Control, Security & Audit Flashcards
An internal control is…
…any action taken by management to enhance the likelihood that established objectives and goals will be achieved
The internal control system comprises…
…the control environment and control procedures.
It includes all the policies and procedures adopted by the directors and management of an entity to assist in achieving their objective of ensuring, the orderly and efficient conduct of its business, including:
1. Adherence to internal policies
2. Safeguarding of assets
3. Prevention and detection of fraud and error
4. Accuracy and completeness of accounting records
5. The timely preparation of reliable financial information
The control environment is…
…the overall context of control; the attitude of directors and managers towards control
…the overall attitude, awareness and actions of directors and management regarding internal controls and their importance in the entity
…management style, corporate culture and values shared by all employees
…the background against which the various other controls operate
Control procedures are…
…the detailed controls in place
…policies and procedures in addition to the control environment which are established to achieve the entity’s specific objectives
Elements of a strong control environment: (6)
- Clear strategies
- Culture, code of conduct, HR policies and performance reward systems support objectives, risk management and internal control systems
- Senior management’s commitment to competence, integrity and fostering a climate of trust
- Clear definition of authority, responsibility and accountability
- Communication
- Knowledge, skills and tools to support objectives
Controls can be classified in various ways:
- Administrative & accounting
- Prevent, detect & correct
- Discretionary & non-discretionary
- Voluntary & mandated
- Manual & automated
Classification of controls: Administration:
Concerned with achieving objectives and implementing policies; Relate to channels of communication and reporting responsibilties
Classification of controls: Accounting:
Aim to provide accurate accounting records and achieve accountability;
Apply to recording transactions and establishing responsibilities for records, transactions and assets
Classification of controls: Prevent:
Prevent errors from happening in the first place;
Checking invoices from suppliers against GRN’s before paying
Classification of controls: Detect:
Detect errors once they have happened;
Bank reconciliations; Physical checks of inventory against inventory records
Classification of controls: Correct:
Designed to minimise or negate the effect of errors;
Backup of computer input
Classification of controls: Discretionary:
Subject to human discretion
Checking a signature on a PO
Classification of controls: Non-discretionary:
Provided automatically by the system; cannot be overridden;
Pin at an ATM
Classification of controls: Voluntary:
Chosen by the organisation to support the management of the business
Classification of controls: Mandated:
Required by law; imposed by external authorities
Classification of controls: Manual:
Demonstrate a one-to-one relationship between the processing functions and the controls, and the human functions
Classification of controls: Automated:
Programmed procedures designed to prevent, detect and correct errors all the way through processing
Classification of controls: General:
Used to reduce the risks associated with the computer environment; Relate to the environment in which the application is operated