Chapter 8 - Internal control systems

Question 1

Define internal control

Answer 1

A process affected by an entity’s board of directors to provide reasonable assurance regarding achievement of objectives, reporting and compliance

Question 2

Define COSO

Answer 2

The US standard approach to internal controls

Question 3

What is the FRC?

Answer 3

UK guidance relating to risk management and internal controls

Question 4

What are the objectives of internal control systems?

Answer 4

RORCS

• Risks - manage them
• Operations - maintain effectiveness and efficiency
• Reporting - ensure reliability
• Compliance - support compliance with regulations
• Safeguarding - shareholders investments

Question 5

What are the limitations of internal control?

Answer 5

• Only reasonable assurance
• Cost vs benefits
• Potential for human error or fraud
• Collusion between employees
• Possibility of management override
• System only designed to cope with routine transactions
• Out of date controls

Question 6

What does the COSO cube do?

Answer 6

Illustrates how internal controls operate across three dimensions:

• Objectives
• Components of internal control
• Levels of the organisation

Question 7

What are the components of the COSO cube under ‘Objectives’?

Answer 7

• Opertations
• Reporting
• Compliance

Question 8

What are the components of the COSO cube under ‘components of internal control’?

Answer 8

CRIME

• Control activities - policies and procedures
• Risk assessment - how risk analysed
• Information and communication - info is relevant
• Monitoring activities - regular review
• Environment (control) - attitude to internal control

Question 9

What are the components of the COSO cube under ‘levels of the organisation’?

Answer 9

• Entity level
• Division
• Operation unit
• Function

Question 10

What are the categories of control?

Answer 10

• Corporate controls - general policy statements, culture
• Management controls - performance monitoring
• Business process controls - authorisation limits, reconciliation of sources
• Transacation controls - completeness and accuracy checks

Question 11

Define administrative controls

Answer 11

Controls concerned with achieving the objectives of the organisation and with implementing policies

• Establish structure
• Division of managerial authority
• Channels of communication

Question 12

Define accounting controls

Answer 12

Controls aiming to provide accurate accounting records

• Recording of transactions
• Establishing responsibilities

Question 13

Define discretionary controls

Answer 13

Controls that are subject to human discretion e.g. goods not being dispatched to customer with overdue account

Question 14

Define non-discretionary controls

Answer 14

Controls provided automatically by system and cannot by bypassed e.g. ATM asking for PIN number

Question 15

Define general controls

Answer 15

Controls that relate to the environment in which the application system is operated

Question 16

Define application controls

Answer 16

Controls that prevent, detect, correct errors

Question 17

What are the different forms of control activity?

Answer 17

APIPS

• Authorisation
• Performance reviews
• Information processing
• Physical controls
• Segregation of duties

Question 18

What are the qualities of good information?

Answer 18

ACCURATE

• Accurate
• Complete
• Cost-beneficial
• User-friendly
• Relevant
• Authoritative - source should be reliable
• Timely
• Easy to use

Question 19

What should be covered in external reporting on internal controls?

Answer 19

• Acknowledgement that the board are responsible for system of internal control
• Explain that such a system is designed to manage rather than eliminate risk of failure (reasonable assurance)
• Summary of the process directors have used to review effectiveness
• Information about deficiencies that have resulted in material losses.

Question 20

What are the advantages of audit committees?

Answer 20

• Quality of financial reporting (review FS on behalf of board)
• Discipline and control climate
• Enable NED to contribute independent judgement
• Channel of communication for external auditor
• Greater degree of independence for internal audit function
• Increase public confidence

Question 21

What are the disadvantages of audit committees?

Answer 21

• Not clear what they do as findings not always made public
• Drag on entrepreneurial flair
• Barrier between external auditors and main board
• Less effective if under influence of dominant board member

Question 22

Who should be on the audit committee?

Answer 22

At least three NED’s, one should have recent and relevant financial experience

Question 23

What are the responsibilities of the audit committee?

Answer 23

• Monitoring and review (FS, independence of external auditors)
• Overseeing (internal audit, appointing external auditors, remuneration for external auditors)
• Policy setting (non-audit services)
• Whilstleblowers
• Responses to audits

Question 24

How can the quality of an internal audit be assessed?

Answer 24

• Scope of work
• Authority - if their reports are reviewed and actioned
• Independence
• Resources

Question 25

How can independence of internal auditors be achieved?

Answer 25

• Report to board not to finance director
• Should not conduct audits on departments in which they have worked
• Should not conduct post-implementation audits where they have designed systems
• Rotation of staff