Internal control

Question 1

Why does management uses strategic plan?

Answer 1

As point of departure in developing organisational operational direction

Question 2

Define structure

Answer 2

The way in which the organisation or elements thereof, is arranged

Question 3

Define policy

Answer 3

Guideline or statement of position with respect to a given topic

Question 4

Define process

Answer 4

Big picture of what must be done

Question 5

Define procedure

Answer 5

A fixed, step by step sequences of activities or course of action

Question 6

Define system

Answer 6

A tool(s) used to facilitate the procedures

Question 7

Define law

Answer 7

National legal requirement

Question 8

Define regulation

Answer 8

Additional guidance and rules - based documentation for a specific need

Question 9

True or False

Internal auditors need a sound understanding of organisational structure term and application within the engagement client’s environment.

Answer 9

True

Question 10

Who is responsible to ensure governance, risk management and control are established within the organisation to meet business and stakeholders needs.

Answer 10

Management

Question 11

The performance standards describe which internal audit service?

Answer 11

The nature of work

Question 12

What does the nature of work of internal audit work/service consist of?

Answer 12

• organisational terms
• standards (GRC)
• definition of control
• objectives of control
• COSO framework
• responsibility for internal control
• advantages and disadvantages
• controls in IT environment`

Question 13

Explain 2100 Nature of work

Answer 13

The internal audit activity must evaluate and contribute to the improvement of governance, risk management, and control processes using a systematic and disciplined approach. Internal audit credibility and value are enhances when auditors are proactive and their evaluations offer new insight and consider future impact.
The nature of work of IAA consists mainly of providing assurance and consulting services on governance, risk management and control processes, or related fields.

Question 14

State 2110 Governance

Answer 14

The IAA must assess and make appropriate recommendations to improve the organization’s governance processes for:
- making strategic and operational decisions
- overseeing risk management and control
- promoting appropriate ethics and value within the organization
- ensuring effective organizational performance management and accountability
- communicating risk and control information to appropriate areas of the organization
- coordinating the activities of, and communicating information among, the board, external and internal auditors, other assurance providers, and management

Question 15

Disclose 2110. A1 Governance

Answer 15

The IAA must evaluate the design, implementation and effectiveness of the organization’s ethics-related objectives, programms, and activities

Question 16

State 2110. A2

Answer 16

The IAA must assess whether the IT governance of the organization sustains and supports the organization’s strategies and objectives

Question 17

State 2120 Risk management

Answer 17

The IAA must evaluate the effectiveness and contribute to the improvement of risk management processes.

Question 18

How should 2120 risk management be interpretated?

Answer 18

Judgement results from assessment:
- organizational objectives support and align with the organization’s mission
- significant risks are identified and assessed
- appropriate risk responses are selected that align risks with the organization’s risk appetite
- relevant risk information is captured and communicated in a timely manner across the organization, enabling staff, management, and the board to carry out their responsibilities

Question 19

How is risk management processes monitored according to 2120 risk management interpretation?

Answer 19

Through ongoing management activities, separate evaluations, or both

Question 20

State 2120.A1

Answer 20

The IAA must evaluate the adequacy and effectiveness of controls in responding to risks within the organization’s governance, operations, and information systems, regarding the:
- achievement of the organization’s strategic objectives
- reliability and integrity of financial and operational information
- effectiveness and efficiency of operations and program
- safeguarding of assets
- compliance with laws, regulations, policies, procedures, and contracts

Question 21

State 2120.A2

Answer 21

The IAA must evaluate the potential for the occurrence of fraud and how the organization manage fraud risk

Question 22

Explain 2130 control

Answer 22

The IAA must assist the organization in maintaining effective controls by evaluating their effectiveness and efficiency and by promoting continuous improvement

Question 23

What is control aim according to 2130 control?

Answer 23

To support the organisation in the management of risks that threaten the achievement of its objectives and should amongst others, ensure:
- financial and operational information is reliable and possesses integrity
- operations are performed efficiently and achieve established objectives
- assets are safeguard
- actions and decisions of the organization are in compliance with laws, regulations and contracts

Question 24

What is the CAE role according to 2130 control?

Answer 24

Should form an overall opinion on the adequacy and effectiveness of the control processes by considering whether significant discrepancies or weaknesses were discovered, corrections or improvement were made after the discoveries, and the discoveries and their potential consequences led to a conclusion that a pervasive condition exists resulting in an unacceptable level of risk.
The IA plan should make provisions for the evaluation of the adequacy and effectiveness of the organization’s control processes. The CAE should report at least once a year on the organization’s control processes to senior management and the board

Question 25

What is internal control according to COSO?

Answer 25

Is a process, affected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance

Question 26

What is internal control according to IPPF?

Answer 26

Any action taken by management, the board and other parties to manage risk and increase the likelihood that established objectives and goal will be achieved. Management plans, organises and directs the performance of sufficient actions to provide reasonable assurance that objectives and goals will be achieved

Question 27

What is internal control according to SAICA?

Answer 27

Internal control measures are those methods and procedures which have been accepted by the management of an entity to help in the achievement of management’s goal to ensure that the business of the entity is properly conducted in an orderly and efficient manner.

Question 28

What is the general assumption about internal control derived from all of regulatory bodies?

Answer 28

• Control is either a process or action taken
• Management is responsible for implementing internal control, but other parties may also be involved
• Controls are implemented to minimise risks, thus ensuring that an organization’s objectives are met. However, only reasonable assurance in the minimization of risks and the achievement of objectives can be provided by effective internal controls

Question 29

What does COSO standard for?

Answer 29

Committee of Sponsoring Organizations

Question 30

Explain the COSO framework?

Answer 30

The framework incorporates all the essential aspects that need to be present in order to implement an effective and efficient internal control structure

Question 31

State the COSO control framework components

Answer 31

• Monitoring
• Information and communication
• Control activities
• Risk assessment
• Control environment

Question 32

Which COSO control framework component is the foundation and provides the atmosphere in which people conduct their activities and carry out their control responsibilities in the organization?

Answer 32

The control environment

Question 33

Disclose the various elements of control environment

Answer 33

• The philosophy and style of senior management
• The organizational structure (hierarchy)
• Methods used to communicate tasks and responsibilities to personnel
• Human resources management

Question 34

What does the control environment represent?

Answer 34

The collective effect of various factors on establishing, enhancing, or mitigating the effectiveness of specific policies and procedures

Question 35

Where does the control environment have direct influence?

Answer 35

The way activities are structured, objectives are established and risk is addressed, and therefore affects the control consciousness of people performing their day to day activities

Question 36

Disclose the fundamental management principles of philosophy and style of senior management elements

Answer 36

• Planning
• Organising
• Directing
• Controlling

Question 37

What does planning included according to the philosophy and style o senior management?

Answer 37

Establishing objectives, developing strategies, determining policies and procedures, etc

Question 38

Explain organising in terms of philosophy and style of senior management

Answer 38

The coordination of people and plans in order to execute the planning.

Question 39

What does organizing include according to the philosophy and style of senior management?

Answer 39

Responsibility, authority, delegation, decentralization, committees, and structure

Question 40

Explain directing in terms of Phy and style of SM

Answer 40

The process of allocating resources to ensure objectives are met.

Question 41

What does directing include in terms of phy and style of SM?

Answer 41

Elements of leadership, motivation and communication

Question 42

Discuss controlling in relation to phy and style of SM/

Answer 42

The process of ensuring that the directed actions have been executed as planned to ensure that objectives are achieved

Question 43

Which factors should internal auditors consider that might influence the risk with reference to the philosophy and operating style of management?

Answer 43

• a single person dominating the operating and financial decisions making process
• aggressive management in an environment of poor internal control activities
• a high turnover of management
• an unduly aggressive approach of management to financial reporting
• management having a poor reputation in the business community
• management placing excessive emphasis on obtaining profit forecasts
• a significant part of remuneration of management being based on operating results
• pressure on management
• future existence of the org resting on obtaining finance from outside sources

Question 44

True or false

The integrity and ethical value of SM don’t play an important part in phy and style.

Answer 44

False

Question 45

True or false

Understanding the concept of integrity and ethical standards might be easy as well as the application of the concept

Answer 45

False

Understanding the concept of integrity and ethical standards might be but the application of the concept can be complicated exercise

Question 46

What is the most effective way to transmit a message of ethical behaviour?

Answer 46

By example, as a personnel are likely to develop the same attitudes about what is right and what is wrong as those shown by SM

Question 47

True or false

Senior management should communicate the organization’s values and behavioural standards to personnel

Answer 47

True

Question 48

True or false

Communicating ethical values by way of an impressive document does ensure that they are being followed

Answer 48

False

Communicating ethical values by way of an impressive document does not ensure that they are being followed

Question 49

Management must act on violations of the code of conduct, as messages sent by their actions in these situations quickly becomes embodied in the organizational culture.

How is this achieved?

Answer 49

• Penalties for personnel who violate the code
• mechanisms to encourage personnel report suspected violations
• disciplinary actions against personnel who fail to report violations

Question 50

What does the organization’s hierarchical structure overall framework provide?

Answer 50

Planning, organizing, directing and controlling operations

Question 51

What factors should be taken into consideration when evaluating the organizational structure?

Answer 51

• The organizational structure should be suitable for the type of org
• ## grouping of activities

Question 52

What should be considered when forming an organizational structure?

Answer 52

The form and nature of an organization’s business units, related management functions and reporting relationships

Question 53

What are the ideal effect of the organizational structure?

Answer 53

The organizational structure should be able to provide the necessary information to the managers enable them to manage the organization

Question 54

Explain grouping of activities

Answer 54

In the functional approach, the org is structured along the lines of the major functions such as production, marketing, personnel and finance.
The benefits of specialized concentration of authority that flows down through the various organizational values.
The disadvantage is that key decisions must be coordinated made at the top, restricting the possibility of more urgently needed responses at field level

Question 55

State the factors that should be considered when discussing methods used to communicate tasks and responsibilities to personnel

Answer 55

• organizational policy regarding such matters as acceptable business practices, conflicts of interest and other code of conduct
• assignment of responsibility and delegation of authority to deal with such matters as organizational goals and objectives, operating functions and regulatory requirements
• job descriptions delineating specific duties, reporting relationships, and constraints
• computer system documentation indicating the procedures for authorising transactions and approving systems changes

Question 56

Its important for internal auditors to realize that personnel can only execute their duties if they know what is expected of them.

State the methods to communicate these authorities and responsibilities.

Answer 56

• an organizational code of conduct
• memorandums from SM, setting out the importance of control related activities
• formal organizational and operational plans
• a manual on accounting policies and procedures
• an organizational chart
• job descriptions
• clear boundaries of authority

Question 57

What does the human resources management affect?

Answer 57

The organization’s ability to appoint adequate, competent personnel in order for the organizations to achieve its objective

Question 58

What does the humans resources management include?

Answer 58

The rules of the org regarding the appointment, training, evaluation, promotion and remuneration of personnel, and the supply of sufficient resources to the personnel which they may need in order to carry out their responsibilities

Question 59

Personnel practices can be categorised how in terms of human resources management?

Answer 59

• The appointment and evaluation of personnel
• personnel scheduling
• regular rotation of duties, within limits
• career path possibilities
• the formalisation of personnel practices
• exercising psychological control by striving to maintain a high morale amongst personnel

Question 60

Explain the appointment and evaluation of personnel in terms of human resources management

Answer 60

When appointing personnel, a formal evaluation process should be followed. Personnel should be evaluated periodically to determine their progress and to identify opportunities for further training

Question 61

Explain personnel scheduling in terms of human resources

Answer 61

Regular scheduling of personnel in respect of task should take place. Also, he assignment of personnel’s tasks and duties should take the annual leave of personnel into consideration

Question 62

Explain regular rotation of duties, within limits

Answer 62

• Combat fraud
• Allow for the alternation in tasks to be promoted, rotation of duties should be implemented
• Rotation of duties should be applied with great caution, as personnel must have the necessary level of training in order to perform the various tasks and not to create any further opportunity for fraud to take place

Question 63

Explain career path possibilities

Answer 63

Clear career path possibilities must be made known to the personnel in order to create promotion possibilities

Question 64

Explain the formalization of personnel practicess

Answer 64

Personnel practices should be contained in a formal document so that personnel are made aware of intolerable practices

Question 65

Explain exercise psychological control by striving to maintain a high morale amongst personnel

Answer 65

Management may not be responsible for the psychological well being of every individual in the work place but the way personnel are treated, can all play an important role in the morale amongst personnel

Question 66

Disclose the classifications of internal control activities

Answer 66

• Preventative controls
• Detective controls
• Corrective controls

Question 67

Explain preventative controls

Answer 67

When built into a system, preventative controls forestall errors and thereby avoid the cost of correction.
Most cost-effective than other controls

Question 68

What are included in preventative controls?

Answer 68

• trustworthy, competent people
• segregation of duties to prevent intentional wrongdoing
• proper authorization to prevent improper use of organizational resources
• adequate documentation and records as well as proper record keeping procedures to deter improper transactions
• a physical control over assets to prevent their improper conversion or use

Question 69

Explain detective controls

Answer 69

• usual more expensive than preventative control
• measure the effectiveness of the preventative controls
• some errors cannot be effectively controlled through system of preventation, they must be detected when they occur.
• detection include reviews and comparisons

Question 70

Explain corrective controls

Answer 70

• take over when improper outcomes occur and are detected
• documentation and reporting structures keep problems under management surveillance until they have been solved or the defect corrected
• correction close the lop that starts with prevention and passes through detection to correction

Question 71

State the general types of internal control activities

Answer 71

• segregation of duties
• proper authorization of transactions and activities
• adequate documents and records
• safeguarding of assets and information
• independent checks

Question 72

What is the principle purpose of segregation of duties?

Answer 72

To reduce the opportunities for an individual to make and then conceal errors or irregularities while performing a task.

Question 73

How can segregation of duties be achieved?

Answer 73

*No individual should be responsible for more than one of the following?
- authorising the transactions
- recording the transactions
- executing the transactions or having custody of assets

Question 74

True or false

An individual is less likely to attempt to commit an irregularity if they must obtain another personnel member’s consent

Answer 74

True

Question 75

Why should the personnel responsible for recording transactions should not also have the responsibility for authorising the transactions?

Answer 75

The org wants yo ensure that only valid authorised transactions take place.
If the personnel member responsible for recording may authorise a transaction, they could create and authorise fake transactions, in order to balance the accounts

Question 76

Why should personnel who have access to or control physical assets should not be able to authorise transactions?

Answer 76

The same person should not be able to authorise a payment to a supplier and sign the cheque, as the money in the bank is a form of asset

Question 77

Should there be a segregation of custody of assets from the recording function?

Answer 77

Yes, to prevent the personnel member from disposing of asset for personal gain and then adjusting the records to cover the fraudulent action

Question 78

True or false

Every transaction must be properly authorised and any transaction should be executed and recorded if controls are to be satisfactory

Answer 78

False

Every transaction must be properly authorised and only valid transaction should be executed and recorded if controls are to be satisfactory

Question 79

Explain the distinction between authorization and approval

Answer 79

• General authorization : management establishes policies for the org to follow. The policies and procedures required for authorising transactions are often documented in a manual.
• Specific authorization has to do with individual transactions. These are normally more significant transactions and require authorization from a higher level of management

Question 80

Discuss adequate documents and records

Answer 80

• Source documents should be:
• sequentially pre-numbered to facilitate control over completeness of recording, unused/ missing documents
• prepared at the time the transation takes place to increase the likelihood of accurately recording details of the transaction
• designed to obtain sufficient details, in certain order, to fulfil business and accounting needs
• sufficiently simple to complete to ensure that they are understood and accurately completed
• have space for signature(s) to identify responsibility for the preparation and/or authorization of the document
• be designed for multiple use, whenever possible, to minimise the number of forms and the times the information must be copied. Here multiple coloured copies work well

Question 81

Explain safeguarding of assets and information

Answer 81

Asset, accounting records and other information and documentation must be physically protected and there should be limited access to these. The use of physical precautions has proved to be effective safeguarding for assets.
Providing off sufficient insurance is another form of safeguarding the assets.

Question 82

Explain independent reviews

Answer 82

Is the careful and continuous review of the other 4 control activities by independent senior management and IA.
Personnel are likely to forget or intentionally fail to follow procedures, / become careless unless someone observes and evaluates their perfomance.

Question 83

What is an essential characteristics of the person(s) performing internal verification activities? (Independent reviews)

Answer 83

Is independence from the individuals originally responsible for preparing the data

Question 84

State the internal control responsibility of management

Answer 84

Management designs and implement control activities and is accountable to the board in this regard. Management has to keep in mind the objectives of internal control when designing an internal control structure.

Question 85

What is the external auditors internal control responsibility?

Answer 85

To express an opinion on the reasonableness of financial statements. When performing a financial audit, they only exam these controls that relate to the financial statements, therefore, the focus is on the evaluation of financial records, accounting systems and related internal controls

Question 86

What is the internal control responsibility of internal auditors?

Answer 86

• The internal audit activity should assist the organisation in maintaining effective controls by evaluating their effectiveness and efficiency and by promoting continuous improvement.
• Internal auditing must identify what nay go wrong, preventing the org from achieving its objectives, and whether the controls in place will prevent these from occurring, before it can assess the effectiveness of the control implemented by management

Question 87

State the advantages of internal control

Answer 87

• Internal control can assist an org to:
• achieve its goals for profitability and outputs
• prevent resource losses
• promote reliable financial reporting
• ensure compliance with legislation and regulation
• prevent the reputation of the org becoming tarnished and the related results

Question 88

State the disadvantages/limitations of internal control

Answer 88

• Internal control cannot do either of the following:
• Ensure an org’s success
• Ensure the reliability of financial reporting and compliance with legislation and regulations

Question 89

Why cannot internal controls ensure an org’s success?

Answer 89

Cannot change management from bad to good.
Factors such as government policy and economic factors are beyond the scope of internal control activities

Question 90

Why cannot internal controls ensure the reliability of financial reporting and compliance with legislation and regulations

Answer 90

• Certain limitations are inherent to all structures of internal control, such as:
• faulty judgement being applied in the decision making process
• ordinary errors being made
• collusion between two or more persons invalidating the structure of internal control
• management having the ability to override the structure
• the design of a system of internal control being limited by available resources, so that the advantages arising from the control have to be compared to the cost

Question 91

State the two divisions of IT control

Answer 91

• General controls
• Application controls

Question 92

Define general controls (IT controls)

Answer 92

As having pervasive effects, meaning that they are weak or absent, they may negate the effects of the application controls.
These controls are not software specific, and control the environment in which system and application software operates

Question 93

What does general controls include?

Answer 93

• organisational controls related to IT personnel
• standard operating procedures for systems
• system documentation controls
• system development and program change controls
• hardware and software controls
• security controls related to IT

Question 94

Explain application controls (IT controls)

Answer 94

Relates to specific software programs and systems in the org.
These controls are designed to ensure completeness, accuracy, authorization and validity of data captured and processed.
Edit checks are checks (controls) programmed into a system or software program to ensure that errors in data will be detected.
Application controls are divided into input, processing and output controls.