1️⃣ SALES & RECEIVABLES CYCLE
🎯 Control Objectives
All sales recorded (Completeness)
Only genuine sales recorded (Occurrence)
Correct pricing & discounts (Accuracy)
Credit risk controlled (Valuation)
Proper cut-off
✅ STRONG CONTROLS Seen Across Cases
Credit checks before granting credit
Credit limits authorised by senior staff
Six-month credit limit reviews
Approved price list used for invoicing
Discounts authorised by sales director
Sequentially numbered invoices
Matching dispatch note → invoice
Monthly receivables reconciliations
Statements sent to customers
Daily till reconciliation (retail)
Credit card receipts matched to remittance
❌ COMMON DEFICIENCIES Across Cases
No independent review of credit limits
Credit limit approval via informal email
Discounts not independently authorised
Employees serving friends/family
No unique till login codes
No review of aged receivables
No reconciliation of receivables ledger to GL
Sales cut-off not checked at year-end
Only totals reviewed instead of details
Conditional review (“only if significant”)
2️⃣ PURCHASES & PAYABLES CYCLE
🎯 Control Objectives
Purchases authorised
Goods received recorded
Valid suppliers paid
Payments accurate
No duplicate payments
✅ STRONG CONTROLS
Purchase orders authorised
GRN matched to invoice (3-way match)
Segregation: ordering vs recording vs paying
Payment by bank transfer
Invoices stamped “paid”
Supplier statement reconciliation
❌ COMMON DEFICIENCIES
Finance director approves only total payment
No review of detailed payment listing
Same person authorises & records payment
Long payment delays (cash management risk)
Petty cash shortages not investigated
Junior staff handling cash banking
No independent supplier statement reconciliation
No authorisation of new suppliers
GRNs not sequentially controlled
No review of small reconciling items
3️⃣ PAYROLL CYCLE
🎯 Control Objectives
Only genuine employees paid
Accurate wage rates
Overtime authorised
Proper deductions made
Payroll correctly recorded
✅ STRONG CONTROLS
HR responsible for employee setup
Sequential clock cards
Payroll system auto-calculation
Payroll manager reviews payment list
Overtime reports reviewed
Bonus approved in writing
Bank transfer payroll
❌ COMMON DEFICIENCIES
Payroll assists HR in setting up employees (ghost employees risk)
Wage changes communicated only via email
Unsupervised clock-in system
Overtime reviewed too infrequently
Cash payroll without ID verification
Payroll manager amends records personally
Bonus input by clerk without independent review
No independent review of payroll reconciliation
Lack of segregation of duties
4️⃣ INVENTORY CYCLE
🎯 Control Objectives
Inventory exists
Correct quantity
Proper cut-off
Secure storage
Accurate valuation
✅ STRONG CONTROLS
Monthly perpetual inventory counts
Secure storage of high-value goods
Restricted access
Inventory reconciled to system
Investigating discrepancies
❌ COMMON DEFICIENCIES
No full year-end count
Monthly counts not consistently performed
Same security code across warehouses
Access codes not changed regularly
No investigation of count differences
Management avoids year-end count (too disruptive)
Inventory stored insecurely
Lack of segregation between warehouse & recording
5️⃣ CASH RECEIPTS CYCLE (Most Tested)
🎯 Control Objectives
All cash recorded
Cash safeguarded
Prompt banking
Proper reconciliation
Independent review
✅ STRONG CONTROLS
Daily till reconciliation
Security company bank collection
Credit card receipts verified
Bank deposit agreed to bank statement
Monthly bank reconciliation
Review evidenced by signature
❌ COMMON DEFICIENCIES
No individual till logins
Cash safe key stored insecurely
Junior staff transporting cash
Same clerk performs multiple cash duties
Reconciliations reviewed only if differences exist
No surprise cash counts
Petty cash differences noted but not investigated
Cash stored overnight unnecessarily
No independent review of daily reconciliation
6️⃣ BANK RECONCILIATION DEFICIENCIES (Recurring Theme)
⚠ If you see:
“Only reviewed if significant”
“Where necessary”
“If required”
“When large”
→ That is almost always a deficiency.
Strong control =
Monthly + Independent + Signed + Investigated.
7️⃣ NON-CURRENT ASSETS
Common Deficiencies
Assets not physically verified
Only partial verification completed
No recent reconciliation to register
IA understaffed
No investigation of missing assets
8️⃣ IT SYSTEMS CONTROLS
Recurring themes across multiple cases:
New system run in parallel without full testing
No access controls
Shared passwords
Lack of segregation in system rights
Changes made without independent review
9️⃣ INTERNAL AUDIT (IA Function)
Weakness Patterns
IA understaffed
IA only reviewing some locations
No follow-up on findings
Lack of specialist skills
Considering outsourcing
Outsourcing Advantages
Specialist knowledge
Cost flexibility
Independence
Outsourcing Disadvantages
Less operational knowledge
Confidentiality risk
Reduced management control
🔟 UNIVERSAL DEFICIENCY IDENTIFICATION FORMULA
For ANY case:
Ask yourself:
Is segregation of duties broken?
Is there independent review?
Is authorisation formal?
Is physical security strong?
Is reconciliation performed regularly?
Is review evidenced?
Are controls conditional?
Is management convenience overriding control?
If YES → Write deficiency.
🏆 FINAL EXAM STRATEGY
Every IA question from:
Pear International
Lily Window Glass
Trombone
Bronze
Caterpillar
Equestrian
Comet Publishing
Raspberry
Camomile
Freesia
Amberjack
Snowdon
Swift
Castle Courier
Pomeranian
Whittaker
Daley
Petra
Silver Co
Follows one of these cycles:
Sales
Purchases
Payroll
Inventory
Cash
Assets
IT
The company changes.
The weaknesses repeat.
🎯 If You Master This:
You can walk into any AA Internal Control question and:
Identify 8+ deficiencies easily
Provide tailored recommendations
Suggest proper tests of control
Score full marks in Section B
0 Comments