Internal Controls

Question 1

What are internal controls?

Answer 1

Refers to the policies, plans, and procedures that managers of an organisation conduct to ensure the protection of assets, completeness and accuracy of financial information, and that business objectives are met.

Question 2

What does CAAT stand for?

Answer 2

Computer-assisted auditing techniques
Used to test the automated controls in an organisation

Question 3

What is the 2001 Statement on Auditing Standards (SAS) No. 94

Question 4

What is the Sarbanes-Oxley Act (SOX) of 2002?

Question 5

What are the 4 objectives of internal control systems?

Answer 5

1. Safeguard assets
2. Ensure accuracy and reliability of accounting information
3. promote operational efficiency
4. Enforce prescribed managerial policies

Question 6

What is the COSO framework?

Answer 6

Used by managers to organise and evaluate corporate governance structure

Question 7

According to the 1992 COSO report, what are the 5 components required for an internal control system?

Answer 7

1. Control environment
2. Risk Assessment
3. Control Activities
4. Information and Communication
5. Monitoring

Question 8

What are some common control activities used in organisational internal control systems?

Answer 8

1. A good audit trail
2. Sound personnel policies and practices
3. Separation of duties
4. Physical protection of assets

Question 9

A cash disbursement clerk issues a cheque that has been approved by the treasurer. This is an example of:

a.
separating record-keeping from asset custody.

b.
separating transaction authorisation from record-keeping.

c.
separating transaction processing to transaction authorisation.

d.
separating asset custody from transaction processing

Answer 9

c
separating transaction processing to transaction authorisation.

Question 10

A computer virus is found in a file in the computer system. Because a solution for recovering the file is not yet available, the infected file is quarantined by the antivirus software. Quarantining the infected file is an example of:

a.
preventive control.

b.
detective control.

c.
Corrective control.

Question 11

An example of an output control in a payroll system may be that:

a.
only the payroll clerk can process payments made to employees.

b.
only an employee with a valid employee number and password can request a summary of wages received over the past month.

c.
only the payroll clerk can enter payroll details each month

Answer 11

b.
only an employee with a valid employee number and password can request a summary of wages received over the past month.

Question 12

Authorisation in a computerised information system can be established through: (i) user privileges. (ii) user access rights. (iii) restrictions on what different users are able to do within the system.

a.
(i) (ii) (iii)

b.
(i) (iii)

c.
(ii) (iii)

d.
(i) (ii)

Answer 12

a.
(i) (ii) (iii)

Question 13

What is a general control?

Question 14

What is an application control?

Question 15

What are the 4 controls for computerised AIS?

Answer 15

1. Proper Authorisation
2. Proper Recording
3. Completeness
4. Timeliness

Question 16

The comparison of actual and budgeted figures and the conduct of variance analysis to determine the source of the variance is a type of:

a.
information processing control.

b.
general control.

c.
application control.

d.
performance review.

Answer 16

d.
performance review.

Question 17

Segregation of duties is a principle that applies to which sections of an organisation?

a.
Office staff who have to deal with money matters.

b.
Throughout the organisation including office staff, accountants and IT workers.

c.
Accountants.

d.
Programmers and computer support staff, who could interfere with the accounting information system.

Answer 17

b.
Throughout the organisation including office staff, accountants and IT workers.

Question 18

Internal controls do not control:

a.
physical assets in an organisation.

b.
human behaviours in an organisation.

c.
business process efficiencies in an organisation.

d.
information resources in an organisation.

Answer 18

c.
business process efficiencies in an organisation.

Question 19

Which of the following statement regarding internal control is correct?

a.
Internal controls can prevent and detect anomalous and undesirable occurrences, but they cannot reverse the effects caused by such occurrences.

b.
Internal controls are only implemented in the most important functions of an organisation.

c.
Internal controls do not concern about natural disasters and other catastrophic disruptions.

d.
Internal controls provide a degree of assurance that the organisation and its systems are running normally.

Answer 19

d.
Internal controls provide a degree of assurance that the organisation and its systems are running normally.

Question 20

Which one of the following is often overlooked by businesses when it comes to internal control?

a.
Fraud.

b.
Errors in data.

c.
Theft of business data.

d.
Disaster recovery.

Answer 20

d. Disaster recovery

Question 21

How does pre-numbering behave as a control?

Answer 21

This is because using the sequential or alphabetical arrangement of the given booklet helps in keeping track of data & there are lesser chances of frauds by employees as the documents can be easily reconciled in terms of dates & entries.
Any missing pages can be immediately identified & investigated.

Question 22

When does the revenue cycle commence?

Answer 22

When a customer indicates they wish to purchase a good or service