10) Internal Control Flashcards
what must the auditor do if they discover deficiencies in internal controls?
if significant, address them and report to mgmt
how can mgmt respond to inefficient controls?
developing and implementing new controls
what are the two internal control objectives?
- integrity of information
- operational objectives
what are the integrity of info objectives?
- validity
- accuracy
- completeness
which controls will the auditors usually look at?
controls regarding misstatement of info in the FS
what are the operational objectives?
- safeguarding of assets
- confidentiality
- compliance with laws
- economy, efficiency and effectiveness
- continuity of operations
- preventing fraud
when is info valid?
when the underlying transaction is valid and ito mgmt policy
when is info accurate?
when it has been calculated correctly and is in the correct account
when is info complete?
when all info is recorded / none is omitted and in the a timely manner
what is a business risk?
risks resulting from significant conditions/events that could adversely impact the business’s ability to achieve its objectives and achieve strategy
what are two components of business risk?
- risk factor (from scenario)
- impact on objectives
what are the two components of controls in a computerized environment?
- ITGC
- application controls
what are all the ITGC?
- control environment
- systems development and implementation controls
- access controls
- continuity of operations
- systems software and operations
- documentation
what are the three categories of application controls?
- manual independent
- manual dependent
- automated
when do activity application controls occur?
- input
- processing
- output
- for masterfiles