3. The nature and process for effective internal controls

Question 1

What are internal controls?

Answer 1

The controls within a business, set up by management, designed to mitigate the risks against achieving business objectives

Question 2

Why do small companies have problems implementing internal controls?

Answer 2

Fewer members of staff means less segregation of duties and less options to review work.

There may also be fewer members of experienced staff -> less technical knowledge

Question 3

Match the example with the control activity it illustrates

1. Finance costs posted to the P&L are matched to amounts specified in loan agreements
2. Wages are compared to agreed rates of pay from authorised payroll records

a) Verification

b) Reconciliation

Answer 3

1 b

2 a

You wouldn’t reconcile wages - because wages never balance. Instead, you verify that the pay matches the authorised rate

Question 4

Are information systems and communication controls limited to IT?

Answer 4

NO

Information systems consists of manual processes - such as posting journals for provisions - and automated IT systems

Question 5

What are general IT controls?

Answer 5

Controls over an entity’s whole IT processing system, such as;

Passwords for the hosted desktop
Training for use of system
Back up procedures

Question 6

What are information processing controls?

Answer 6

Specific controls to a particular section of a business’ processes

Question 7

For each of the following IT controls, state whether they are general or information processing controls:

1. One to one checking
2. Segregation of duties
3. Review of master files
4. Back-up copies
5. Virus checks
6. Passwords
7. Training
8. Record counts
9. Hash totals
10. Program library
11. Back-up power source
12. Controls over deleting nil balance accounts

Answer 7

1. One to one checking - IT controls
   (Checking one document to another)
2. Segregation of duties - General
3. Review of master files - IT controls
   (Checking ledger to master file)
4. Back-up copies - General
5. Virus checks - General
6. Passwords - General
7. Training - General
8. Record counts - IT controls
9. Hash totals - IT controls
   (Batch totals checked to invoices)
10. Program library - General
11. Back-up power source - General
12. Controls over deleting nil balance accounts - IT controls

Question 8

What 4 things can limit an entity’s internal controls?

Answer 8

Expense of control (cost to implement compared to benefit)

Human element (human error can impede manual controls)

Collusion (both parties involved in the process and the control can collude to override control)

Unusual transactions (unknown risks may not be sufficiently controlled against)

Question 9

What are the 5 components of internal controls?

Answer 9

C - Control activities. What do you do in the control

R - Risk assessment. Identification of risks that the control intends to manage

I - Information communication systems - how effective are the systems that are in place

M - Monitoring - Ensures the controls are used

E - Control environment - management’s attitudes to controls

Question 10

What are the 5 types of control activities

Answer 10

Segregation of duties

Physical or logical controls

Verification

Reconciliation

Authorisation and approval

Question 11

Who comprises the audit committee?

Answer 11

Non-executive directors

Question 12

Match the internal control with the appropriate method that auditors would use to document:

a) Simple, non-complex systems

b) Standard & comprehensive systems

c) Diagrams/flow charts

1. Narrative notes
2. Internal controls questionnaire
3. Complex systems

Answer 12

1 a

2 b

3 c