Chapter 2 Flashcards
Systems of Internal Control
What are the three main purposes of internal control?
FYI: REC
- Reliable Financial Reporting
- Efficient Operations
- Compliance with Laws and Regulations
These purposes ensure accuracy, smooth operations, and adherence to legal standards.
What does the control environment refer to?
The overall tone, attitude and culture of a company affecting the effectiveness of internal controls
It includes attitudes and actions of management regarding honesty, ethics, and rule-following.
What is an Information system in internal control and what 2 processes does it include?
- How a company collects, records, processes and reports its data
- Includes both manual and computerised processes
This includes both manual and computerized processes to ensure accuracy and reliability.
What are the two categories of IT controls?
- General IT controls
- Application IT controls
General controls apply to the overall IT environment, while application controls are specific to software applications.
Define General IT controls
Broad controls that apply to the overall IT environment of an organisation.
They ensure the integrity and reliability of the IT systems.
What are application IT controls focused on and what can they be in nature?
The information processing element of control
They can be preventative and detective in nature.
What are control activities?
Policies and procedures that ensure management directives are carried out.
Examples include performance review, information processing, and segregation of duties.
List some examples of control activities
- Authorisation of documents
- Controls over computerised applications
- Controls over counting accuracy
- Maintaining control accounts and trial balances
- Reconciliations
- Restricting access
- Segregation of duties
- Performance Reviews
These activities help to ensure that operations are conducted according to established guidelines.
What is the purpose of monitoring of controls, what does it address, and what 2 characteristics can they fall under?
To keep track of how well objectives are achieved and address deficiencies in control (can either be detective or preventative).
Monitoring can be either detective or preventative.
What are the 3 inherent limitations of internal controls?
- Cost vs benefit
- Human error
- Integrity of management
These limitations can affect the effectiveness of internal controls.
What is the purpose of an internal audit, and who is responsible for determing the requirements?
To evaluate other controls in place within an organisation and add value throughout.
The audit committee is responsible for determining the requirements for internal audit.
What 3 factors indicate the need for an internal audit?
- Company’s size/complexity
- Cost vs benefit
- Unexpected risk events or perceived problems
These factors help determine the necessity and scope of internal audits.
What are some roles of an internal audit?
- Reviewing internal control systems
- Examining financial information
- Special investigations (fraud)
- Project Work
- Regulatory compliance
- Assess Stewardship
- Risk management
These roles help ensure effective oversight and performance evaluation.
True or False: Internal auditors can challenge management effectively.
False
Lack of authority can hinder internal auditors’ ability to challenge management.
What are the 3 main features of accounting systems?
FYI: (ORC)
- Objective
- Risks
- Control procedures
These features help auditors understand how systems manage risks and achieve objectives.
What are the 6 Major Accounting Systems?
FYI: PRINCP
- Purchases
- Revenue
- Payroll
- Inventory
- Non-current assets
- Cash and bank
Control objectives guide the design and implementation of controls.
How do auditors gain an understanding of systems?
FYI: (CADE)
- Confirming
- Ascertaining
- Documenting
- Evaluating
These procedures help ensure a comprehensive understanding of the accounting system.
How do we document Accounting systems?
FYI: NFI
- Narrative notes
- Written descriptions
- Flowcharts
- Visual representations of the systems broken down by activity
- Internal control questionnaires (ICQ) and control checklists (ICC)
- List of control questions for each type of system
This helps validate the accuracy of the documented systems.
What are the advantages and disadvantages of narrative notes in documenting accounting systems?
+ve: Quick to prepare
-ve: Confusing if system is complex
Narrative notes provide a fast way to capture information but may lack clarity.
What is the benefit of using flowcharts in documenting accounting systems?
Easier to interpret for larger, more complex systems
Flowcharts provide visual representations of processes, aiding understanding.
What does evaluating the accounting system involve?
Reporting on strengths and weaknesses of controls and deciding whether Auditors should test or not test them.
This evaluation helps determine the effectiveness of controls and whether further testing is necessary.
What should Auditors do in cases of internal controls being effective or ineffective?
Controls are effective:
- Proceed to test them
Controls are ineffective
- Not proceeding to test them but to investigate further
Purchases
- ORC
Objective:
- Receipt of good and invoices
- Accounting in relation to ordering and payment
Risk:
- Paying for goods not received
- Misstated financial statements/ duplications
Control Procedure:
- Prepare/ dispatch orders only when purchase authorised
- Reconcile invoices
- Obtain credit approvals from clients
Revenue
-ORC
Objective:
- Recording and accounting revenue
- Receiving payments
Risk:
- Customers bad credit
- Late payments
- Goods not invoiced after dispatchment
- Money stolen
Control Procedure:
- Credit checks on customers
- Trace documents based on stage of the purchase cycle
- Authorise dispatching goods
- Check returned goods
- Sign proof of receipt
Inventory
-ORC
Objective:
- Recording of inventory
- Valuation
- Inventory levels
Risk:
- Stolen
- Overstated/understated
- Unusable or unsellable
Control Procedure:
- Segregation of duties
- Maintaining inventory records
- Restriction of access
Non-Current Asset
-ORC
Objective:
- Buying assets
- Storing and using
- Selling and recording
Risk:
- Unnecessary purchases
- Stolen
- Misstated
Control Procedure:
- Capital expenditure budget
- Maintenance of assets
Cash
-ORC
Objective:
- Recorded receipts and payment
- Accountable staff
- Cash available
Risk:
- Fraud or error
- Lack of visibility due to volume
- Authorisation issues
- Insufficient funds
Control Procedure:
- Recording cash receipts
- Restrictions
- Technological reconciliation support
Payroll
-ORC
Objective:
- Setting pay
- Recording and paying wages
Risk:
- Overpay/ underpay employees
- Angry workforce/ displeasure
- Misstated financial statements
Control Procedure:
- Personnel files
- Record hours worked
- Payroll check and approved
- Identity the staff (verify)
