Internal Controls I

Question 1

What is corporate governance?

Answer 1

It refers to a system by which companies are directed and managed so that it can identify and manage risks to achieve its objective.

Question 2

What is IT Governance?

Answer 2

A subset of corporate governance, centres on making sure organisation is using IT in a manner that is consistent with the overall organisational strategy.

Question 3

Describe the evolution of corporate governance

Answer 3

1. Corporate collapses in Australia in late 1980s
2. “The Cadbury Report” - UK 1992
3. Corporate Collapses in early 2000s
   - In the US: Enron
   - In Australia: Ansett Airlines, Harris Scarfe, HIH Insurance, One. Tel, ABC Learning Centres
4. Sarbanes Oxley Act - US 2002
5. Recently in Australia:
   - The Hayne Royal Commission - Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry (13 Mar-30 Nov 2018)

Question 4

Outline the principles of corporate governance in Australia.

Answer 4

1. Lay solid foundations for management & oversight
2. Structure the board to add value
3. Instil a culture of acting lawfully, act ethically and responsibly
4. Safeguard the integrity of corporate reports
5. Make timely and balanced disclosure
6. Respect the rights of security holders
7. Recognise and manage risk
8. Remunerate fairly and responsibly

Question 5

Explain the importance of information technology (IT) governance

Answer 5

– Accountability to shareholders and stakeholders.
– Impact all functions and processes.
- IT investment is significant and increasingly being incorporated into organisations: simple (websites, basic e-commerce and electronic communication) and advanced (enterprise resource planning systems)

Question 6

Summarise the principles of COBIT 5

Answer 6

1. Meeting stakeholder needs - Must deliver value back to stakeholders after the investment
2. Covering the enterprise end-to-end
3. Applying a single integrated framework
4. Enabling a hollistic approach
5. Separating governance from management.

Question 7

Who maintains corporate governance principles?

Answer 7

• The Organisation for Economic Co-operation and Development (OECD) Committee: OECD principles of corporate governance.
• The ASX Corporate Governance Council: Corporate Governance Principles and Recommendation

Question 8

What does COBIT framework stand for?

Answer 8

Control Objectives for Information and related Technology.

Question 9

What is internal control and what is it for?

Answer 9

• They are measures (systems and procedures) for corporate governance which are designed, implemented and maintained by those charged with governance, management and other personnel.
• Its primary role is to manage the different risks that the organisation faces and work towards the attainment of organisational goals.

Question 10

What are the three key areas that need to be considered by those with the responsibility of managing IT?

Answer 10

• Agenda setting for IT integration into the overall business strategy.
• Ensuring an appropriate level of investment in IT business capability.
• Successful operational use of IT in routine business activity.

Question 11

What activities should the board of directors and executive managers focus on to fulfil their management obligations that are inherent in IT governance?

Answer 11

– Aligning IT strategy with the business strategy
– Cascading strategy and goals down into the enterprise
– Providing organisational structures that facilitate the implementation of strategy and goals
– Insisting that an IT control framework be adopted and implemented
– Measuring IT’s performance

Question 12

What two sets of principles was COBIT 2019 developed from?

Answer 12

– Principles that describe the core requirements of a governance system for enterprise information and technology (6 principles);
– Principles for a governance framework that can be used to build a governance system for the enterprise (3 principles).

Question 13

Outline the governance system principles from COBIT 2019

Answer 13

1. Provide stakeholder value
2. Hollistic approach
3. Dynamic governance system - IT Governance should be able to move with the market pressure and risk factor that exists in the market.
4. Governance distinct from management
5. Tailored to enterprise needs
6. End-to-end governance system

Question 14

Outline the governance framework principles for COBIT 2019

Answer 14

1. Based on Conceptual Model
2. Open and flexible
3. Aligned to major standards

Question 15

Internal control is designed using what types of control framework? to identify control components and overall objectives.

Answer 15

• legislation or regulation;
• a publicly available framework, such as the Committee of Sponsoring
  Organizations of the Treadway Commission’s Internal Control Integrated
  Framework 2013 (COSO Framework) or COBIT 5*;
• industry-standard, developed specifically to meet the relevant industry;
  or
• in-house development to meet the entity’s needs.

Question 16

How is a control framework used in internal controls?

Answer 16

Internal control is designed using these frameworks in order to identify the control components and overall control objectives to be addressed.

Question 17

Does a direct relationship exist between objectives, components and organisational structure? If so, how?

Answer 17

Yes, because components, which represent what is required to achieve the objectives (what the entity strives to achieve) is influenced by the organisational structure of an entity.

Question 18

What are the three key control objectives for internal control of the COSO framework that assist organisations to focus on various parts of internal control?

Answer 18

– Operations objectives: effectiveness and efficiency of business operations.
– Reporting objectives: the internal and external financial and nonfinancial
reporting obligations of an organisation.
– Compliance objectives: adherence to laws and regulations to which
the organisation is subject.

Question 19

What are the five integrated control components needed to achieve the three control objectives in the COSO framework?

Answer 19

1. the control environment
2. risk assessment
3. control activities
4. information and communication
5. monitoring.

Question 20

What is meant by the component, control environment, in the COSO framework?

Answer 20

The basis (standards, processes, structures) for all internal control practices and impacts operation.

Question 21

What is meant by the component, risk assessment, in the COSO framework?

Answer 21

Assesses various risks (internal and external) that
could inhibit the successful attainment of objectives.

Question 22

What is meant by the component, control activities, in the COSO framework?

Answer 22

Actions established through policies and
procedures to mitigate risks that could inhibit the attainment of
objectives.

Question 23

What is meant by the component, information and communication, in the COSO framework?

Answer 23

Information from internal and external sources to support the
components of internal control.

Question 24

What is meant by the component, monitoring, in the COSO framework?

Answer 24

Monitoring of an internal control system needs to occur regularly for
timely evaluation that ensures controls are present and functioning
and deficiencies are identified.

Question 25

How to identify risks?

Answer 25

Look at financial statements because the assertions in these statements relied on policies, procedures and internal controls in order to be satisfied.

Question 26

True or False: While some risks may not impact the financial statements, other impacts (e.g. increased threats to the business’s position in society) should be considered as part of risk assessment.

Answer 26

True.