5: Internal Control

Question 1

Internal control acronym

Answer 1

CRIME

Control activities

Risk assessment

Info system: the procedures/records established to initiate, record, process + report entity transactions (auditor: concerned re: reliability)

Monitoring of controls

Environment (audit committee)

Question 2

Best sources of info re: company’s systems

Answer 2

Company’s procedures manual
Internal audit function’s systems notes
Inquiries made of company staff

Question 3

Examples of application controls:

Answer 3

Cyclical reviews of all master files

Question 4

Examples of general controls:

Answer 4

Training staff in new IT procedures
Taking back-up copies of programs
Maintenance agreements over IT equipment

Question 5

Cyclical reviews of all master files

Answer 5

Application control (info processing)

Question 6

Training staff in new IT procedures

Answer 6

General control (info processing)

Question 7

Taking back-up copies of programs

Answer 7

General control (info processing)

Question 8

Maintenance agreements over IT equipment

Answer 8

General control (info processing)

Question 9

Control deficiencies

Answer 9

Lack of controls over the purchases system

Lack of staff to ensure segregation of duties

Question 10

Inherent limitations of an internal control system

Answer 10

Lack of understanding of the purposes of controls

The possibility that staff members will collude in fraud