Internal Control

Question 1

Components of internal control

Answer 1

1. Control Enviro
2. Risk assessment
3. Control activities
4. Info + communication
5. Monitoring activities

Question 2

what is internal control?

Answer 2

the organisational plan and all related measures that an entity adopts in order to:

• safeguard the assets the business uses in its operations, - encourage adherence to business policies,
• promote operational efficiency and
• ensure accurate and reliable accounting records

Question 3

effective internal controls- characteristics

Answer 3

1. competent, reliable & ethical personnel
2. assignment of responsibilities,
3. proper authorisation
4. separation of duties

Question 4

how can duties be separated? 1.

Answer 4

1. separation of operations from accounting (accounts not sales personnel should keep inventory records)

Question 5

how can duties be separated? 2.

Answer 5

2. Separation of the custody of the assets from accounting (reduces temptation & fraud if accountants don’t actually handle the cash & if cashiers don’t have access to accounting records, warehouse employees with no accounting duties should handle inventory)

Question 6

what would happen if a warehouse employee was able to handle inventory as well as account for inventory?

Answer 6

they could steal it & write if off as obselete

Question 7

how can duties be separated? 3.

Answer 7

3. Separation of the authorisation of transactions from the custody of related assets (where possible the persons who authorise transactions shouldn’t handle the related asset)

Question 8

why do we need Separation of the authorisation of transactions from the custody of related assets?

Answer 8

Because the person could authorise payments to themselves & then sign the cheques, by separating these duties only legitimate bills are paid

Question 9

how can duties be separated? 4.

Answer 9

4. Separation of duties within the accounting function (different people should perform the various phases of accounting to minimise errors & opportunities for fraud_

Question 10

How can duties within the accounting function be separated?

Answer 10

have different accountants responsible for recording cash receipts and cash payments.
The employee who processes accounts payable and cheque requests should have nothing to do with the approval process

Question 11

How can internal control be implemented (a-c)

Answer 11

a) have clear job descriptions
b) have procedural manual
c) appropriate authorisation process

Question 12

How can internal control be implemented (d-f)

Answer 12

d) use comparative financial statements
e) have clear guidelines about personal use of assets
f) train staff appropriately, get their feedback

Question 13

How can internal control be implemented (g-i)

Answer 13

g) require 2 signatures on payments for above a specified amount
h) keep detailed records of assets - limit access to records
i) use firewalls & change pw frequently

Question 14

Internal control & E-Commerce - how are new risks created?

Answer 14

it creates new risks. Buying & selling over internet can give hackers access to confidential info unavailable in face to face transactions.
CONFIDENTIALITY IS A SIGNIFICANT CHALLENGE FOR E-COMMERCE

Question 15

What are the problems created for internal control by e-commerce ?

Answer 15

1) stolen credit card nos
2) computer viruses, trojan horses
3) impersonation of companies

Question 16

What are the key features of e-commerce that challenge internal control?

Answer 16

a) no paper trail for E-transactions
b) internal control must be inter-organisational
c) new risks (loss of transaction integrity, pervasive security risks)
d) internet a public, not a private network
e) lack of technical expertise (will have to use service agencies, creating new risks, w implications for business & auditor potentially)
f) legal and technological issues (different legal frameworks around the world, dif. privacy rules, enforceability of contracts & different legalities of activiteis)

Question 17

What special considerations/measures can be implemented to combat the threats to internal control for e-commerce? (1-5)

Answer 17

1. ensure proper knowlegde & skills of staff regarding the effects of e-commerce
2. use fraud prevention tools to reduce risk
3. Extend and expand policies to cover e-commerce
4. align e-commerce with overall strategy
5. Be aware of implications of outsourcing

Question 18

What special considerations/measures can be implemented to combat the threats to internal control for e-commerce? (6-10)

Answer 18

6. Ensure access to records for audit purposes
7. comply w payment card industry data security standards
8. ensure legal & regulatory issues are understood
9. Ensure use of firewalls & virus protection
10. Use encryption to protect messages

Question 19

Firewalls

Answer 19

limit access to local network, only enable members to use, usually several

Question 20

Encryption

Answer 20

message unintelligible for those not intended to receive

Question 21

Limitations of internal control

Answer 21

a) cost of establishing procedure shouldn’t exceed benefit
b) collusion- human element working together to commit fraud can sometimes not be prevented by the above measures
c) size of business (too small or too large)
d) dishonesty, judgement errors
e) unexpected transactions
f) management override
g) weak internal controls

Question 22

Collusion- Limitations of internal control

Answer 22

systems designed to thwart an individual employee’s fraud can be overcome by 2+ employees colluding to defraud the firm
- having greater supervision of employees would help this but detract from other activities

Question 23

What happens as internal control become stricter?

Answer 23

more expensive & time consuming–> efficiency is hurt.
This highlights that managers are required to make sensible judgements and that the strictness of the IC is subjective to the business itself, & size.

Question 24

Investments into internal control must be

Answer 24

judged in light of the costs & benefits

Question 25

The bank account as a control device? What does this meannnnn

Answer 25

Cash is the most liquid asset (as the medium of exchange)- it can often exist in a bank’s accounting system with no accompanying paper cheques or deposit slips.
- it’s easy to conceal, move & steal.

Question 26

What must businesses do to safeguard their cash (as a result of it being easy to conceal, move & steal)?

Answer 26

Use an elaborate system of of internal controls to safeguard & manage their cash

Question 27

Advantages of keeping cash in a bank?

Answer 27

banks already have their own practices for safeguarding cash + they have depositors with detailed records of cash transactions.
Can be used as a depository & clearing house for cheques received & written
Minimises cash kept on hand

Question 28

How can a business take advantage of the full advantages of a bank’s control features?

Answer 28

deposit all cash receipts in the bank account & make (all) cash payments through it

Question 29

What documents control a bank account?

Answer 29

signature card
deposit slip
cheque- multiple signatures
bank statement

Question 30

Types of separation of duties

Answer 30

1. separation of operations from accounting
2. Separation of the custody of the assets from accounting
3. Separation of the authorisation of transactions from the custody of related assets
4. Separation of duties within the accounting function

Question 31

How are procedures in internal control similar to systems within MYOB?

Answer 31

Manual: Requiring the signature of a manager for payments
MYOB: setting up passwords to give authority over different parts of the system

Question 32

What are examples of 1. Controlling the environment?

Answer 32

Integrity and Ethical Values
Commitment to Competence
Board of Directors and Audit Committee
Management’s Philosophy and Operating Style
Organisational Structure
Assignment of Authority and Responsibility
Human Resource Policies and Procedures

Question 33

What are examples of 2. conducting a riskt assessment?

Answer 33

Company-wide Objectives
Process-level Objectives
Risk Identification and Analysis
Managing Change

Question 34

what are examples of 3. controlling activities?

Answer 34

Policies and Procedures
Security (Application and Network)
Application Change Management
Business Continuity/Backups
Outsourcing

Question 35

what are examples of 4. ensuring information + communication

Answer 35

Quality of Information

Effectiveness of Communication

Question 36

what are examples of 5. Monitoring activities?

Answer 36

Ongoing Monitoring
Separate Evaluations
Reporting Deficiencies

Question 37

What are the main components of internal control?

Answer 37

i. run enterprise competently (have clear guidelines of responsibilities and job descriptions)
ii. Establish clear lines of responsibility (having clear job descriptions)
iii. Maintain effective records (have clear procedural manuals, limit access to records)
iv. Separate record keeping from handling assets
v. adequately pay & motivate employees (employee reliable, ethical & competent personnel)
vi. Carry insurance on assets
vii. Physically protect sensitive assets.

Question 38

Two categories of internal control

Answer 38

preventative (policies & procedures designed to prevent fraud) or detective (ie examining info, performance reviews, internal/external auditing)

Question 39

What must the key elements of internal control ALWAYS INCLUDE

Answer 39

1. a good staff profile with an emphasis on honesty and capability
2. existence of a clear system of responsibility, authority, delegation and separation of duties
3. proper procedures for ensuring transactions are properly processed
4. production of suitable documents and accounting records so as to leave an audit trail
5. appropriate control over assets
6. independent verification of performance
7. processes for checking the IT systems, to ensure that disaster recovery is possible, security is sound, and that laws are not breached (e.g. those that relate to privacy