Learning Outcomes
After studying this article, you will be able to explain the main techniques used by auditors to understand, record, and evaluate accounting systems. You will distinguish between internal control questionnaires (ICQs) and internal control evaluation questionnaires (ICEQs), describe their format and contents, and draft typical questions. You will know how to apply these tools to identify strengths and weaknesses in an entity’s internal control system.
ACCA Foundations in Audit (FAU) Syllabus
For ACCA Foundations in Audit (FAU), you are required to understand and apply audit techniques for documenting and evaluating accounting systems. This article covers the following syllabus points:
- The techniques used by auditors to understand and record accounting systems, including narrative notes and flowcharts
- The use and format of internal control questionnaires (ICQs) and internal control evaluation questionnaires (ICEQs)
- Differences between ICQs and ICEQs
- How to design and interpret questions in ICQs and ICEQs
- Evaluating internal controls and identifying deficiencies
Test Your Knowledge
Attempt these questions before reading this article. If you find some difficult or cannot remember the answers, remember to look more closely at that area during your revision.
- What is the primary purpose of an internal control questionnaire (ICQ) in an audit?
- Which type of document—ICQ or ICEQ—focuses on asking whether specific errors or fraud could occur rather than whether controls exist?
- Name two key differences between ICQs and ICEQs in approach and design.
- What essential details should be included in the heading of an ICQ or ICEQ?
Introduction
Auditors must understand and evaluate the internal control systems of their audit clients to assess risk and plan effective audit procedures. To do this, auditors use a range of techniques for ascertaining, documenting, and evaluating the controls in place over accounting systems. Two principal tools are internal control questionnaires (ICQs) and internal control evaluation questionnaires (ICEQs). These standard forms help auditors systematically review systems, identify strengths and weaknesses, and determine the nature, timing, and extent of further audit work.
Key Term: internal control questionnaire (ICQ)
A structured document listing common internal controls, completed by confirming the presence or absence of each control to help auditors identify potential weaknesses.Key Term: internal control evaluation questionnaire (ICEQ)
A questionnaire that assesses whether specific errors or fraud could occur, focusing on weaknesses and risks rather than listing expected controls.
Techniques to Understand and Record Systems
Before evaluating controls, auditors must first understand how a client’s system operates. The typical methods to do this include:
- Reviewing prior audit files and existing system documentation
- Interviewing staff responsible for processing transactions
- Observing procedures in action
- Performing walk-through tests, tracing a transaction from initiation to recording
- Examining documents generated and maintained in the process
Key Term: walk-through test
Tracing a single transaction through each stage of a system, from initiation to recording, to confirm the auditor’s understanding and the system’s operation.
Documenting Systems: Narrative Notes, Flowcharts, and Questionnaires
Narrative Notes
These are written system descriptions outlining the sequence of processing and controls. Narrative notes are flexible but can become lengthy, making it harder to identify missing controls or process gaps.
Flowcharts
Flowcharts are diagrammatic representations showing movement of documents, processing steps, and control points. They use standard symbols and are effective for picturing complex processes, especially in larger organisations. Auditors must ensure flowcharts are kept up to date and use standard notations.
Questionnaires
ICQs and ICEQs take a checklist approach. They offer systematic coverage of the system and can be standardised across audits.
Evaluating Systems: ICQs and ICEQs Explained
Internal Control Questionnaires (ICQs)
ICQs focus on what controls should exist in an effective system. Questions require Yes/No answers indicating whether the specified control is present. A “No” response flags a potential weakness. ICQs are structured around specific transaction cycles (e.g. purchases, payroll, sales).
Typical ICQ questions in a purchases system might include:
- Are purchase orders pre-numbered and authorised by a designated official?
- Are goods received notes prepared independently of purchasing personnel?
- Are supplier invoices matched to purchase orders and goods received notes before approval for payment?
- Are supplier statements reconciled to the payables ledger regularly by someone other than the payments clerk?
Each question should relate to a control objective, such as completeness, accuracy, or authorisation.
Key Term: control objective
A specific aim that an internal control seeks to achieve, such as ensuring transactions are properly authorised or recorded completely and accurately.
Example of ICQ Structure
ICQs typically contain:
- Name of document (ICQ), client identifier, period covered
- Control objectives relevant to the cycle
- The actual questionnaire section with Yes/No columns
- Space for comments, audit references, and indication of significance of any deficiencies
Internal Control Evaluation Questionnaires (ICEQs)
ICEQs are structured differently. Instead of asking whether a control exists, ICEQs ask if specific problems could occur. The answer should generally be “No”—if “Yes,” this signals a deficiency.
Typical ICEQ questions for the purchases system might include:
- Can goods be ordered without authorisation?
- Could payment be made to a supplier without supporting documentation?
- Can purchases be recorded for goods that have not been received?
- Could the payables ledger be altered without approval?
ICEQs encourage auditors to consider fraud risk, errors, or control override possibilities rather than simply ticking off existing controls.
Comparison: ICQs vs ICEQs
| ICQ | ICEQ |
|---|---|
| Asks if a specific control exists | Asks if a specific failure or error can happen |
| Yes/No – absence of control is a weakness | No/Yes – “Yes” signals a possible fraud/error route |
| Emphasises presence of standard control procedures | Emphasises risks of error or fraud in current processes |
| Useful for less experienced staff | More effective in hands of experienced auditors |
Worked Example 1.1
You are auditing the purchases system of Quay Ltd. Your ICQ asks: "Are all supplier invoices checked against authorised purchase orders before payment is made?" The answer is "No". What does this indicate and what is your next step?
Answer:
A "No" answer indicates a control weakness: supplier invoices may be paid without authorisation, increasing risk of error or fraud. The auditor should consider recommending a control improvement and plan to perform extra substantive testing on purchases for unrecorded liabilities or unauthorised payments.
Worked Example 1.2
You are preparing an ICEQ for a payroll system. You include the question: "Can wages be paid to fictitious employees?" The client answers "Yes" because personnel and payroll functions are not separated. What is the implication?
Answer:
A "Yes" answer reveals a significant weakness; the absence of segregation increases the risk of payroll fraud. The auditor should raise this concern, recommend segregation, and increase audit testing in payroll.
Format and Contents of ICQs and ICEQs
Both ICQs and ICEQs should be clearly headed and structured for review and cross-reference. Essential elements include:
- System under review (e.g., purchases, payroll)
- Period covered
- Preparer/reviewer signatures and dates
- Clear listing of control objectives or risks
- Questionnaire with Yes/No columns and comment section
- Cross-references to supporting audit files or programmes
ICQs should align each question with a control objective. ICEQs should directly address key business risks for each area—questions should be designed so that a "Yes" highlights an exposure.
Key Term: segregation of duties
The division of key tasks among different staff to reduce the risk that a single individual can both commit and conceal errors or fraud.
Summary
ICQs and ICEQs are practical tools for documenting and evaluating internal control systems. ICQs seek evidence of expected controls; ICEQs test whether errors or fraud remain possible. Both help auditors plan further procedures according to the strengths and weaknesses identified.
Key Point Checklist
This article has covered the following key knowledge points:
- The main techniques used to understand and record accounting systems (interviews, walk-throughs, documentation)
- The difference between ICQs and ICEQs for evaluating internal control
- Typical content, format, and structure of ICQs and ICEQs, including control objectives
- The importance of clear, targeted questions in each tool
- Using ICQs and ICEQs to identify control weaknesses and plan further audit work
Key Terms and Concepts
- internal control questionnaire (ICQ)
- internal control evaluation questionnaire (ICEQ)
- walk-through test
- control objective
- segregation of duties