C. Internal controls Flashcards

Question 1

Q

what is the definition of internal controls?

Answer

A

whole system of controls, financial and otherwise, established by the management in order to carry out the business of the enterprise in an orderly and efficient manner, ensure adherence to management policies, safeguard the assets, prevent and detect fraud and error, and secure as far as possible the completeness and accuracy of the records

a system for management to control certain risks and therefore help businesses achieve their objectives

Question 2

Q

who is responsible for internal control?

Answer

A

the board of directors

employees have some responsibility

Question 3

Q

what are the elements of a sound system of internal control according to the Turnbull Report?

Answer

A

an internal control system encompasses the policies, processes, tasks, behaviours and other aspects of a company that, taken together:

facilitate its effective and efficient operation by enabling it to respond appropriately to significant risks
help ensure the quality of internal and external reporting
help ensure compliance with applicable laws and regulations

the system of internal control will include:

control activities
information and communications processes
processes for monitoring the continuing effectiveness of the system

the system of internal control should:

be embedded within operations
be able to respond to changing risks
include procedures for reporting failings or weaknesses

Question 4

Q

according to the Turnbull report, does a sound system of internal control eliminate human error?

Answer

A

no, reduces but cannot eliminate the possibility of poor judgement in decision making, human error

can be deliberately circumvented and occurrence of unforeseeable circumstances

reasonable but not absolute assurance

Question 5

Q

what is COSO?

Answer

A

Committee of Sponsoring Organisations

Question 6

Q

what are the 5 elements of COSO?

Answer

A

CONTROL ENVIRONMENT
-management’s attitude, actions and awareness of the need for internal controls -tone from the top

RISK ASSESSMENT

need to identify and assess risks in respect of established objectives
assessment should consider internal and external factors and distinguish between controllable and uncontrollable risks

CONTROL ACTIVITIES = internal control
-after identification, actual specific control actives can be undertaken to reduce those risks

INFORMATION AND COMMUNICATION
-to operate the internal controls, they need quality information

MONITORING

if system not monitored it will be very difficult to assess whether it is out of control and needs amendment
this element of an internal control system is associated with internal audit, as well as general supervision

Question 7

Q

how can management try to summarise their commitment to controls?

Answer

A

behave with integrity and ethics
maintain an appropriate culture in the organisation
set up a a good structure
set proper authorisation limits
employ appropriately qualified staff and conduct staff training

Question 8

Q

what are typical control activity processes?

Answer

A

having a defined organisation structure
having contracts of employment
establishing policies
setting up a suitable discipline and reward system
ensuring a system of performance appraisal and feedback

Question 9

Q

what does the Institute of Internal Auditors define the control environment as?

Answer

A

the attitude and actions of the board and management regarding the significance of control within the organisation

provides discipline and structure for the achievement of the primary objectives of the system of internal control

MOST IMPORTANT

Question 10

Q

what are the principles that underpin the control environment component?

Answer

A

the organisation shows a commitment to ethical values
the board has appropriate expertise and oversee the five competencies
management must establish an appropriate organisational structure to help achievement of the objectives
human resource policies and practices to help attract, develop and retain suitable talent
accountability of employees for their areas of responsibility

Question 11

Q

what are the internal factors to consider during COSO risk assessment?

Answer

A

e.g. complexity of the organisation, organisational changes, staff turnover levels and the quality of staff

Question 12

Q

what are the external factors to consider during COSO risk assessment?

Answer

A

changes in the industry and economic conditions, tech changes

Question 13

Q

what are the principles that underpin the risk assessment component of COSO?

Answer

A

clear objectives to allow risk assessment and identification
that risk identification and analysis does take place across the entity
the potential for fraud arising in pursuit of the stated objectives must be considered
the internal controls system must be reviewed for changes in the external environment

Question 14

Q

what are control activities?

Answer

A

policies and procedures that ensure that the decisions and instructions of management are carried out

e.g. authorisations, verifications, reconciliations, approvals

Question 15

Q

what are the principles that underpin the control activities component?

Answer

A

select appropriate controls to mitigate the risks to the achievement of objectives
specifically controls over technology are included
policies and procedures establish how the controls are implements

Question 16

Q

what are the 4 COSO categories of objective setting?

Answer

A

strategic, operational, reporting and compliance

Question 17

Q

what are the 3 operational features of a sound internal control system from the Turnbull guidance?

Answer

A

embedded within operations and not treated as a separate exercise

able to respond to changing risks within and outside the company

includes procedures for reporting control failings or weaknesses

Question 18

Q

what are some examples of details of controls?

Answer

A

SOAPSPAM

SEGREGATION OF DUTIES:authorisation, handling asset and recording transaction for purchase cycles
PHYSICAL CONTROLS:e.g. safe, inventory checks
AUTHORISATION AND APPROVAL
MANAGEMENT CONTROL:top level reviews and activity controls
SUPERVISION
ORGANISATIONAL STRUCTURE
ARITHMETIC AND ACCOUNTING:double checking
PERSONNEL CONTROLS: training, induction, selection

Question 19

Q

what 3 broad categories could controls be classified as?

Answer

A

financial controls
non-financial quantitative controls
non-financial qualitative controls

Question 20

Q

what are financial controls?

Answer

A

controls express financial targets and spending limits

e.g. budgetary control, control over sales, purchases, payroll and inventory cycles

Question 21

Q

what are the objectives of controls in the sales cycle?

Answer

A

sales are made to valid customers
sales are recoded accurately
all sales are recorded
cash is collected within a reasonable period

Question 22

Q

what are the objectives of controls for bank and cash?

Answer

A

cash balances are safeguarded
cash balances are kept to a minimum
money can only be extracted from bank accounts for authorised purposes

Question 23

Q

what might controls over human resources include?

Answer

A

recruitment policies including the completion of an application form and the checking of relevant qualifications
references being taken up prior to appointment
continuous training
eligibility to work in the country
contract of employment

Question 24

Q

what are some examples of controls over the distribution department?

Answer

A

HR controls
signed goods received and goods despatches notes
regular inventory counts
monitored CCTV cameras around the distribution depot
security guards at exits
bag searches when staff leave their shift

Question 25

Q

what are non-financial quantitative controls?

Answer

A

controls focus on targets against which performance can be measured and monitored

e.g. balances scorecard targets and TQM quality measures

feedback loop essential

Question 26

Q

what is the feedback loop in non-quantitative controls?

Answer

A

performance target
actual result recorded
compared with target
control action taken

Question 27

Q

what are non-financial qualitative controls?

Answer

A

these form day-to-day controls over most employees in organisations

e.g. employee training, management control methods, physical controls. project management

Question 28

Q

what is the Bribery Act?

Answer

A

non financial control

1st July 2011 in the UK

bring UK in line with international norms on anti-corruption legislation

offences:

give or receive a bribe
failing to prevent a bribe

prosecuted by the Serious Fraud Office

can prosecute both domestic and foreign companies with UK presence

could face 10 years in prison and unlimited fine

Question 29

Q

What are the steps to developing an adequate control system?

Answer

A

ascertain the objectives
research regarding the current systems
research new controls
implement new controls

Question 30

Q

what are the costs of an internal control system?

Answer

A

time of management involved in the design of the system

implementation:

costs of IT consultants to implement new software
training all staff in new procedures

maintenance of system:

software upgrades
monitoring and review

Question 31

Q

what are the benefits of an internal control system?

Answer

A

reduction of the risks and achievement of business objectives

Question 32

Q

what are the limitations of internal control systems?

Answer

A

over-reliance on any system
can’t turn a poor manager into a good one
at risk from mistakes and errors
can be by-passed by collusion and management override
controls are only designed to cope with routine transactions and events
resource constraints in provision of internal control systems, limiting their effectiveness

Question 33

Q

what is fraud?

Answer

A

dishonestly obtaining an advantage, avoiding an obligation or causing a loss to another party

intentional act

Question 34

Q

what are some examples of fraud?

Answer

A

theft of cash
employee fraud against employers
crimes against investors, consumers and employees:expense claims
crimes against financial institutions:fraudulent insurance claims
crimes against government:benefits fraud, tax evasion
crimes by professional criminals : money laundering
e-crime by people using computers e.g. spamming, copyright crimes

Question 35

Q

what are the prerequisites for fraud?

Answer

A

dishonesty on the part of the perpetrator
opportunity for fraud to occur
motive for fraud

Question 36

Q

what 2 categories for fraud indicators fall into?

Answer

A

warning signs

fraud alerts

Question 37

Q

what are warning signs of fraud?

Answer

A

organisational indicators of fraud risk

absence of anti-fraud policy and culture
inadequate recruitment processes and absence of screening
dissatisfied employees who have access to desirable assets
poor physical security of assets
rapid changes in information technology

Question 38

Q

what are fraud alerts?

Answer

A

specific events or red flags, which may be indicative of fraud

anonymous emails
emails sent at odd times
discrepancy between earnings and lifestyle
unusual behaviour
alteration of docs
subsidiary ledgers which don’t reconcile
inappropriate use of journals

Question 39

Q

what are the 3 key elements of a fraud management strategy?

Answer

A

prevention
detection
response

together they result in fraud deterrence

Question 40

Q

what are some methods of fraud prevention?

Answer

A

anti-fraud culture
risk awareness
whistleblowing
sound internal control systems

WARS

Question 41

Q

how can you apply the COSO model to fraud prevention

Answer

A

control environment: management show active interest in prevention and detection

risk recognition and assessment:identify risk areas, activities where risk might be high e.g. cash handling, assess risk

control activities and procedures:

information:monitoring and reporting:info to the top so they can manage and investigate, revise controls

iterative process

Question 42

Q

what are some examples of fraud detection?

Answer

A

performing regular checks

warning signals/fraud risk indicators:

failures in internal control procedures
lack of information provided to auditors
unusual behaviour by individual staff members
accounting difficulties

whistleblowers

Question 43

Q

how are most frauds discovered?

Answer

A

accidentally

as a result of information received (whistleblowing)

Question 44

Q

what are some examples of fraud response?

Answer

A

response plan:

internal disciplinary action
civil litigation
criminal prosecution
responsibliities

Question 45

Q

what is the purpose of internal auditors investigating fraud ?

Answer

A

establish the facts
establish how the fraud occurred and initially went undetected
consider whether anyone else might have been involved in the fraud
establish or estimate the size of the loss

Question 46

Q

what recommendations might an auditor give in light of fraud findings?

Answer

A

existing internal controls are not sufficient to limit risk so introduce stronger controls
existing internal controls are sufficient to limit risk but applied inadequately or were ignored in the past

Question 47

Q

what is the definition of an internal audit?

Answer

A

independent appraisal activity established within an organisation as a service to it. It is a control which functions by examining and evaluating the adequacy and effectiveness of other controls

Question 48

Q

what is the context of an internal audit in the Turnbull report as a management review of controls?

Answer

A

integral part of management’s role
identification, evaluation and management of all key risks facing the organisation
effectiveness of internal control- financial, operational, compliance and risk management controls
communication of risk objectives
action to be taken if weakness found

Question 49

Q

Risk management vs internal audit: what is being tested?

Answer

A

internal audit: testing and evaluating controls

RM: own entire risk management process

Question 50

Q

Risk management vs internal audit: what is the key activity?

Answer

A

IA: special investigations as directed by mgmt
RM: maintain risk register

Question 51

Q

Risk management vs internal audit: what support would the ream provide?

Answer

A

IA: support and assist senior mgmt in projects, some outside risk mgmt arena

RM: lead in developing risk response strategy

Question 52

Q

Risk management vs internal audit: what is the end result?

Answer

A

IA: contribute to risk identification
RM: provide training and development in risk management matters

Question 53

Q

who are the 3 different parties involved in the process review of internal audit?

Answer

A

risk management
managers
auditors

Question 54

Q

what factors affect the need for an internal audit department?

Answer

A

the scale, diversity and complexity of the company’s activities
the number of employees
cost/benefit considerations
changes in the organisational structures, reporting processes or underlying information systems
changes in key risks could be internal or external in nature
problems with existing internal control systems
an increased number of unexplained or unacceptable events

Question 55

Q

how does the scale, diversity and complexity of the company’s activities affect the need for internal audit?

Answer

A

larger, more diverse and the more complex a range of activities is, the more there is to monitor

Question 56

Q

how does the number of employees affect the need for internal audit?

Answer

A

as a proxy for size, no/ employees signifies that larger organisations are more likely to need internal audit to underpin investor confidence than smaller concerns

Question 57

Q

how does the cost/benefit considerations the need for internal audit?

Answer

A

must be sure benefits outweigh costs

Question 58

Q

how does the changes in the organisational structures, reporting processes or underlying information systems affect the need for internal audit?

Answer

A

any internal (or external) modification is capable of changing the complexity of operations and, accordingly, the risk

Question 59

Q

how does the changes in key risks could be internal or external in nature affect the need for internal audit?

Answer

A

the introduction of a new product, entering a new market, a change in any of the PESt/PESYEL factors or changes in the industry might trigger the need for internal audit

Question 60

Q

how does the problems with existing internal control systems affect the need for internal audit?

Answer

A

any problems with existing systems clearly signify the need for a tightening of systems and increased monitoring

Question 61

Q

how does the an increased number of unexplained or unacceptable events affect the need for internal audit?

Answer

A

system failures or similar events are a clear demonstration of internal control weakness

Question 62

Q

what are the expectations of an internal audit?

Answer

A

formal plan of all audit work that is reviewed by the head of audit and the board/audit committee
the audit plans should be reviewed at least annually
each engagement should be conducted appropriately
progress of the audit should be monitored by head of internal audit

Question 63

Q

What are the IASB standards for internal audit work?

Answer

A

attribute standards:characteristics of org and the parties performing internal auditing activities
performance standards:nature of auditing activities and quality criteria

Question 64

Q

what are the attribute standards of internal audit?

Answer

A

INDEPENDENCE:free from interference
OBJECTIVITY: no bias, conflict of interest
PROFESSIONAL CARE:knowledge of the key IT risks and controls

Answer 65

A

MANAGING INTERNAL AUDIT

head should manage the internal audit
establish risk-based plans to decide the priorities
plans reviewed at least annually and submitted for board approval

RISK MANAGEMENT
-identify and evaluate significant risk exposures and contribute to the improvement of risk management and control systems

CONTROL
-help maintain control system by evaluating the effectiveness and efficiency of controls, and by promoting continuous improvement

GOVERNANCE
-assess the corporate governance process and make recommendations

INTERNAL AUDIT WORK

identify, analyse, evaluate and record sufficient information to achieve the objectives of the engagement
conclusions should be based on suitable analysis and evaluation

COMMUNICATING RESULTS
-communicate the results of their engagement, including conclusions, recommendations and action plans

Answer 66

A

internal auditors should be independent of exec management
head of internal audit should report directly to a senior director
head of IA should have direct access to the chairman and the audit committee
accountable to the A committee
could outsource internal audit function

Answer 67

A

greater focus on COST and EFFICIENCY of the internal audit function
staff may be drawn from a broader range of expertise
RISK of staff turnover is passed to the outsourcing firm
SPECIALIST skills may be more readily available
COSTS of employing permanent staff are avoided
may improve INDEPENDENCE
access to new market place TECHNOLOGIES
REDUCED MANAGEMENT TIME in administering an in-house department

Answer 68

A

possible CONFLICT OF INTEREST if provided by the external auditors
pressure on the INDEPENDENCE of the outsourced function
risk of LACK OF KNOWLEDGE and understanding of the organisation
the decision may be based on cost with the EFFECTIVENESS of the function being reduced
FLEXIBILITY and AVAILABILITY may not be as high as with as in-house function
LACK OF CONTROL over standard of service
risk of BLURRING OF ROLES between internal and external audit

Answer 69

A

controls over acceptance of internal audit contracts to ensure no impact on independence or ethical issues
regular reviews of the quality of audit work performed
separate departments covering internal and external audit
clearly agreed scope, responsibilities and reporting lines
performance measures, management information and risk reporting
procedure manuals for internal audit

Answer 70

A

by comparing actual costs and output against a target, such as:

the cost per internal audit day
the cost per audit report
the number of audit reports produced

Answer 71

A

identifying evidence of improvements in internal control

Answer 72

A

EXEC SUMMARY

main objectives
scope of audit
work performed in brief
results

SCOPE
-detail methodology

OBSERVATIONS and RECOMMENDATIONS

testing observations
what to put in place

RECS GRADED BY IMPORTANCE
-difference levels

STATEMENT OF RESPONSIBILITY

detail Auditing Standards
sign off from auditor

Answer 73

A

EA: statute, for limited companies

IAL directors and shareholders, usually in larger organisations

Answer 74

A

EA:shareholders or directors

IA:directors, via the Chief Internal Auditor

Answer 75

A

EA:shareholder (primary duty) and management (professional responsibility)
IA:directors, via the CIA

Answer 76

A

EA:financial statements
IA:internal controls mainly

Answer 77

A

EA:true and fair view and proper presentation
IA: adequacy of ICS and a contribution to the EEE use of resources

Answer 78

A

EA:unlimited, to fulfil statutory obligation
IA:prescribed by directors

Answer 79

A

external auditors should take into account the following when planning their audit:

STATUS of internal audit within organisation
SCOPE of internal audit function
whether management ACT on recs of internal audit
technical COMPETENCE of internal auditors
OBJECTIVES of internal audit
due PROFESSIONAL CARE demonstrated in internal audit work

Answer 80

A

auditor produces letter that usually includes a list of ‘issues’ that the auditor came across during the course of his audit work

table of:

issues concerning the auditor i.e control that can be improved
recommendations to implement or improve the controls

Answer 81

A

implement control
improve control

within a time frame then revisited

management must respond to auditor’s queries

Answer 82

A

the external auditor
-purpose is to identify material misstatements in the financial statements in order to ensure that they give a true and fair view

have no responsibility for immaterial frauds
if identifies, will be reported to internal audit/directors

Answer 83

A

no, company is responsible

it is their duty to report a fraud if during the course of their work they identify fraudulent activities

Answer 84

A

1) ascertaining the facts of the fraudulent activity
2) gathering evidence of the crime-documentary, interviews with witnesses, observational
3) corroborating the evidence
4) consider whether you have the right of access to the evidence you require. Many cases have been thrown out of court because evidence has been inappropriately obtained
5) maintaining confidentiality so that the perpetrator doesn’t realise that are being investigated
6) consider the cost of the investigation versus the value of the fraud, although ethically all frauds should be stopped
7) consider the loss of reputation if the fraud becomes public

Answer 85

A

check the implementation of written rules, regulations and procedures
used originally for financial transactions, because the government (tax authorities) needed assurance that the financial figures were correct
concept of compliance has been extended to other areas, such as regulatory inspections and quality audits, where there is a requirement to verify that activities are being performed in strict compliance with approved standards and procedures

Answer 86

A

involved checking of a sample of transactions against documentary evidence
can be used where controls are weak or where transactions are high risk

Answer 87

A

a systems audit in which the auditors use their judgement to decide on the level of risk that exists in different areas of the system, and to plan their audit tests so that more effort is directed towards the most risky areas
less time and effort is spent on elements of the system that are relatively ‘safe’

Answer 88

A

systematic investigation to establish whether quality objectives are being met
quality audit might look into the system for setting quality standards, the relevance of those standards, the system for comparing actual performance against the quality standards and whether the quality controls work effectively

Answer 89

A

independent appraisal of the measure of success of a project
cover the project throughout its lifecycle from the planning and implementation stages through to performance after commissioning
review should take place at some time after the project or precess has been completed or is being used
provide feedback on success of a project
acts as a learning tool

Answer 90

A

internal audit, as long as they weren’t involved in the original design of the project itself

judge based on quality, time and cost

Answer 91

A

whether proper arrangements have been made for securing economy, efficiency and effectiveness in the use of resources

achieving VFM is manager’s responsibility
commonly associated with public sector jobs

Answer 92

A

ECONOMY:obtaining the required resources at the lowest cost
EFFICIENCY:using the minimum quantity of resources to achieve a given quantity and quality of output
EFFECTIVENESS: when the output from a system achieves its intended aims and objectives

Answer 93

A

difficult to measure outputs, esp for govt e.g. education
objectives of the activity might be difficult to establish
focus must be either on economy and efficiency OR on effectiveness as cost and quality interlinked
quality might be ignored when economy and efficiency are measured

Answer 94

A

evaluation of how well the company is safeguarding the environment and meeting regulatory requirements

-‘accounting’ trained auditor could be asked to perform one of these auditors but unlikely to have skillset

Answer 95

A

looks at the company’s contribution to society and the community
-could confirm statements made by the directors or make recommendations for social policies that the company should perform

contributions could be made through:

donations
sponsorship
employment practices
education
health and safety
ethical investments

Answer 96

A

sustainability
targets achieved
compliance with regulations
emissions
industrial legacies
obtaining ISO 14001 (environmental management systems)

-included in the annual report

Answer 97

A

internal audit then verified by external auditors/assessors

Answer 98

A

an objective and independent appraisal of the effectiveness of managers and the corporate structure in the achievement of the entities’ objectives and policies

aim: identify existing and potential management weakness and recommend ways to rectify them
- this type of audit would require the use of very experiences staff who understand the nature of the business

Answer 99

A

re-focusing resources towards ‘mission-critical’ objectives
improving efficiency
improving the effectiveness of management support tools
assessing the appropriate levels of service for an activity or operation
identifying cost savings
identifying opportunities to enhance revenue
improvements in governance

Answer 100

A

review of policies and procedures
general review of workloads, work methods and work flows
evaluation of systems and processes
review of management practices
review of resource utilisation
detailed cost analysis

Answer 101

A

lack of technical competence or knowledge of the business amongst managers, and insufficient management training
an unwillingness to delegate
regular failure to achieve standards or targets
inadequate management ISs
poor communications within or between departments
poor management/staff relationships
an absences of clear leaderships
an absence of clear leadership
a failure by management to make good decisions

Answer 102

A

audit of internal controls within an organisation

associated with the audit of accounting systems
identify weaknesses int he system

Answer 103

A

Identify the objective of each system
identify the procedures
identify why the system might not meet its objectives
identify ways to manage the above
identify if current controls are adequate
report on the above

Answer 104

A

agree the objectives of the audit
plan the audit
find out about systems and controls
confirm the operation of the system
assess if controls are adequate

Answer 105

A

test compliance with controls

test application of controls

Answer 106

A

review, report and recommend

Answer 107

A

one for each financial year, in which the internal auditors set out which activities or operations they will audit and the purpose of the audit

Answer 108

A

OBJECTIVES of the audit
-e.g. check internal controls are adequate

CONDUCT OF THE AUDIT

need to decide what information to collect
decisions have to be made about
-how to collect and record evidence
-how much evidence to collect

RESOURCES and TIMING
-auditors should assess how much time and effort will be required to carry out the audit and schedule the work accordingly

Answer 109

A

most audits carried out using this approach
auditor assesses whereabout of the key risks and then concentrates audit efforts on these key risks
more efficient and effective at achieving its objectives

Answer 110

A

benchmarking:comparing one’s business processes to best practice from other industries

Answer 111

A

focuses on observation and investigation on business processes with a goal of identifying and observing the best practices from one or more benchmarked firms

-common in back-office processes where outsourcing is a consideration

Answer 112

A

designing new products or upgrades to current ones

can involve reverse engineering which involves taking apart competitors products to assess wekaness/strengths

Answer 113

A

focus its benchmarking on a single function e.g. production

unlikely to be complex function as hard to compare in cost and efficiency terms

Answer 114

A

involves studying the leading competitor or the company that best carried out a specific function

Answer 115

A

process of collecting, analysing and relating environmental performance data of the comparable activities with the purpose of evaluating and comparing performance between or within the entities

entities can include processes, buildings or companies

could be internal within organisation departments or eternal between competing entities

Answer 116

A

performing ratio analysis:profit, liquidity, return, efficiency
spot anomalies
spot risks
investigate these

Answer 117

A

inherent risk
control risk
detection risk

Answer 118

A

risk of the activity or operation, ignoring the controls in the system

related to both severity and the incidence of the risk

Answer 119

A

size of the operations unit
size of the expenditure budget
the nature of the assets used or handles
the extent to which procedures are computerised

Answer 120

A

perceived quality of the existing controls for the activity

Answer 121

A

the apparent effectiveness of management and supervision
pressures on management to achieve targets
changes in the system activities and procedures
changes in key personnel
a high staff turnover
rapid expansion in operations and the volume of transactions handles
length of times since last audit: confidence diminished over time

Answer 122

A

priority for audit are those where the inherent risk is high and the quality of control is low

Answer 123

A

risk that the existing controls are not sufficient to prevent or detect a material misstatement

Answer 124

A

risk that the auditors’ substantive tests will not reveal a materially incorrect amount in the financial statements, if such an error exists

Answer 125

A

commission or misstatement of its value would be likely to influence a user of the financial statement

has a quantitative and qualitative component
considered in relative terms

Answer 126

A

flowcharts
-examined or created

interviews/questionnaires

describe how they use it
can see inefficiencies

systems documentation

find documentation of the system
best for computerised systems
lease well understood by users

observation
-the operation of the system can be observed

Answer 127

A

could use standard control questionnaires

structures so as they identify all key internal controls
enable the auditor to assess the quality of the controls

Answer 128

A

sequence of activities and checks within an operation or procedure
which individuals carry out each procedure or check

Answer 129

A

more often effective at presenting information in an understandable form than a narrative description
if there are weaknesses in the controls within an operation, these might be easier to identify by studying a flowchart

Answer 130

A

list of questions used to gather info

ideally yes or no
leave room to expand

help the auditor both to:

establish the facts
identify potential control weaknesses

Answer 131

A

compliance testing
substantive testing
analytical review

Answer 132

A

test of controls

ensure they operate correctly
spot any material weaknesses

Answer 133

A

whether:

controls are effective
controls are ineffective in practs

Answer 134

A

test of balances or transactions

concentrate on output coming out as expected
associated with finance systems

Answer 135

A

confirm that the controls are effective

- where the controls are ineffective, to establish the apparent consequences

Answer 136

A

use:

analyse
reconcile
observe
monitor
sample

avoid:
-check

Answer 137

A

examination of ratios, trends and changes in balances

investigate causes of abnormalities

Answer 138

A

testing a proportion to gain assurance about the population as a whole

Answer 139

A

application of audit procedures to less than 100% of the items within an account balance or class of transactions to obtain and evaluate evidence about some characteristic of the items selected in order to forma conclusion on the population

Answer 140

A

sampling risks: different to result if whole population tested

non-sampling risk:may use inappropriate methods or misinterpret evidence that the test results give so fail to recognise an error (avoidable)

Answer 141

A

can be used at planning ,substantive testing and overall review stages of an audit

Answer 142

A

profitability: GPM, net profit
efficiency: receivables, inventory, payable days
liquidity: current ratio, quick ratio, gearing
return: ROCE, ROE

Answer 143

A

identify risks
help decide the level of testing
decide nature and timing

Answer 144

A

procedures are used to conclude whether the area being tested is consistent with the auditors’ knowledge of the business entity and the expected results

Answer 145

A

when there have been lots of one-off events in the year as there is nothing to compare them with

Answer 146

A

can help create an expectation if operations are significantly different from before and more so if the changes haven’t been planned for

Answer 147

A

objectives of the audit work
summary of the process undertaken by the auditor
results of tests carried out
audit opinion (should be cost effective and practical)
recommendations for action

Answer 148

A

the recommendation is not worthwhile

Answer 149

A

head of internal audit meets head of department
head will discuss points raised
can make their own arguments

Answer 150

A

after discussing with manager of department, submit report for review within internal audit and then send to audit committee

remains confidential within organisation

Answer 151

A

check whether the system is achieving its intended objectives
in the case of accounting systems, to check that the information produced by the system is reliable

Answer 152

A

lack of primary records
encoded date
loss of audit trail
overwriting of data
program controls
concentration of controls in the IT department

Answer 153

A

in large computer systems, many of the controls over data are concentrated int he central IT department

can be a potential weakness in the control system, if users are not aware of an accidental or deliberate corruption of data or programs

Answer 154

A

document originating a transaction might not be creates

e.g. telephone order keyed in, call cant be traced

Answer 155

A

risk of error in input details so effectiveness of program controls, such as data validation checks, to prevent the acceptance of incorrect data by the system, especially changes to standing data on a master file

Answer 156

A

should be evidence during processing of transaction in accounting system

in manual system, evidence provided by hard copy

computer systems minimise paper so no hard copy originals

Answer 157

A

when data are stored on a magnetic file, the file will eventually be overwritten with new data

if auditor needs some of the data to carry out tests, it will be necessary to take steps to make the data available

the auditor might therefore need to take copies of data files during the course of the year, and retain them for audit purposes

Answer 158

A

the auditor has to test the controls in the computer system on which they intend to rely.

This means that testing the controls written into the computer programs

to do this, it will be necessary to use computer-assisted audit techniques

Answer 159

A

no one-off errors unless deliberate amendment of individual items
systematic errors which repeat across all transactions
higher danger that input errors will not be detected

Answer 160

A

through the computer

- round the computer

Answer 161

A

the auditor does not attempt to understand the operation of the computer system, but rather treats it as a ‘black box’

to audit the system, the auditor matches up inputs to predicted outputs to ensure that the outputs are being processed correctly

Answer 162

A

does not require high level of expertise of IT in the audit teams

Answer 163

A

computer processing is relatively simple
audit trail is clearly visible
substantial amount of up-to-date documentation exists about how the system works

Answer 164

A

computer files and programs are not tested, hence there is no direct evidence that program is working as documented
errors are found it may be impossible to determine why they have happened
all discrepancies between predicted and actual results must be fully resolved and documented no matter how small

Answer 165

A

interrogates the computer files and computer controls and relies much more on the processes that the computer uses

auditor follows the audit trail through the internal computer operations and attempts to verify that the processing controls are functioning correctly

controls are directly tested and the accuracy of computer based processing of input data is verified

utilises different CAATs

Answer 166

A

requires more expertise and a longer set up time but of a very good quality

Answer 167

A

computer-assisted audit techniques are methods of using a computer to carry out an audit of a computer system

Answer 168

A

audit software, such as audit interrogation software

test data

Answer 169

A

consists of computer programs used by auditors to interrogate the files of a client

normally the client’s data files are input into the audit software program on the auditors’ computer and the auditor can then test those files

Answer 170

A

extract a sample according to specified criteria
calculate ratios and select those outside the criteria
check calculations
prepare reports
produce letters to send out to customers /suppliers
follow items through a computerised system
search for underlying relationships and check for fraud

Answer 171

A

read computer files
select information
perform calculations
create data files
print reports in a format specified by the auditor

Answer 172

A

enables large volumes of data to be process very quickly and accurately

can take a long time to set up the systems with the client data and it will require expertise

Answer 173

A

comparing the home addresses of employees with the addresses of suppliers, to identify employees who are also suppliers
searching for duplicate cheque numbers
analysing the sequence of transactions to identify missing invoices or cheques
identifying suppliers with more than one supplier code or mode than one mailing address
finding several suppliers all with the same address
listing payments for transactions that fall just within the spending authorisation limit of the individual who has authorised the payment

Answer 174

A

force auditor to rely on programmed controls during the audit, only way to test controls
large number of items can be tested quickly and accurately
test original documentation instead of print outs, therefore the authenticity of the document is more valid this way
after initial set-up costs, using CAATs are likely to be cost-effective, as the same audit software can be used each year as long as the system doesn’t change
allow the results from using CAATs to be compared with ‘traditional’ testing

Answer 175

A

will be limited depending on how well the computer system is integrated. More integration, the better use of CAAT [ensure understanding of system to assess whether audit software is relevant]
takes time to design CAATs tests therefore may not be cost-effective if the auditor is dealing with a bespoke system, as there may be a lot of set-up costs [CBA analysis of audit software]
if the company you are auditing cannot confirm all system documentation is available, the the auditors will be unable to perform the tests effectively due to lack of understanding [do not use audit software until these have been identified]
if there is a change in the accounting year, or from the previous year, then the audit software will have to be reset and designed, therefore may be costly[CBA from audit point of view should be carried out prior to deciding to use the audit software]

Answer 176

A

written into a program, particularly in on-line/real-time systems.

carry out automatic checks or provide information for subsequent audit

Answer 177

A

extracting and storing information for subsequent audit review, with sufficient details to give the auditor a proper audit trail
identifying and recording items that are of some particular audit interest, as specified by the auditor

Answer 178

A

can be used by inputting the data into the system and checking whether it is processed correctly

expected results can be calculated in advance, and checked against the actual output from the system

auditors might include some invalid data in the tests, which the system should reject

Answer 179

A

only if the auditor is intending to do a ‘test of controls’ audit, and it must be considered cost effective

Answer 180

A

test data are processed during a normal production run

Answer 181

A

test data are processed outside the normal cycle

Answer 182

A

1) gain a thorough understanding of how the system being tested is supposed to work and controls that are included in it
2) devise the test data set. This should be a set of data containing both valid and invalid items. The controls in the system should identify the invalid items
3) Run the test data. This can be ‘live’ or ‘dead’
4) evaluate the results. It is important that the auditor fully evaluates the results of the test data and does further work if unexpected results occur

Answer 183

A

live data is more reliable but more risky

Answer 184

A

damage to the system as the system is tested to its limits [ensure auditors understand the system and have software support]
corruption of the systems data if test data are not properly removed [ensure process for data removal]
system down time if ‘dead’ data used [establish when system can be used with minimum disruption to the business]

Answer 185

A

input order that would exceed client limit:should pop up query asking if you wish to proceed
input negative number of items on an order:should flag up negative number
input incomplete customer details:system should not process order unless all information is completed
inout an excessive amount:there are reasonable checks in the system to identify possible input errors

Answer 186

A

raise an order from a supplier not on list:query should be raised about whether to proceed
process an order with an unauthorised staff ID:system should reject the process altogether or send the request through to an appropriate person for authorisation
try and make changes to the supplier standing data using the ID of someone who is not authorised to do so:system should reject the process altogether or send the request through to an appropriate person for authorisation

Answer 187

A

try and set up a new employee up on the payroll system using an unauthorised ID:system should reject the process altogether or sent the request through to the appropriate person for authorisation
try and make employee change of details sing an unauthorised ID: system should reject the process altogether or send the request through to an appropriate person for authorisation
make an excess change e.g. salary change:system should have parameters in place to question this amount, and maybe reject it due to it being outside the normal range

Brainscape's Knowledge GenomeTM

C. Internal controls Flashcards

Brainscape's Knowledge Genome^TM