Introduction To Internal Control Flashcards

1
Q

What is a system of internal control?

A

Designed implemented and maintained by those charged with governance, management and other personell

To provide reasonable assurance the entity achieves financial reporting objectives, effectiveness, efficiency of operations and compliance with laws and regulations

To address identified business risks that threaten these objectives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Some limitations of internal controls

A

Human error
Unusual transactions
Collusion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Limitations of internal controls in small companies

A

Informal nature/lack of documentation
Limited numbers of staff detriment segregation of duties

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Are D’s applying Uk CGC required to report on risk management and systems of internal control in the company’s annual report?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Components of internal control

A
  1. Control environment
  2. Risk assessment process
  3. Info system and communication
  4. Control activities
  5. Monitoring
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the control environment?

A

Government and management functions

Attitude, awareness and actions of those charged with G+M concerning internal control + its importance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Examples of strong control environment

A

Existence of audit committee
Internal audit function
Effective documentation of controls
Importance of controls communicated
No management override
Recruitment of employees with integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Is an audit committee required under UK CGC?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is an audit committee required to have?

A

Written terms of reference

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Can business risk arise from setting inappropriate objectives and strategies?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Developing internal controls to address business risks process

A
  1. Identify relevant business risks
  2. Estimate their significance
  3. Assess likelihood of their occurrence
  4. Decide actions to address risks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Examples of circumstances that cause risks

A

Changes in operating environment
New personell
New Information system
Rapid growth
Restructuring
New technology
New business models
New products
New activities
Expanded foreign operations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Information systems and communication

A

A component of internal control

Including the financial reporting system

Consists of procedures and records
To initiate, record, process and report entity transactions

And maintain accountability for the related assets, liabilities and equity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Examples of elements of information systems and communication that auditors are interested in

A

Identifying significant classes of transactions
Systems for preparing FS
Accounting software used
Related accounting records and supporting information
Roles and responsibilities allocated to personell
Danger of internal controls being overridden at the FS preparation stage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are control activities?

A

The policies and procedures that help ensure management directives are carried out

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

ISA (UK) 315 types of control activities

A
  1. Authorisation + approval
  2. Reconciliations
  3. Verifications
  4. Physical/logical controls
  5. Segregation of duties
17
Q

Authorisation

A

Affirms transaction is valid

18
Q

Authorisation usually takes form of…

A

Approval by higher management

Or verification

19
Q

Approval

A

Automatic

20
Q

Reconciliations

A

Compare 2 (or more) data elements.

If differences are identified then action is taken to bring data into agreement.

Generally address completeness or accuracy of processing transactions

21
Q

Verifications

A

Compare 2 (or more items) with each other
Or to policy

Likely includes follow up action when they don’t match

Generally address completeness, accuracy or validity of processing transactions

22
Q

Physical or logical controls examples

A

Secured facilities
Banking cash immediately
Authorisation to filed
Electronic tagging of inventory and portable non-current assets

23
Q

Segregation of duties examples

A

Authorising transactions
Recording transactions
Maintaining custody over assets

24
Q

2 general types of computer controls

A
  1. General IT controls
  2. Information processing controls
25
Q

General IT controls definition

A

Support continued proper operation
Including information processing controls
And integrity of the information (completeness, accuracy and validity)

E.g. controls over system design, programming, documentation.
Testing system performance
Staff training
Password protection
Restricting physical access to central computers
Virus checks
Black ups off site
Disaster recovery procedures

26
Q

Information processing controls

A

Can be IT or manual

Directly assessed risks to the integrity of information
(I.e. completeness, accuracy, and validity of transactions and other info)

27
Q

4 types of information processing controls

A
  1. Input completeness
  2. Input accuracy
  3. Input authorisation
  4. Standing data
28
Q

Controls over input completeness examples

A

Sequence checks
Document counts
Onto to one checking of processed output to source documents
Procedures over resubmission of rejected data

29
Q

Controls over input accuracy examples

A

Existence checks e.g. customer name
Reasonableness checks e.g. VAT to total
Character checks e.g. no unexpected characters in ref no.
Range checks e.g. no timesheet processed over certain no. weekly hours

30
Q

Controls over input authorisation definition

A

Manual

To ensure information was authorised and input by authorised personell

31
Q

Controls over standing data

A

One to one checking of amendments to source documents

Periodic review

32
Q

Who is recommended to monitor the actions of the executive related to cyber security?

A

NEDs/ Audit committee

33
Q

What does understanding systems and controls allow an external auditor to do?

A
  1. Assess level of control risk
  2. Determine audit approach
34
Q

The auditor must document the client’s internal controls. What are 3 ways of doing that?

A
  1. Narrative notes
  2. Questionnaires/Checklists
  3. Diagrams/flowcharts
35
Q

Narrative notes

A

Good for simple systems
Juniors can complete

36
Q

Questionnaires/Checklists pros

A

Easy to complete

Covers all areas

37
Q

Questionnaires/Checklists cons

A

May overstate controls

Not tailored to client

38
Q

Diagrams/Flowcharts pro

A

Best for complex system overview

39
Q

Diagrams/Flowcharts cons

A

Complex and time-consuming to prepare

Reader needs to understand symbols used