Modules

Review and Practice

Exam Preparation

Resources

Self-test 9 Solution 2
a. 1. Incorrect. Verification that an employee is actually working is a common procedure to test for nonexistent employees. 2. Incorrect. Examining for proper endorsements and comparing with records may detect improper payments. 3. Incorrect. Segregation of payroll authorization from employment decisions helps to eliminate the conditions in which one person can arrange payment to fictitious employees. 4. Correct. A payroll account proof tests for completeness of the recorded transactions, not for their validity. b. 1. Incorrect. Observation provides evidence about whether credit personnel are following appropriate procedures while being observed. 2. Correct. The purpose of the credit-granting function is to achieve optimal profitability by establishing the appropriate credit policy one in which the benefits (for example, greater sales) of a credit policy should not be outweighed by greater costs (for example, bad debts). 3. Incorrect. Responses from the credit manager will lack objectivity. 4. Incorrect. The credit limits may be set too high or too low; the existence of approval will not detect these problems. c. 1. Incorrect. Reviewing the trend of overall retirement expense over the last 10 years does not consider the changes in plans or the number of employees retired. 2. Incorrect. The sample should be stratified. The population is not homogeneous. 3. Correct. The auditor must stratify the sample according to the plans in effect when the employees retired and develop a predicted result for each person based on the stratum to which she or he belongs. 4. Incorrect. Taking an attribute sample of retirement pay does not meet the objective of determining whether further audit investigation is warranted.

Course Schedule

Course Modules

Review and Practice

Exam Preparation

Resources

Self-test 9 Solution 3
CASE STUDY T9-1: Wendall Company Limited

MEMORANDUM
Date: December 15, 20X1 To: Chief Executive, Internal Audit From: Senior Auditor Re: Audit of Strategic Planning

As requested at our meeting last Tuesday, I have identified key areas to be reviewed, general audit criteria, and a general audit approach for this audit. Once you have reviewed these points, I will prepare a formal audit program.
Key areas to be reviewed

In reviewing strategic planning activities, the audit should assess the adequacy of systems and practices used for the following activities: Analyzing the corporate environment for economic conditions, market and products evolution, and competition Assessing corporate capabilities to meet future challenges Determining corporate objectives Identifying and selecting alternatives to meet objectives Developing strategic plans for each component of the organization Integrating plans with the management process
General audit criteria to be used

The following general criteria, related to key areas, should be used: Analyzing the corporate environment Both the current situation and the anticipated changes to the organizations environment should be appropriately analyzed. Assessing corporate capabilities Objective assessments and evaluations of the organizations capabilities, deficiencies, and performance should be undertaken and incorporated into plans. Determining corporate objectives Precise and measurable objectives should be stated and periodically reviewed. Identifying and selecting alternatives Meaningful and appropriate alternatives should be considered objectively in formulating strategic plans and operational plans. Developing strategic plans Strategic plans should be realistic, achievable, and clearly stated.

Integrating plans with the management process Plans and the planning process should be integrated with the management process. Procedures should exist to ensure that planning is conducted regularly and in a coordinated manner.
Audit procedures

Obtain knowledge of the planning process. Make a preliminary assessment of the adequacy of the process by reviewing results of prior strategic plans. Review and assess the overall organization for the planning activity by reviewing the planning process and the role and responsibilities of the individuals involved. Determine the answers to the following questions: Are corporate planning policies and procedures clearly established and documented? Are responsibilities for coordinating planning efforts clearly defined and communicated? Is the planning process documented? Are plans periodically updated and approved? Formally review variances between actual and planned results, using them to improve planning systems and practices. Review the environment analysis done by the organization and ensure all relevant factors (for example, economic, political, and competitive conditions) are adequately considered. Determine whether strategic planning is based on a sound assessment of the organization's strengths and weaknesses and its performance capabilities. Review established objectives and priorities and determine whether they have the following qualities: Precise Measurable Reviewed periodically in light of the changing environment Clearly communicated Consistent across the organization Determine whether the organization considered various alternatives in formulating strategic and operational plans. Examine strategic plans and determine whether they are realistic, achievable, and clearly stated and communicated. Determine whether strategic planning is fully integrated with the management process.

Course Schedule

Course Modules

Review and Practice

Exam Preparation

Resources

Self-test 9 Solution 4
CASE STUDY T9-2: CanDrug Limited

a. Main areas to be examined In reviewing cash management at CanDrug Limited, the auditor must assess the adequacy of systems and practices used for the following: Organization of cash management Cash budgeting Accounts receivable and cash receipts management Accounts payable and cash disbursements management b. Audit criteria to be used You are asked to develop audit criteria that can be used for reviewing cash management activities at CanDrug Limited. Audit criteria should address the key aspects of cash management activities listed in part (a): The following are examples of acceptable criteria: i) Organization of cash management Roles and responsibilities for cash management should be clearly defined and communicated. Appropriate documented formal cash management policies should be in place. Procedures for reviewing and evaluating cash management activities and for collecting data for evaluation should be implemented. ii) Cash budgeting Roles and responsibilities for cash budgeting should be clearly defined and communicated. The cash budgeting methodology should be clearly defined and documented. Cash budgets should be regularly updated. Variances between budgeted and actual cash receipts and disbursements should be identified and analyzed. iii) Accounts receivable and cash receipts management Prompt and accurate invoicing procedures should be in place. Credit and collection policies should be followed. Cash discounts and account write-offs need to be authorized. Funds should be deposited in the organizations bank accounts daily. Arrangements should be in place for the banks to submit detailed information daily. iv) Accounts payable and cash disbursements management Accounts payable and cash disbursements systems and practices should provide reasonable

assurance that supplier invoices are paid at the last possible moment while maintaining an adequate credit rating, that all payments are supported and authorized, and that early payment discounts are considered. c. Audit procedures The following approach should be followed in reviewing cash management activities at CanDrug Limited: Obtain a thorough understanding of the organizations cash management systems and practices by reviewing the following: An organizational chart of the financial function Job descriptions of senior staff responsible for cash management activities Obtain or prepare a description of the systems and practices in place for cash management activities to be reviewed. Review the organizations policies and procedures that relate to cash management. Review the results of cash management activities to identify any symptoms of weaknesses or problems in cash management systems and practices. i) Organization of cash management Determine whether roles, responsibilities, policies, and procedures for cash management are clearly defined. ii) Cash budgeting Review a sample of cash budgets and verify the accuracy of the source information used in their preparation, as well as the quality of variance analysis performed on actual versus budgeted results. iii) Management of accounts receivable and cash receipts Review a sample of sales transactions and verify the following: Evidence of credit authorization Time elapsed between receiving of customers order and shipment, and between shipment and invoicing Accuracy of pricing, additions, and extensions on invoice Collection period Time between cash receipt and deposit in bank account iv) Management of accounts payable and cash disbursements Review accounts payable and cash disbursements policies, systems, and procedures, and look for evidence that terms of payment are negotiated with suppliers whenever applicable. Examine a sample of cash disbursements and answer the following questions: Are payments not made before due date, except to take advantage of cash discounts? Are payments properly supported and authorized?

Course Schedule

Course Modules

Review and Practice

Exam Preparation

Resources

Self-test 9 Solution 5
CASE STUDY T9-3: Smith, Colbert and Associates

MEMORANDUM
Date: To: From: Re: March 20X2 Stephen Baines, Internal Audit Director Audit Manager Smith, Colbert and Associates: Audit areas to examine and criteria

a. Areas to examine In reviewing training activities, the auditor should specifically review the following: The specific process used to identify current and future training needs of employees (that is, the information used to make such assessments)

How identified training needs are incorporated into specific training plans for each employee: How training plans are approved How training budgets are prepared and approved Cost/benefit analysis for determining whether to use in-house or outside courses The course design process for in-house training: Determination of course learning objectives Determination of criteria for measuring achievement of these objectives Selection of training methods to be used Adequacy of training facilities

Criteria used for selecting trainees

Systems to monitor and report on costs to develop and deliver courses

Methods used for measuring results and assessing the effectiveness of training activities b. Audit criteria You should develop audit criteria that can be used for reviewing training activities at Smith, Colbert and Associates. High-level (general) criteria are sufficient at this stage. Audit criteria should address the following key aspects of training activities: i) Identifying training needs ii) Analyzing needs and developing training plans iii) Designing training courses iv) Implementing training plans

v) Evaluating and reviewing training activities The following are examples of criteria that can be used: i) Identifying training needs Staff training needs should be formally identified, taking into account present and future job requirements. ii) Analyzing needs and developing training plans Staff training needs should be analyzed and translated into formal training plans for each employee or group of employees. The relative costs and benefits of alternative ways of meeting training needs should be assessed. Training budgets should be prepared and actual cost performance monitored. iii) Designing training courses The course should be designed to meet identified training needs. The course design should specify objectives to be met. The course design should specify methods to assess the effectiveness of training courses. iv) Implementing training plans Training courses should be implemented in a cost-effective manner. Training staff and facilities should be used in an economical and effective manner. v) Evaluating and reviewing training activities Results of training activities should be formally measured. Results of course evaluations should be used to improve the effectiveness of training activities.