Chapter 8 - Internal control systems Flashcards
Define internal control
A process affected by an entity’s board of directors to provide reasonable assurance regarding achievement of objectives, reporting and compliance
Define COSO
The US standard approach to internal controls
What is the FRC?
UK guidance relating to risk management and internal controls
What are the objectives of internal control systems?
RORCS
- Risks - manage them
- Operations - maintain effectiveness and efficiency
- Reporting - ensure reliability
- Compliance - support compliance with regulations
- Safeguarding - shareholders investments
What are the limitations of internal control?
- Only reasonable assurance
- Cost vs benefits
- Potential for human error or fraud
- Collusion between employees
- Possibility of management override
- System only designed to cope with routine transactions
- Out of date controls
What does the COSO cube do?
Illustrates how internal controls operate across three dimensions:
- Objectives
- Components of internal control
- Levels of the organisation
What are the components of the COSO cube under ‘Objectives’?
- Opertations
- Reporting
- Compliance
What are the components of the COSO cube under ‘components of internal control’?
CRIME
- Control activities - policies and procedures
- Risk assessment - how risk analysed
- Information and communication - info is relevant
- Monitoring activities - regular review
- Environment (control) - attitude to internal control
What are the components of the COSO cube under ‘levels of the organisation’?
- Entity level
- Division
- Operation unit
- Function
What are the categories of control?
- Corporate controls - general policy statements, culture
- Management controls - performance monitoring
- Business process controls - authorisation limits, reconciliation of sources
- Transacation controls - completeness and accuracy checks
Define administrative controls
Controls concerned with achieving the objectives of the organisation and with implementing policies
- Establish structure
- Division of managerial authority
- Channels of communication
Define accounting controls
Controls aiming to provide accurate accounting records
- Recording of transactions
- Establishing responsibilities
Define discretionary controls
Controls that are subject to human discretion e.g. goods not being dispatched to customer with overdue account
Define non-discretionary controls
Controls provided automatically by system and cannot by bypassed e.g. ATM asking for PIN number
Define general controls
Controls that relate to the environment in which the application system is operated
Define application controls
Controls that prevent, detect, correct errors
What are the different forms of control activity?
APIPS
- Authorisation
- Performance reviews
- Information processing
- Physical controls
- Segregation of duties
What are the qualities of good information?
ACCURATE
- Accurate
- Complete
- Cost-beneficial
- User-friendly
- Relevant
- Authoritative - source should be reliable
- Timely
- Easy to use
What should be covered in external reporting on internal controls?
- Acknowledgement that the board are responsible for system of internal control
- Explain that such a system is designed to manage rather than eliminate risk of failure (reasonable assurance)
- Summary of the process directors have used to review effectiveness
- Information about deficiencies that have resulted in material losses.
What are the advantages of audit committees?
- Quality of financial reporting (review FS on behalf of board)
- Discipline and control climate
- Enable NED to contribute independent judgement
- Channel of communication for external auditor
- Greater degree of independence for internal audit function
- Increase public confidence
What are the disadvantages of audit committees?
- Not clear what they do as findings not always made public
- Drag on entrepreneurial flair
- Barrier between external auditors and main board
- Less effective if under influence of dominant board member
Who should be on the audit committee?
At least three NED’s, one should have recent and relevant financial experience
What are the responsibilities of the audit committee?
- Monitoring and review (FS, independence of external auditors)
- Overseeing (internal audit, appointing external auditors, remuneration for external auditors)
- Policy setting (non-audit services)
- Whilstleblowers
- Responses to audits
How can the quality of an internal audit be assessed?
- Scope of work
- Authority - if their reports are reviewed and actioned
- Independence
- Resources
How can independence of internal auditors be achieved?
- Report to board not to finance director
- Should not conduct audits on departments in which they have worked
- Should not conduct post-implementation audits where they have designed systems
- Rotation of staff
