1. Prepare a list of internal control procedures that banks and other financial institutions have implemented, or should implement, for their ATM operations.
Financial institutions should implemented the following internal control procedures. The first one is Risk Assessment, which means financial institutions’ management should identifies, analyzes, and manages risks that can affect the company. The second one is Control Environment, this procedure require management of the institutions attitude toward, awareness of, and actions concerning the internal control structure to in order to reduce the fraud and error. The third one is Control Activities, which means that institutions’ management should enact specific policies and procedures to achieve the management objectives.
What’s more, they should take necessary procedures to target the risks. The forth step is information and communications. Institutions should gather all necessary information to carry out internal controls. Providing, sharing and obtaining information is also very important, which is called communication. The last step is Monitoring. Which is an ongoing process to evaluate controls and determine whether all the operations are as intended. They changed when operating conditions change.
2. What general conditions or factors influence the audit approach or strategy applied to a bank client’s ATM operations by its independent auditors?
The auditor should consider the nature, timing, and extent of further audit procedures to make decision. The nature of an audit procedure include its purpose and its type. So the purpose and the type of an audit procedure will influence the audit approach. The purpose of audit procedure determines whether it is a risk assessment procedure, a test of controls, or a substantive procedure. The types of audit procedures include inspection of documentation, inspection of assets, observation , external confirmation, recalculation, reperformance, analytical procedure, scanning, and inquiry.
Timing refers to when audit procedures are performed or the period or data to which the audit evidence applies. The higher the risk of material misstatement, the more likely it is that the auditor may decide it is more effective to perform substantive procedures nearer to the period end rather than at an earlier date. On the other hand performing audit procedures before the period end may assist the auditor in identifying significant matters at an early stage of the audit.
Extent refers to the quantity of a specific audit procedure to be preformed. The extent of audit procedure is determined by the judgment of the auditor after considering the tolerable misstatement, the assessed risk of material misstatement, and the degree of assurance the auditor plans to obtain.
3. Identify specific audit procedures that may be applied to ATM operations. Which, if any, of these procedures might have resulted in the discovery of the embezzlement scheme at First Keystone’s Swarthmore branch? Explain.
Inspection of documentation, observation, recalculation, analytical procedures, scanning, and inquiry may be applied to ATM operations.
I think the following procedures can resulted in the discovery of the embezzlement scheme. The first one is inspection of documentation. Auditors can examine a client document and compare it with the exact money they save and take out from the ATM. The second one is observation. Looking the procedure of using the ATM to make sure whether it is used with authority. The third one is analytical procedures. Auditors can analyzing plausible relationships among both financial and nonfinancial data of the ATM. The forth one is scanning. Performing a type of analytical procedure which involves reviewing accounting data to identify unusual items. For example, the amount of money that put in the ATM is not match the money that actually take out by customers.