internal controls

Question 1

Definition of Internal Control

Answer 1

A process effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting and compliance.

Question 2

Four basic purposes of internal controls

Answer 2

Safeguard assets, ensure reliable financial reporting, promote operating efficiency, encourage compliance with management directives.

Question 3

Three functions that relate to separation of duties

Answer 3

Custodial function: Handling cash, handling inventories, tools or FA, writing cheques, receiving cheques in the mail.

Recording function: Preparing SD, entering data online, maintaining journals, files, ledgers & databases, preparing reconciliations, preparing performance reports

Authorisation function: Authorising decisions or transactions

Question 4

Inherent risk

Answer 4

Exists before management takes any steps to control the likelihood and impact of an event

Question 5

Residual risk

Answer 5

Remains after management implements internal controls or some other response to risk

Question 6

Types of internal controls

Answer 6

Physical - swipe cards, passwords
Information system - software
Application - ensure transactions are correctly processed, accurate, reliable, valid and complete

Question 7

Brown’s Taxonomy of Risk

Answer 7

Financial: Market risk, credit risk, liquidity risk

Operational: Systems risk, human error risk

Strategic: Legal and regulatory risk, business strategy risk

Hazard: Director’s and officer’s liability risk

Question 8

Functions of Internal controls

Answer 8

Preventive: Minimises the risk of an undesired event before they arise

Detective: Alerts relevant parties that an event has occurred

Corrective: Takes steps to prevent the event happening again and fixes the resulting loss

Question 9

General authorisation

Answer 9

Any employee can process transactions under $1,000

Question 10

Specific authoristion

Answer 10

A manager is required for any transactions over $1,000

Question 11

Three functions of duties

Answer 11

Custodial, recording, authorisation

Question 12

Examples of custody function

Answer 12

• Handling cash
• Handling inventories, tools, or fixed assets
• Writing cheques
• Receiving cheques in the mail

Question 13

Examples of recording function

Answer 13

• Preparing source documents
• Entering data online
• Maintaining journals, files, ledgers, databases
• Preparing reconciliations
• Preparing performance reports

Question 14

Examples of authorisation function

Answer 14

• Authorising decisions and transactions

Question 15

Cost/benefit analysis

Answer 15

Impact
Likelihood
Expected loss
Reduction in expected loss
Cost
Net benefit

Question 16

COSO Framework

Answer 16

1. Control environment
2. Risk assessment
3. Control activities
4. Information and communication
5. Monitoring

Question 17

1. Control environment

Answer 17

Organisation’s overall attitude about internal controls

e.g. training, communication, having an open door policy

Question 18

2. Risk assessment

Answer 18

Organisation’s risk exposures, uses Brown’s taxonomy. It is critical to identify in order to create internal controls
e.g. the wireless network may be compromised

Question 19

3. Control activities

Answer 19

Specifies internal controls to address the risks, these can be policies, processes, procedures etc (preventive, detective, corrective).
e.g. strong network security, firewalls, data encryption

Question 20

4. Information and communication

Answer 20

How internal control plan is disseminated through out the organisation, how shareholders are made aware of IC plans
e.g. required annual training on internal control

Question 21

5. Monitoring

Answer 21

Ensuring ongoing effectiveness and adapts to changing risks

e.g. committee reviews and updates the internal control plan regularly