Chapter 5: Introduction to internal control and information flows

Question 1

What is a system of internal control?

Answer 1

1. A system designed, implemented
   and maintained by TCWG
2. Provide reasonable assurance: reliability of financial reporting, effectiveness of operations, compliance with laws

Question 2

What are some limitations of internal controls?

Answer 2

human element, collusion, unusual transactions

Question 3

Why small companies may have particular problem in implementing effective IC system than larger companies?

Answer 3

Because they employ fewer employees. The larger the number of people in the system, the more uncovered problems will be resolved

Question 4

How many components does the internal control system comprise?

Answer 4

1. control environment
2. entity’s risk assessment process
3. entity’s process to monitor the system of internal control
4. information system and communication
5. control activities

Question 5

_________: to prevent an error occurring
_________: to identify that an error has occurred and correct it

Answer 5

preventative control/ detective control

Question 6

What does a control environment include?

Answer 6

1. governance & mgt function
2. attitudes, awareness, and actions of TCWG and mgt concerning the entity IC
   => set the tone of an org

Question 7

The audit committee is an important aspect of the company’s control environment. True or False?

Answer 7

True

Question 8

Does UK listed companies are required to have audit committee?

Answer 8

Yes

Question 9

What is the audit committee comprised of?

Answer 9

non-executive directors

Question 10

What is the role of the audit committee?

Answer 10

1. supervise the identification of risks
2. monitor controls
3. review the integrity of FSs

Question 11

What is an entity’s assessment process?

Answer 11

The process of identifying and analysing risks to achieve entity’s objectives and how mgt manages the risks

Question 12

Examples of business risks

Answer 12

eg: changes in the operating environment, new technology, rapid growth,…

Question 13

What is the difference between business risk and inherent risk?

Answer 13

Business risk relates to the financial statements and affects overall audit risk; inherent risk applies to an individual audit area.

Question 14

The role of monitoring of controls is undertaken by whom?

Answer 14

Internal auditors

Question 15

What document do the auditors produce to outline any weakness they have observed in IC?

Answer 15

a management report

Question 16

What do the information system and communication consist of?

Answer 16

financial reporting system, procedures, software, people, data, events other than transactions

Question 17

What is the definition of control activities?

Answer 17

They are the policies and procedures to ensure the implementation of control

Question 18

What are the types of control activities?

Answer 18

1. manual control systems, eg: authorization, verification, reconciliations, physical/logical control, segregation of duties
2. computerized control systems

Question 19

Difference between reconciliation and verification

Answer 19

1. reconciliation: compare two or more data element
2. verification: compare an item with a policy -> follow-up action

Question 20

Difference between general IT control and information processing control

Answer 20

1. general IT control: overall controls to continue proper operations of IT control
2. information processing control: specific control towards accounting applications (keyword: input, master file, standing data)

Question 21

Name some types of cyber risk and their characteristic

Answer 21

1. human threat: data theft
2. fraud: dishonest use of computer system
3. deliberate sabotage: cố ý phá hoại
4. malware: phần mềm độc hại
5. denial of service (DoS) attack: an attempt by a hacker to prevent legitimate users of a service from using that service

Question 22

What are 3 types of document which are used for recording the understanding of the business?

Answer 22

1. narrative notes
2. questionnaire and checklists
3. diagrams

Question 23

To record simple background information, which type of document should auditors choose?

Answer 23

Narrative notes

Question 24

What are the disadvantages of flowchart documentation?

Answer 24

time-consuming and difficult to construct

Question 25

Is walk-through procedures one of the tests of control?

Answer 25

No. It aims to test the auditor;s understanding of the entity’s internal control