Internal Controls and Information Flows Flashcards
What is internal control?
Process designed, implemented and maintained by those charged with governance and management to provide reasonable assurance about the achievement of an entity’s objectives with regards to effectiveness and efficiency, reliability of reporting, and compliance with laws
What are the limitations of internal controls?
Expense - may be no cost benefit
Human element - controls only as good as person operating them
Collusion - 2 or more people working together
Unusual transactions - designed to deal with what routinely happens
What is the control environment?
Governance and management functions, attitudes, awareness and actions of those charged with gov and mgmt, concerning the internal controls.
When do we rely on controls?
If the control environment is strong
What is an audit committee?
A subcommittee of the board of directors responsible for overseeing internal control structure, financial reporting and compliance
What is business risk?
A risk resulting from significant conditions, events, circumstances and actions that could affect the entity’s ability to achieve their objectives
What is the risk assessment process?
Identify risk - estimate impact - assess likelihood - actions to manage
What is the information system and communication?
Procedures by which transactions are initiated, recorded, processed, corrected and reported. How systems capture events and transactions and process of preparing FS - concerned with reliability
What are control activities?
Activities initiated by those charged with governance to safeguard assets by detecting and preventing fraud and error
What are the types of control activities?
Authorisation and approval, reconciliation, verifications, segregation of duties, physical or logical controls, info processing and general IT
What are information processing controls?
Manual or automated procedures that typically operate at a business process level - relates to input, processing and output data
What are general controls?
Policies and procedures that relate to many applications
What are some general controls?
Development of computer applications
Prevention/detection of unauthorised changes
Testing and documentation of changes
Controls to prevent unauthorised amendments to data files
Controls to ensure continuity of company operations
Where do we get information about controls from?
Manuals, policies, minutes
Records of prior deficiencies
Talking
Observation
What documents are used for recording the understanding of the business?
Narrative notes and background info
Questionnaires
Flowcharts and family trees
