Chapter 5: Introduction to internal control and information flows Flashcards

1
Q

What is a system of internal control?

A
  1. A system designed, implemented
    and maintained by TCWG
  2. Provide reasonable assurance: reliability of financial reporting, effectiveness of operations, compliance with laws
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are some limitations of internal controls?

A

human element, collusion, unusual transactions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Why small companies may have particular problem in implementing effective IC system than larger companies?

A

Because they employ fewer employees. The larger the number of people in the system, the more uncovered problems will be resolved

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How many components does the internal control system comprise?

A
  1. control environment
  2. entity’s risk assessment process
  3. entity’s process to monitor the system of internal control
  4. information system and communication
  5. control activities
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

_________: to prevent an error occurring
_________: to identify that an error has occurred and correct it

A

preventative control/ detective control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does a control environment include?

A
  1. governance & mgt function
  2. attitudes, awareness, and actions of TCWG and mgt concerning the entity IC
    => set the tone of an org
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The audit committee is an important aspect of the company’s control environment. True or False?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Does UK listed companies are required to have audit committee?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the audit committee comprised of?

A

non-executive directors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the role of the audit committee?

A
  1. supervise the identification of risks
  2. monitor controls
  3. review the integrity of FSs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is an entity’s assessment process?

A

The process of identifying and analysing risks to achieve entity’s objectives and how mgt manages the risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Examples of business risks

A

eg: changes in the operating environment, new technology, rapid growth,…

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the difference between business risk and inherent risk?

A

Business risk relates to the financial statements and affects overall audit risk; inherent risk applies to an individual audit area.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The role of monitoring of controls is undertaken by whom?

A

Internal auditors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What document do the auditors produce to outline any weakness they have observed in IC?

A

a management report

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What do the information system and communication consist of?

A

financial reporting system, procedures, software, people, data, events other than transactions

17
Q

What is the definition of control activities?

A

They are the policies and procedures to ensure the implementation of control

18
Q

What are the types of control activities?

A
  1. manual control systems, eg: authorization, verification, reconciliations, physical/logical control, segregation of duties
  2. computerized control systems
19
Q

Difference between reconciliation and verification

A
  1. reconciliation: compare two or more data element
  2. verification: compare an item with a policy -> follow-up action
20
Q

Difference between general IT control and information processing control

A
  1. general IT control: overall controls to continue proper operations of IT control
  2. information processing control: specific control towards accounting applications (keyword: input, master file, standing data)
21
Q

Name some types of cyber risk and their characteristic

A
  1. human threat: data theft
  2. fraud: dishonest use of computer system
  3. deliberate sabotage: cố ý phá hoại
  4. malware: phần mềm độc hại
  5. denial of service (DoS) attack: an attempt by a hacker to prevent legitimate users of a service from using that service
22
Q

What are 3 types of document which are used for recording the understanding of the business?

A
  1. narrative notes
  2. questionnaire and checklists
  3. diagrams
23
Q

To record simple background information, which type of document should auditors choose?

A

Narrative notes

24
Q

What are the disadvantages of flowchart documentation?

A

time-consuming and difficult to construct

25
Q

Is walk-through procedures one of the tests of control?

A

No. It aims to test the auditor;s understanding of the entity’s internal control