chapter 7 Flashcards
what is an internal control?
to protect a companies assets, ensure reliable financial reporting and comply with gvt regulations→ use them to make sure we can achieve these objectives
what are the two types of internal controls?
Can either be preventative (stop something from happening) or detective (to determine if something did happen)
what are the five components of the internal control system?
control environment, risk assessment, control activities, information and communication and monitoring activities
what is the control environment? (components)
environment inside an org, high level management, leading by good example to influence rest of employees
what is risk assessment?
management should identify and analyze factors that could create risks for the company and decide how to best mitigate them → process where management analyze and identify risks and how to mitigate them
what is control activities
to reduce intentional and unintentional errors, management should design policies/ procedures to address the risks→ once we have identified the risks, we can design controls to reduce the risks of happening
what is information and communication?
all pertinent information should be communicated to appropriate internal/ external users → once we have designed the controls,mw e have to communicate them to external and internal users, have to make sure the employees know they are in place
what are monitoring activities ?
on a periodic basis, we have to monitor the controls and make sure they are working properly, identify any deficiencies and communicate them to the management team
what are the five control activities/
assignment of respsonibiltu, segregation of duties, documentation, physical controls, review and reconciliation
what is assignment of responsibility?
we have to be careful when designing employee rules to make sure employees or employee levels are only assigned tasks that make sense and can be traced (can make sure employees are being helped accountable for their actions)
what is segregation of duties?
Cant give one employee too much responsibility→ can lead to higher risk of fraud or theft of companies assets
segregation of duties for purchases?
we should have different employees for ordering goods, approving the order, receiving the goods and authorizing payment
segregation of duties for sales?
make sure that we have different employees responsible for approving credit for customers, shipping goods and preparing invoices
in a smaller org, how would segregation of duties happen?
might need owner of company to take on some of those roles
what is documentation?
Important for us to have evidence of the transactions that have happened→ prove timing and amount
what are examples of documentation?
receipts→ proof that sale has happened and amount
Shipping documents→ goods have actually been shipped
what should every document have?
Signatures should be included on documents and all documents should be sequentially numbered
what are physical controls?
Are used to safeguard assets and enhance reliability of financial records
what are examples of physical controls?
safes, access systems with passwords, locked warehouses, alarm systems and cameras
what is review and reconciliation?
Reviews→ a review of data prepared by employees. The review can be carried out by other employees (internal review) or third parties (external review)
Reconciliation→ comparisons between two or more documents to ensure our records match up, includes bank reconciliations
what is a bank reconciliation?
important control over cash where we compare cash in our accounting system versus what the bank actually has on hand
what are internal reviews for review and reconciliation?
should be performed by internal auditors (hired by the company to audit whats happening inside the same company),
what are external reviews for review and reconciliatipn>
performed by external auditors to make sure the financial statametns do not have any material error
for reviews to be useful, what should they have?
perform in regular basis, reviewer should be independent, discrepancies should be reported to management
what are the four limitations of internal controls?
1) cost/ benefit considerations
2) human error
3) collusion
4) management overide
what is cost/ benefit considerations?
companies are often limited in their budget for controls → physical controls may be expensive, if we have a limited budget we have to suggest controls that will provide important benefits