Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ASR > 6. Evaluating systems of internal control > Flashcards

6. Evaluating systems of internal control Flashcards

1
Q

What are internal controls?

(and what are the five components?)

A

A ‘system of internal control’ is the system designed, implemented and maintained by those charged with governance to provide reasonable assurance about the achievement of an entity’s objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations, and compliance with applicable laws and regulations.

Made up of five components:
1. Control environment (the attitude of those charged with governance towards controls)

  1. Client’s risk assessment process (how risks are identified and analysed by those charged with governance)
  2. Client’s process to monitor the system of internal control (how a client evaluates the effectiveness of internal control, whether remedial actions are taken, whether an internal audit department exists etc)
  3. Information system and communication (an information system consists of infrastructure (physical and hardware components), software, people, procedures and data used by the client to initiate, record and process transactions and events)
  4. Control activities (policies and procedures which may prevent, or detect and correct, fraud and errors)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Why are internal controls important?

A
  • Reduce and minimise the risk of fraud and error
  • Guarantee the accuracy of information
  • To make sure the information reported both internally and externally is reliable and can be used for decision-making
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the limitations of internal controls?

Acronym: RC CHUM

A
  • Relevancy/ Obsolescence;
  • Cost;
  • Collusion;
  • Human error;
  • Unusual/ infrequent transactions
  • Management override.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the 5 categories of control activities?

A
  • authorisation and approvals
  • reconciliations
  • verification
  • segregation of duties
  • physical or logical controls
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How are accounting information systems designed by management?

(State the steps for the design of the system)

A

Step 1: Identify the company’s objectives

E.g. correct reporting of financial position and performance to the shareholders, effective and efficient operations, compliance with laws and regulations etc.

Step 2: Identify risks to these objectives

Management must consider the risks that may stop these objectives being achieved (ie what could go wrong) aka business risks.

Step 3: Implement control activities to mitigate these risks where possible

For example, passwords for access to the payroll system so that new employees cannot be added without appropriate authority and approval.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are business processes within an accounting information system and give some examples

A

Business processes are a series of activities that enable a company to meet one or more of its objectives.

Examples include a company’s order fulfilment process, marketing process, budgeting process and human resources process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are general IT controls and the key areas that these controls cover?

(State some examples)

A

ITGCs are policies and procedures relating to the overall IT environment, including all applications. (Essentially a bubble around the IT system and controls to allow them to function effectively)

Key areas: Access to programs and data , Program changes and development, Computer operations and Continuity of operations.

Examples:
* Restricting computer access via the use of unique usernames and passwords

  • Ensuring that any sensitive data held in electronic format can only be accessed by properly authorised personnel
  • Ensuring any hardware or software purchased is of the necessary quality and standard
  • Maintaining IT systems
  • Proper backup and recovery procedures
  • Ensuring the data centre or information processing facility has adequate air conditioning (temperature, humidity), power supply (uninterruptible power supplies, generators) and smoke detectors etc
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are information processing controls?

(state examples)

A

Information processing controls typically operate at the transaction level and apply to the processing of specific types of transactions to make sure that transactions recorded within an application are genuine, accurate and complete.

Examples:
1. Automatic calculations can be embedded within applications based on information that has been inputted. e.g. VAT = 20% on all invoices.

  1. Programmed Editing: the computer is programmed to anticipate types of entries in particular fields. e.g. quantity 1-100.
  2. Exception reports: A report generated that identifies any transactions that are outside the normal expected range. e.g. staff paid >10% more compared to prior month.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How do the components of internal control affect the auditor’s work?

A

If any of these components of the internal control system are ineffective, this will increase control risk.

Five components:

  1. Control environment: The auditor will assess the control environment by inspecting documentation, observing operations, and making inquiries to determine how it influences the overall internal control system.
  2. Risk assessment process: The auditor examines the entity’s risk assessment process to ensure it properly identifies and manages risks. An effective risk assessment process lowers control risk and helps the auditor identify any business risks that could impact the financial statements, as well as any weaknesses in the internal control system.
  3. Monitoring of controls: The auditor evaluates how well the entity monitors its controls. Effective monitoring suggests that control activities will continue to function properly, which reduces the risk of material misstatement (RoMM). The auditor can then focus on key areas of risk.
  4. Information Systems and Communication: Auditors use inquiries, inspections, and observations to ensure these systems produce reliable financial data.
  5. Control activities: The auditor assesses whether these control activities, such as approvals or reconciliations, are effectively designed and operating as intended. If control activities are reliable, the auditor may reduce substantive testing in certain areas.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are walkthrough procedures?

A

Walkthrough procedures is where the auditor selects one or more transactions relating to a specific system and follows them through the system from initiation to settlement and reporting.

They help to corroborate their understanding of the information system with the entity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How are audit data analytics (ADA) used for process mining?

A
  • ADA helps auditors analyse 100% of transactions to understand key processes and visualises actual process flows recorded by the system, rather than relying on management’s description.
  • ADA then detects any deviations from expected processes.
  • Identifies missing controls and transactions without controls.
  • Helps assess compliance with control rules.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are tests of controls and what are the 3 steps in how they are performed?

A

Tests of controls: Audit procedures performed by the auditor to determine whether the control activities operated as documented throughout the period under review.

The auditor must perform three steps in relation to the entity’s control activities to determine whether they can be relied upon:

  1. Identify key controls: A key control is a control that mitigates the RoMM and that the auditor intends to rely on.
  2. Assess the design of key controls: the auditor considers whether the procedure would be effective in achieving its stated objectives.
  3. Test whether key controls operated effectively throughout the year: how well it works in practice.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What techniques can auditors use to test controls?

A
  1. Enquiring of staff to confirm the operation of a control activity
  2. Inspection of documents or evidence of management reviews
  3. Observing procedures and control activities being performed
  4. Re-performance of procedures and control activities by the auditor
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is a controls reliance approach in auditing?

A

When the auditor concludes that the controls are designed well and operating effectively, the extent of testing at the next stage can be reduced, and vice versa.

e.g.

  • Controls designed well and operated effectively throughout the year = controls reliance approach and low control risk
  • Controls are designed ineffectively or not operating correctly = No controls reliance and high control risk.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the management letter?

ISA 265

A

Management letter is where any significant deficiencies in a client’s accounting and internal control systems specifically are reported to those charged with governance and an appropriate level of management (unless circumstances deem it inappropriate) promptly and in writing.

As well as any other significant matters, such as misstatements or disagreements between the auditor and management.

Under ISA (UK) 265 Communicating Deficiencies in Internal Control to Those Charged With Governance and Management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the format of the information within the management letter under ISA UK 265 Communicating Deficiencies in Internal Control to Those Charged With Governance and Management?

A
  1. The issue. (e.g. control weakness)
  2. The effects or implications of that issue.
  3. A recommendation for management to resolve the issue.
17
Q

What are the main elements of the sales accounting information system?

A
  1. Sales order - raised by the client to record the receipt of an order from a customer.
  2. Goods Despatch note [GDN] - An internal document prepared by the warehouse.
  3. Sales invoice - Prepared by the finance department.
  4. Remittance advice - Sent by the customer with the payment.
  5. Credit note - Sales return issued by finance department.
18
Q

What are the different types of control activities in the sales accounting information system?

A

The risks will be closely linked to the objectives of the phase.

For example:
- Customer places order: “Orders are only accepted from credit-worthy customers” the risk would be that “Orders are accepted from customers who are not credit-worthy and, therefore, are unable to pay for the goods”.

  • Order fulfilled and despatched: Objective: Goods are only despatched for genuine orders. The risk would be that Goods are despatched where no order exists, in error or fraudulently
19
Q

What are the main elements of the purchase accounting information system?

A
  1. Purchase Requisition - internal document raised by the store and forwarded to the budget holder for approval.
  2. Purchase Order - prepared by the purchasing department with a copy sent to the supplier.
  3. Goods Received Note (GRN) - internal document completed by the warehouse upon receipt of goods.
  4. Supplier invoice - document sent by the supplier as a demand for payment.
  5. Remittance advice - sent to the supplier along with the payment to allow them to match the payment against the relevant invoice.
  6. Debit note (Purchase returns) - raised by the finance department when goods are returned to the supplier.
20
Q

What are the different types of control activities in the purchase accounting information system?

A

Purchase order - Risk: Staff order unnecessary items or items for personal use. Control: Purchase orders are matched to approved requisitions before being sent to supplier.

Order received - Risk: Excess or too few goods are received, or goods are received that are of poor quality. Control activity: Staff perform a quantity and quality check upon receipt of goods, with agreement to the purchase order.

Invoice received from the supplier - Risk: Invoices are accepted and recorded for goods not received from supplier. Control activity: Invoices are matched to GRNs before processing.

Payment made for goods - Risk: Staff can make payments into their own accounts or to accounts of friends. Control activity: Payments can only be authorised by senior officials who agree payments to invoices before processing.

21
Q

What are the main elements of the inventory accounting information systems?

A
  1. Goods Received Note (GRN)
  2. Inventory holding
  3. Inventory valuation
  4. Goods Despatched Note (GDN)
22
Q

What are the different types of control activities in the inventory accounting information systems?

A

Inventory movements: Control activities: All inventory movements are accompanied by an internal GRN and GDN which is sequentially numbered – regular exception reports are produced to identify gaps in the sequence.

Inventory holding: Control activities: CCTV cameras installed in the warehouse and inventory rooms.

Inventory valuation: Control activities: Warehouse manager regularly reviews the inventory listing for any unusual or unexpected costings.

23
Q

What are the different types of control activities in the fixed assets cycle?

A
  • When the fixed assets are delivered, the assets should be coded with a unique asset number.
  • A fixed asset register should be maintained with details of all assets held including: the unique asset number, cost, accumulated depreciation and useful lives description and location of the asset
  • The fixed assets register should be reconciled monthly to the nominal ledger and subject to review by the financial controller.
  • Ownership documents (for example, title deeds) should be kept in a secure place.
  • Accounting policies (for example, in relation to depreciation and revaluations) should be approved by the audit committee and the board.
  • Authorisation for significant fixed asset purchases should be completed by the board at their board meetings.
  • Asset disposal forms should be completed for any disposal/sale of a fixed asset, approved by senior officials and passed to the finance team for recording.
  • Fixed asset counts should be performed (like stock counts but for fixed assets).
24
Q

What are the main elements of the payroll system?

A
  1. Work done and time recorded - Timesheet
  2. Payroll liability calculated - HR master file for salary/hourly rate
  3. Payment of payroll liability - Payroll listing/Summary/Payslips
25
Q

What are the different types of control activities in the payroll system?

A

Work done and time recorded: Timesheets, including overtime, must be authorised by line manager before being processed by payroll

Calculation of payroll liability: Payroll is calculated either by software or by trained staff and is subject to review by the payroll manager

Payment of payroll liability: Payroll listing marked as ‘paid’ once payment made – the system will not allow payment to be processed twice

26
Q

What are the main elements of the system for monthly financial reporting?

A
  1. Month-end journals
  2. Month-end reconciliations
27
Q

What are the different types of control activities in the system for monthly financial reporting?

A

Month-end journals:
Risk: Required journal entries are omitted.
Control activities:
- Checklist of all journals to be processed are assigned out and checked off the list with a review to ensure all are processed.
- Journal entries should be reviewed by management and then approved.
- Financial controller should review all journals and identify unusual transactions.

Month-end reconciliations
Risk: Necessary reconciliations fail to be completed
Control activities: Maintain a formal checklist and timetable of reconciliations to be performed and completed, with the checklist regularly reviewed for completeness

28
Q

What is internal audit?

A

IA is an independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations by evaluating and improving the effectiveness of risk management, control and governance processes.

29
Q

What is the purpose, scope and composition of an internal audit function?

A

Purpose:
- Existing internal controls and risk management systems are adequate and effective,
- Compliance with the laws, regulations and policies of the management is taking place,
- Assets of the entity are safeguarded,
- Operations are efficient and effective in achieving the organisational objectives

Scope:
- Examination and evaluation of the adequacy and effectiveness of the internal control systems of the entity and contributing to the improvement of risk management and control systems
- Conducting special investigations, for example, into suspected fraud

Composition:
- Internal auditors are independent of the various operational parts of the company, to allow them to perform unbiased checks of the performance of the company.
- They should report to the audit committee if there is one, or the board if not.

30
Q

Why is internal audit needed?

A

To gain assurance that the management and controls of the organisation are robust. (Internal auditors report to the NED’s on the audit committee which gives them assurance of management running the day-to-day operations)

31
Q

What are the types of work undertaken by internal audit?

A
  • Financial Audit;
  • Systems Audit;
  • Management Audit;
  • Value for Money Audit;
  • Contract Audit;
  • Operational Audit;
  • Post-implementation Review;
  • Investigations;
  • Inspection and Quality Control;
  • Compliance Audit;
  • Follow-up Audit;
  • Culture Audit; or
  • Environmental, Social and Governance Reviews
32
Q

What are the characteristics of an effective internal audit function?

A
  • Independent of the activities they examine
  • Sufficiently competent individuals with suitable qualifications/exp.
  • Good standing so they are respected function
  • Adhering to internal auditing standards
  • Reports to the audit committee (which has NED’s)
  • Clear internal audit programme of the reviews to be done throughout the year.

ASR (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions