Ch 7 (Textbook) Flashcards
what is an internal control
systems in a company that help
1) acheive reliabile financial reporting
2) help operate effectively and efficiently
3) comply with laws and regulations
2 types of internal controls
1) preventative: stop smthg management does not want to happen
2) detective: which indicate when smthg manaement does not want to happen has occurred
5 componenets of good internal control systems
1) control environment: management needs to set the tone at the top! reaffirm ethics and integrity
2) risk assessment: management must identify what creates risk and how to mitigate it
3) control aciivities: policies and procedures to adress the risks
4) interal control system must caputre and communicate all relevant info to the appropriate users
5) monitoring activities: control systems should be monitored periodically
under the control actitvies in the control system, what are the 5 control activities
1) assignment of responsibility
2) segregation of duties
3) documentation
4) physical controls
5) review and reconciliation
what is assignment of responsibility (Control activity)
specific employees are accountable for specific tasks
best when only one employee/level of employee is allowed t odo something
what is segregation of duties (Control activity)
a single employee CAN NOT authorize transactions, record them, and have custody of the related assets
this increased the chance of fraud
ex in seg. of duties, what are some tasks that should be separated? IN A purchasing SCENARIO
1) ordering goods and services
2) approving the order
3) recieving the goods
4) authorizing payment for the good/service
Ex of segregated duties in a sales-related scenario>
1) approving credit for customers
2) shipping goods
3) preparing and recording invoices
what could happen if duties are not segregated in sales related scenario?
1) unauthorized prices to increase sales commissions,
shipping clerk could ship goods to themselves, and
billing clerk could understate the amount billed for friends and relatives
what could happen if there is no seg of duties in purchasing scenario
a person could recieve a bribe to buy merch at an inflated price from bad supplier,
employee could record transaction and approve payment without being discovered/prepare fictious invoice from a company and take the money
synonym of bribe
kickback
is it easier or harder for small businesses to segregate duties?
HARDER! less people available
what hsould small businesses do since they cant segregate bettter?
more control activities (daily depositing cash in bank, or reconciling bank preports on monthly basis)
Assignment of responsibility: specific employees can be held accountable for their actions
Segregation of duties involves the types of duties that should be spread across multiple employees.
WORD
multiple purchasing clerks could be assigned the responsibility to initiate purchases, each using their unique employee number (assignment of responsibility). Meanwhile, the purchasing manager approves the purchase (segregation of duties) and receiving clerks in the warehouse will have custody of the assets being purchased (segregation of duties).
EX OF DIFFERENCE BETWEEN AOR AND SOD
what is documentation (Control activity)
this is providing evidence that transactions and events occured at a specific time for x amount
ex: pos software, shipping odcs, invoices and cheques
what should invoices and cheques be?
pre-numbered !! (electronically or manually)
what does prenumbering do?
helps prevent:
1) transactions from being recorded multiple times (numbers will repeat)
2) transactions not being recorded (gaps r notcieable)
if an employee is asked to sign a pre numberd creport, what two control activites are being used
assignmetn of responsibility and documentation
what is physical controls (Control activity)
things to guarantee the physical safety of a good
-> safes, vaults, and safety deposit for cash/business papers
-> locked warehouses and storage cabinets: inventories and records
-> access control system: fingerprint scanner
-> alarm system
-> cameras and sensors to detect theft
-> accesss scanners: using cards or gingerprints
what is review and reconciliation (Control activity)
review data made by employee by A DIFFERENT EMPLOYEE/3rd parties
what are internal reviews
reviews done by company employees (used to compare existing assets w records)
What are 3 measures needed for internal reviews
1) reviews should be performed regularly, surprise basis sometimes
2) employees performing review should be independt of employees responsible for data
3) discrepencies/exceptions MUST BE REPORTED TO MANAGEMENT
who do large companies employ for internal reviews
INTERNAL AUDITORS (independant of management)
-> make sure internal controls are being followed
-> identify and reccomend improvements
if a company is public, and finds a material weakness in internal controls over financial reporting, where is a management report addressed
in MD& A section
If a company is a public company (it lists its shares on a public stock exchange), a management report addressed to shareholders is included in the annual report that explains that management is responsible for the system of internal controls. The Chief Executive Officer (CEO) and Chief Financial Officer (CFO) must also provide certifications regarding the effectiveness of internal controls. Any identified control weaknesses of significance must also be reported in the Management Discussion and Analysis (MD&A) section of the annual report
review this
what is external review done by
EXTERNAL AUDTIORS
MAIN DIFF BETWEEN INTERNAL AND EXTERNAL AUDTIORS
external auditors are not company employees, they are accountants hired by board of directors on behalf of the shareholders
what do external auditors do
report whether or not companys financial statments present its financial position
are all public companies required to have external audit
YES
In addition to EXTERNALLLL AUDITORSS, as part of the company’s governance oversight responsibilities, the independent audit committee of the board of directors is responsible for reviewing the company’s internal control systems to ensure that they are adequate to result in fair, complete, and accurate financial reporting.
word
what are 4 limitations of internal control
1) cost /benefit consideration
2) human error
3) collusion
4) managemenet override
no matter how well internal control system is designed it can only provide so much _________
reasonable assurance
can the internal control system provide a guarantee?
NO! only reasonable assurance
why can the internal control ssystem only provide reasonable assurance
cuz of 4 limitations
Limitation of internal control 1: cost/benefit considerations
cost of control activites should not outweigh the beenfits,
EX: stores dont have security guards check all bags because the benefit of saving a few pieces of merch is a lot less than the cost of the customers internest
Limitation of internal control 2: human error
even the best systems can be ineffective if no training, employee fatigue ,carelessness, or indifference
ex: is a recieivng clerk isnt trained or doesnt care, they couldnt bother to count recieved goods
what is collusion an example of?
FRAUD
Limitation of internal control 3: collusion
2+ individuals may work together to go around controls; this violates segregation of duties
EX: boss and clerk work together to undertate cash reciepts and take money
Limitation of internal control 4: managemnt override
managers always give approval so they can also approve the wrong things! this will be fraud
THATS WHY MANAGEMENT NEEDS TO SET THE TONE AT THE TOP OF THE ORG
WHAT IS FRAUD
intentional actions taken to seteal assets or misstate financial info
what separates fraud from errors
INTENT!
3 FACTORS OF THE FRAUD TRIANGLE
1) OPPORTUNITY: some1 sees insufficient internal controls
2) FINANCIAL PRESSURE: economic problems, social problems (from managers/family/society)
3) RATIONALIZATION: making excuses for dishonest actions
examples of rationalization in fraud triangle
“everyyone does this”
“ill pay the company back”
“i am underpaid so whateve”
preventative controls
prevnt fruad from occuring
detective controls
identify and quantify fraufulent activieis that have occured ALREADY, AND TO prevent future from occuring
. When people know there is a higher likelihood of being caught, they will be less likely to attempt unethical activities.
duh
what is the most serious type of fraud
management fraud, because management is the top!
this is harder to detect
who can fraud be committed by
employees and third parties
who can commit fraud if they r a third party
suppliers (duplicate invoices or charges for work that arent erofrmed)
customers (who may shoplift or not scan items correctly)