Internal Control Flashcards
Components of internal control
- Control Enviro
- Risk assessment
- Control activities
- Info + communication
- Monitoring activities
what is internal control?
the organisational plan and all related measures that an entity adopts in order to:
- safeguard the assets the business uses in its operations, - encourage adherence to business policies,
- promote operational efficiency and
- ensure accurate and reliable accounting records
effective internal controls- characteristics
- competent, reliable & ethical personnel
- assignment of responsibilities,
- proper authorisation
- separation of duties
how can duties be separated? 1.
- separation of operations from accounting (accounts not sales personnel should keep inventory records)
how can duties be separated? 2.
- Separation of the custody of the assets from accounting (reduces temptation & fraud if accountants don’t actually handle the cash & if cashiers don’t have access to accounting records, warehouse employees with no accounting duties should handle inventory)
what would happen if a warehouse employee was able to handle inventory as well as account for inventory?
they could steal it & write if off as obselete
how can duties be separated? 3.
- Separation of the authorisation of transactions from the custody of related assets (where possible the persons who authorise transactions shouldn’t handle the related asset)
why do we need Separation of the authorisation of transactions from the custody of related assets?
Because the person could authorise payments to themselves & then sign the cheques, by separating these duties only legitimate bills are paid
how can duties be separated? 4.
- Separation of duties within the accounting function (different people should perform the various phases of accounting to minimise errors & opportunities for fraud_
How can duties within the accounting function be separated?
have different accountants responsible for recording cash receipts and cash payments.
The employee who processes accounts payable and cheque requests should have nothing to do with the approval process
How can internal control be implemented (a-c)
a) have clear job descriptions
b) have procedural manual
c) appropriate authorisation process
How can internal control be implemented (d-f)
d) use comparative financial statements
e) have clear guidelines about personal use of assets
f) train staff appropriately, get their feedback
How can internal control be implemented (g-i)
g) require 2 signatures on payments for above a specified amount
h) keep detailed records of assets - limit access to records
i) use firewalls & change pw frequently
Internal control & E-Commerce - how are new risks created?
it creates new risks. Buying & selling over internet can give hackers access to confidential info unavailable in face to face transactions.
CONFIDENTIALITY IS A SIGNIFICANT CHALLENGE FOR E-COMMERCE
What are the problems created for internal control by e-commerce ?
1) stolen credit card nos
2) computer viruses, trojan horses
3) impersonation of companies
What are the key features of e-commerce that challenge internal control?
a) no paper trail for E-transactions
b) internal control must be inter-organisational
c) new risks (loss of transaction integrity, pervasive security risks)
d) internet a public, not a private network
e) lack of technical expertise (will have to use service agencies, creating new risks, w implications for business & auditor potentially)
f) legal and technological issues (different legal frameworks around the world, dif. privacy rules, enforceability of contracts & different legalities of activiteis)
What special considerations/measures can be implemented to combat the threats to internal control for e-commerce? (1-5)
- ensure proper knowlegde & skills of staff regarding the effects of e-commerce
- use fraud prevention tools to reduce risk
- Extend and expand policies to cover e-commerce
- align e-commerce with overall strategy
- Be aware of implications of outsourcing
What special considerations/measures can be implemented to combat the threats to internal control for e-commerce? (6-10)
- Ensure access to records for audit purposes
- comply w payment card industry data security standards
- ensure legal & regulatory issues are understood
- Ensure use of firewalls & virus protection
- Use encryption to protect messages
Firewalls
limit access to local network, only enable members to use, usually several
Encryption
message unintelligible for those not intended to receive
Limitations of internal control
a) cost of establishing procedure shouldn’t exceed benefit
b) collusion- human element working together to commit fraud can sometimes not be prevented by the above measures
c) size of business (too small or too large)
d) dishonesty, judgement errors
e) unexpected transactions
f) management override
g) weak internal controls
Collusion- Limitations of internal control
systems designed to thwart an individual employee’s fraud can be overcome by 2+ employees colluding to defraud the firm
- having greater supervision of employees would help this but detract from other activities
What happens as internal control become stricter?
more expensive & time consuming–> efficiency is hurt.
This highlights that managers are required to make sensible judgements and that the strictness of the IC is subjective to the business itself, & size.
Investments into internal control must be
judged in light of the costs & benefits
The bank account as a control device? What does this meannnnn
Cash is the most liquid asset (as the medium of exchange)- it can often exist in a bank’s accounting system with no accompanying paper cheques or deposit slips.
- it’s easy to conceal, move & steal.
What must businesses do to safeguard their cash (as a result of it being easy to conceal, move & steal)?
Use an elaborate system of of internal controls to safeguard & manage their cash
Advantages of keeping cash in a bank?
banks already have their own practices for safeguarding cash + they have depositors with detailed records of cash transactions.
Can be used as a depository & clearing house for cheques received & written
Minimises cash kept on hand
How can a business take advantage of the full advantages of a bank’s control features?
deposit all cash receipts in the bank account & make (all) cash payments through it
What documents control a bank account?
signature card
deposit slip
cheque- multiple signatures
bank statement
Types of separation of duties
- separation of operations from accounting
- Separation of the custody of the assets from accounting
- Separation of the authorisation of transactions from the custody of related assets
- Separation of duties within the accounting function
How are procedures in internal control similar to systems within MYOB?
Manual: Requiring the signature of a manager for payments
MYOB: setting up passwords to give authority over different parts of the system
What are examples of 1. Controlling the environment?
Integrity and Ethical Values
Commitment to Competence
Board of Directors and Audit Committee
Management’s Philosophy and Operating Style
Organisational Structure
Assignment of Authority and Responsibility
Human Resource Policies and Procedures
What are examples of 2. conducting a riskt assessment?
Company-wide Objectives
Process-level Objectives
Risk Identification and Analysis
Managing Change
what are examples of 3. controlling activities?
Policies and Procedures Security (Application and Network) Application Change Management Business Continuity/Backups Outsourcing
what are examples of 4. ensuring information + communication
Quality of Information
Effectiveness of Communication
what are examples of 5. Monitoring activities?
Ongoing Monitoring
Separate Evaluations
Reporting Deficiencies
What are the main components of internal control?
i. run enterprise competently (have clear guidelines of responsibilities and job descriptions)
ii. Establish clear lines of responsibility (having clear job descriptions)
iii. Maintain effective records (have clear procedural manuals, limit access to records)
iv. Separate record keeping from handling assets
v. adequately pay & motivate employees (employee reliable, ethical & competent personnel)
vi. Carry insurance on assets
vii. Physically protect sensitive assets.
Two categories of internal control
preventative (policies & procedures designed to prevent fraud) or detective (ie examining info, performance reviews, internal/external auditing)
What must the key elements of internal control ALWAYS INCLUDE
- a good staff profile with an emphasis on honesty and capability
- existence of a clear system of responsibility, authority, delegation and separation of duties
- proper procedures for ensuring transactions are properly processed
- production of suitable documents and accounting records so as to leave an audit trail
- appropriate control over assets
- independent verification of performance
- processes for checking the IT systems, to ensure that disaster recovery is possible, security is sound, and that laws are not breached (e.g. those that relate to privacy