Medium20 marksExtended Response
Internal ControlInternal ControlsDeficienciesProcurement CyclePayroll Cycle

ACCA · Question 17 · Internal Control

SECTION B - QUESTION 17

SCENARIO: EcoGrid Power
You are an audit senior at Volt & Co, currently evaluating the internal controls of EcoGrid Power, a regional electricity distributor, for the year ended 31 December 20X5. You are focusing on the procurement and payroll cycles.

Your system notes reveal the following:

  1. To speed up emergency repairs, purchase orders for materials under $50,000 do not require any formal authorization and can be placed directly by maintenance staff.
  2. Goods received notes (GRNs) are generated manually by warehouse staff and are not sequentially numbered.
  3. Overtime for repair crews is frequently required due to storm damage. Overtime hours are approved verbally by line managers without any written documentation or system sign-off.
  4. When employees resign or are terminated, HR notifies the payroll department via a monthly summary email. Terminated employees often remain on the payroll system until the end of the quarter when a reconciliation is performed.
  5. To ensure continuous operations during shift changes, the main password for the procurement ERP module is shared among all staff in the purchasing department.

REQUIREMENTS:
Identify FIVE internal control deficiencies from the scenario. For each deficiency:
(a) Explain the implication of the deficiency.
(b) Provide a practical recommendation to address the deficiency.

Note: Present your answer in a three-column format: 'Deficiency', 'Implication', and 'Recommendation'.

How to approach this question

Extract the 5 specific control weaknesses from the text. For 'Implication', explain the negative business or financial impact (fraud, error, loss of money). For 'Recommendation', provide a specific, actionable control that fixes the weakness.

Full Answer

Internal control questions require identifying the breakdown in standard procedures (authorization, physical controls, segregation of duties, IT controls). The implication must highlight the risk to the business (usually fraud or error). The recommendation must be a direct fix to the identified deficiency.

Common mistakes

1) Giving vague implications like 'This is bad for the company'. 2) Providing recommendations that don't solve the specific problem (e.g., recommending 'hire more staff' instead of 'implement unique passwords').

Practice the full ACCA AA — Audit and Assurance Practice Exam 1

18 questions · hints · full answers · grading

More questions from this exam