Internal Controls

Question 1

What are the five components of a comprehensive framework of internal controls (as outlined in the COSO Report) (5)?

Answer 1

1. Control Environment
2. Risk Monitoring and Assessment
3. Control-related policies and procedures
4. Information and communication
5. Monitoring

Question 2

An analysis of management’s fundamental responsibilities would need to address all of the following (4):

Answer 2

1. Effectiveness
2. Efficiency
3. Compliance
4. Financial Reporting

Question 3

The comprehensiveness of an entity’s internal control framework can be assessed on the basis of whether it does all of the following (5):

Answer 3

1. Provides a favorable control environment
2. Continually assesses risk
3. Establishes and maintains effective control-related policies and procedures
4. Effectively communicates information
5. Monitors the effectiveness of control policies and procedures as well as the resolution of potential problems identified by controls

Question 4

A favorable control environment is (3):

Answer 4

1. management is knowledgeable about internal controls
2. management is committed to establishing and maintaining controls
3. management communicates its support for internal controls to staff at all levels

Question 5

Limitations of Internal Controls (3):

Answer 5

1. cost considerations will prevent management from ever installing a “perfect” system
2. subject to management override
3. risk of collusion

Question 6

Managements responsibilities for internal controls can be categorized as follows:

Answer 6

1. Design
2. Implementation
3. Monitoring
4. Reporting

Question 7

Define “Effectiveness”

Answer 7

the extent to which management is achieving its goals and objectives (directly relates to management’s ability to communicate its directives to employees and ensure those directives are being carried out)

Question 8

Define “Efficiency”

Answer 8

attaining goals and objectives with least expenditure of scarce resources

Question 9

Management must demonstrate “Compliance” with?

Answer 9

restrictions imposed by policy, regulation, law or contract (i.e. annual appropriated budget, grantor requirements, state oversight requirements, IRS requirements, bond covenants, and local laws/regulations)

Question 10

Management must use “Financial Reporting” effectively to?

Answer 10

ensure that decision makers, both inside and outside the government, have the financial data they need to make informed decisions

Question 11

Who is primarily responsible for internal controls?

Answer 11

Management

Question 12

Who is ultimately responsible for internal controls?

Answer 12

Governing body

Question 13

The audit committee’s purpose (3):

Answer 13

1. To ensure that the auditor of the financial statements is truly independent of management
2. To provide an objective perspective on matters related to internal controls and the audit of the financial statements
3. To provide a communications link between management, the independent auditor and the governing board

Question 14

Which of the five elements of a comprehensive internal control framework can be viewed as the most important?

Answer 14

Control environment (because the effectiveness of the other four elements ultimately will depend on it)

Question 15

What is the focus of risk monitoring?

Answer 15

A comprehensive internal control framework requires that management attempt on an ongoing basis to identify potential risks that could hinder it from fully realizing any of the four objectives (effectiveness, efficiency, compliance with laws and regulations, proper financial reporting).

Question 16

Significant changes need to be monitored and assessed by management for potential risk. What are some of the types of changes requiring particular attention from management? (6)

Answer 16

1. Changes in the operating environment
2. Changes in personnel
3. Changes in information systems and technology
4. Rapid growth
5. New programs and services
6. Changes in structure

Question 17

Examples of inherent risk: (6)

Answer 17

1. Complexity increases dangers
2. Cash receipts
3. Direct third-party beneficiaries (i.e. food stamps)
4. Degree of centralization
5. Prior problems
6. Prior unresponsiveness to identified control weaknesses

Question 18

A balanced assessment of risk should take these two factors into consideration:

Answer 18

1. Significance

2. Likelihood of occurrence

Question 19

As part of control-related policies and procedures, a suitable accounting system should: (6)

Answer 19

1. Assemble all relevant information
2. Analyze assembled data
3. Classify assembled data
4. Record assembled data
5. Furnish data needed for internal and external financial reporting on a timely basis
6. Maintain accountability over the government’s assets

Question 20

Management’s implicit assertions when issuing financial reports: (5)

Answer 20

1. Existence or occurrence
2. Completeness
3. Rights and obligations
4. Allocation
5. Presentation and disclosure

Question 21

The first step toward controlling financial reporting is to ensure that

Answer 21

all transactions are properly authorized in accordance with management’s policies (require advance approval, require written documentation of approval)

Question 22

The second step toward achieving management’s financial reporting objectives is

Answer 22

to ensure that accounting records are properly designed (sequential numbering of documents, automatic duplicates, gathering info for multiple purposes, avoiding unnecessary information)

Question 23

Ways to secure assets and records include: (4)

Answer 23

1. Controlled access
2. Physical security
3. Backup for computer records
4. Disaster recovery

Question 24

An incompatible duty is

Answer 24

one that would put a single individual in the position of being able to both commit an irregularity and then conceal it

Question 25

The information component of the internal control framework may be considered to be functioning properly when

Answer 25

current, accurate and appropriate information is made available on a timely basis to those who need it

Question 26

To be truly effective, communication must be

Answer 26

multidirectional

Question 27

Why is it essential that management monitor control-related policies and procedures on an ongoing basis?

Answer 27

to ensure that they are continuing to function properly

Question 28

In order to evaluate controls over accounting and financial reporting, management should begin by

Answer 28

breaking down what a government does into manageable groupings of similar or related activities, commonly known as control cycles

Question 29

Once control-related policies and procedures have been identified, the next step is to

Answer 29

determine whether there are appropriate compensating controls in place to counteract or contain each identified risk

Question 30

Two key factors to be considered in assessing vulnerability are:

Answer 30

inherent risk

the quality of the control environment

Question 31

In order to initiate the process of testing controls, management should:

Answer 31

document how transactions and events are supposed to be handled in the particular department, activity or control cycle selected for evaluation (flow chart, walk through)

Question 32

These situations may predispose a given individual to consider committing fraud: (4)

Answer 32

1. Financial stress
2. Addiction
3. Disaffection (feel they have been mistreated)
4. Pathologies

Question 33

The most important cause of fraud is:

Answer 33

Opportunity (which not only permits fraud to occur, but actually promotes it)

Question 34

Costs of fraud: (4)

Answer 34

1. Diversion of public resources from their intended purpose
2. Loss of confidence in the government
3. Loss to the reputation of innocent third parties (guilt by association)
4. Cost to the perpetrator

Question 35

Kiting

Answer 35

borrowing funds from a government then concealing their absence

Question 36

Lapping

Answer 36

borrowing funds by failing to credit a payment made to an account, then later reimbursing the account with payment intended for another account (and on and on)

Question 37

Bid rigging

Answer 37

circumventing the competitive bid process

Question 38

Payroll fraud

Answer 38

paying salaries that have not been earned

Question 39

Healthcare beneficiary fraud

Answer 39

cheating on health insurance coverage by listing as beneficiaries individuals who do not qualify (or no longer qualify) as family members

Question 40

False claims

Answer 40

billing for goods/services not received (substituting an inferior good)

Question 41

Double payments

Answer 41

billing twice for same goods or services

Question 42

Charge-off fraund

Answer 42

making an unexpected collection on a delinquent account, then writing it off as uncollectible

Question 43

Disposal fraud

Answer 43

profiting personally from the disposal of surplus items

Question 44

Travel-claim fraud

Answer 44

cheating on travel claims by claiming expenses they did not actually incur

Question 45

Pilfering

Answer 45

petty theft of supplies and similar items of small monetary value

Question 46

Misuse of assets and services

Answer 46

small-scale misuse of assets and services (such as phone, copier, fax)

Question 47

Petty cash fraud

Answer 47

“borrowing” from the petty cash fund and concealing the missing cash by producing a false register tape

Question 48

Internal controls that can stop fraud before it happens include: (5)

Answer 48

1. Properly designed records (i.e. original documentation)
2. Segregation of incompatible duties
3. Periodic reconciliations
4. Periodic verifications
5. Analytical review

Question 49

The following guidelines can significantly increase the likelihood of detecting fraud when it does occur: (5)

Answer 49

1. Remember that anyone can commit fraud
2. Do not dismiss tips, even when obtained from hostile sources
3. Use analytical review to identify potential problems
4. Carefully examine unusual transactions
5. Carefully examine supporting documentation

Question 50

Steps to investigate fraud: (8)

Answer 50

1. Obtain professional legal help
2. Maintain objectivity
3. Seek out the “best evidence”
4. Obtain documents only from official custodians
5. Maintain a “chain of custody” over potential evidence
6. Exercise care in conducting interviews
7. Retain all written records
8. Discuss the investigation only with competent authorities