Chapter 5: Introduction to internal control and information flows Flashcards
What is a system of internal control?
- A system designed, implemented
and maintained by TCWG - Provide reasonable assurance: reliability of financial reporting, effectiveness of operations, compliance with laws
What are some limitations of internal controls?
human element, collusion, unusual transactions
Why small companies may have particular problem in implementing effective IC system than larger companies?
Because they employ fewer employees. The larger the number of people in the system, the more uncovered problems will be resolved
How many components does the internal control system comprise?
- control environment
- entity’s risk assessment process
- entity’s process to monitor the system of internal control
- information system and communication
- control activities
_________: to prevent an error occurring
_________: to identify that an error has occurred and correct it
preventative control/ detective control
What does a control environment include?
- governance & mgt function
- attitudes, awareness, and actions of TCWG and mgt concerning the entity IC
=> set the tone of an org
The audit committee is an important aspect of the company’s control environment. True or False?
True
Does UK listed companies are required to have audit committee?
Yes
What is the audit committee comprised of?
non-executive directors
What is the role of the audit committee?
- supervise the identification of risks
- monitor controls
- review the integrity of FSs
What is an entity’s assessment process?
The process of identifying and analysing risks to achieve entity’s objectives and how mgt manages the risks
Examples of business risks
eg: changes in the operating environment, new technology, rapid growth,…
What is the difference between business risk and inherent risk?
Business risk relates to the financial statements and affects overall audit risk; inherent risk applies to an individual audit area.
The role of monitoring of controls is undertaken by whom?
Internal auditors
What document do the auditors produce to outline any weakness they have observed in IC?
a management report
What do the information system and communication consist of?
financial reporting system, procedures, software, people, data, events other than transactions
What is the definition of control activities?
They are the policies and procedures to ensure the implementation of control
What are the types of control activities?
- manual control systems, eg: authorization, verification, reconciliations, physical/logical control, segregation of duties
- computerized control systems
Difference between reconciliation and verification
- reconciliation: compare two or more data element
- verification: compare an item with a policy -> follow-up action
Difference between general IT control and information processing control
- general IT control: overall controls to continue proper operations of IT control
- information processing control: specific control towards accounting applications (keyword: input, master file, standing data)
Name some types of cyber risk and their characteristic
- human threat: data theft
- fraud: dishonest use of computer system
- deliberate sabotage: cố ý phá hoại
- malware: phần mềm độc hại
- denial of service (DoS) attack: an attempt by a hacker to prevent legitimate users of a service from using that service
What are 3 types of document which are used for recording the understanding of the business?
- narrative notes
- questionnaire and checklists
- diagrams
To record simple background information, which type of document should auditors choose?
Narrative notes
What are the disadvantages of flowchart documentation?
time-consuming and difficult to construct
Is walk-through procedures one of the tests of control?
No. It aims to test the auditor;s understanding of the entity’s internal control
