Internal Controls Flashcards
Why are internal controls designed and what is the focus?
Internal controls are designed to provide reasonable assurance that objectives are achieved and compliance to laws and regulations is obtained. The focus of internal controls are to deal with significant materials account .
TDRA focus and steps.
Top-down risk assesment will focus on the identification and analysis of pertinent risks related to achieving company objectives. Higher levels examined first.
To mitigate these risks, management needs to conclude whether the danger of internal controls are low, medium or high. THIS STEP IS TAKEN AFTER THE INTERNAL CONTROLS ON PLACE HAVE BEEN ASSESSED.
Control objectives related to financial reporting, operational efficiency, and law and regulation compliance include all of the following:
Valid: Only transactions that are valid, authorized, and legal are processed.
Timely recorded/processed: Only transactions that occurred within the period are recorded, and all necessary transactions within a given period are executed.
Accurately recorded: Transactions are accurately recorded free of omissions, accounting categorization errors, and/or mathematical errors.
Supportable: The goods and services received and provided are recorded properly and supported by documentation considered to be standard for normal practices.
Reasonable: Transactions are recorded using standard methodology to determine a value considered to be representative of the transaction.
Adequate representation of rights and obligations: The assets presented on the balance sheet fairly represent the rights of the company, and the liabilities presented fairly represent the obligations.
Funded: Sufficient funds are on hand to meet current obligations.
Appropriateness: The transactions approved directly relate to the goals.
What does positive pay do?
Positive pay prevents or detects fraudulent cash checking.
What is decentralizing and how does this impact lower level managers? What is the problem?
Decentralizing delegates significant responsibility to lower-level managers. They are better suited to make decisions and this increase motivation as they have more control. Problem with decentralizations that some work may be duplicated and goal congruence is difficult to achieve.
SOX requirement for senior financial officers?
Under Sarbanes Oxley act, only the code of ethics for seniors financial officers must be disclosed. Reason must be provided if not code exists.
What are six steps for internal control risk assesment?
Identify threats (Strategic, opeating, financial and information)
Estimate risks
Estimate exposures (Measurement of magnitude of error)
Identify controls (Preventive, detective, and corrective controls)
Estimate costs and benefits
Respond to risks (reduce, accept, share, and avoid)
Process of Monitoring includes?
The process of monitoring includes conducting ongoing and/or separate evaluations and evaluating and communicating deficiencies.
What does top level review include?
Top level reviews include periodic reviews and analysis of actual results versus benchmarks
Under Audit committee standards of SOX act of 2002
Audit committee is operating committee of board of directors, independent of the corporation. Should be someone with significant financial reporting qualifications and experience, but does not need be a financial expert BUT REASON for not having a financial expert must be disclosed.
Change of control procedures include
The change control board approves the change and assigns a project manager.
The project manager makes sure all paperwork has been received and approved.
The project manager sets up schedules for all personnel involved.
The projects are completed.
Changes are tested and approved before release.
Three principals of COSO Information and Communication Component.
The COSO information and communication component has three principles: use relevant information (provided by the accounting system), communicate internally, and communicate externally.
