Introduction to internal control Flashcards
Define internal control (2)
- The process designed and implemented by those charged with governance, management, and other personnel
- Provides reasonable assurance about the achievement of the entity’s objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations and compliance with applicable laws and regulations.
What is the purpose of internal controls?
To help an organisation to achieve its objectives and mitigate its risks
What are the limitations of internal controls? (4)
CUTSCHE
- COLLUSION
- UNUSUAL TRANSACTIONS tend to be outside the scope of control systems
- Special considerations in SMALL COMPANIES
- HUMAN ERROR
What are the special considerations in small companies that limit the effectiveness of internal controls? (2)
- Informal nature/lack of documentation
2. Limited numbers of staff make segregation of duties difficult
What does ISA 315 set out as the components of internal control? (5)
AIMER
- Control ACTIVITIES
- INFORMATION SYSTEM
- MONITORING
- Control ENVIRONMENT
- RISK ASSESSMENT process
Define control environment
- governance and management functions
- attitudes, awareness, and actions of those charged with governance and management concerning the entity’s internal control and its importance in the entity
Define audit committee
A subsection of the board of directors that has a particular interest in the accounting and finance activities of the company
Key features of an audit committee
NORU
- Comprised of NON-EXECUTIVE DIRECTORS
- OVERSEES the financial statements, internal audit, and external audit
- Required to have written terms of REFERENCE
- Requirement for UK listed companies under the UK CORPORATE GOVERNANCE CODE
Define risk assessment process
The process by which management in a business identifies business risks relevant to financial reporting objectives and decides what actions to take to address those risks
What are the stages of the risk assessment process? (4)
- Identify relevant business risks
- Estimate the significance of the risks
- Assess the likelihood of occurrence
- Decide on actions to address the risks
What sort of actions might be taken to address risks uncovered in a risk assessment?
Control activities, insurance, changes in operations
Define information systems
Comprises all the information that flows into the financial statements and includes the process of financial statement preparation
Define control activities
Manual or computerised procedires that help an organisation to achieve its objectives and mitigate the business risk it faces
What are the five different types of control activities set out by ISA 315? (5)
SPIRA
- Segregation of duties
- Physical controls
- Information processing, including computer controls
- Review of performance
- Authorisation
Define general controls
Policies and procedures that relate to many applications and support the effective function of application controls by helping to ensure the CONTINUED PROPER OPERATION of information systems
Define application controls
MANUAL or AUTOMATED procedures that apply to individual areas within the system to ensure COMPLETENESS, ACCURACY, and VALIDITY of the recording and processing of transactions
What sort of computer control are virus checks on software on employees’ computers?
General
Which component of ISA 315 ‘Identifying and Assessing the Risks of Material Misstatement Through Understanding of the Entity and its Environment’ does the process of preparing the financial statements illustrate?
Information system
Which component of ISA 315 ‘Identifying and Assessing the Risks of Material Misstatement Through Understanding of the Entity and its Environment’ does locking the inventory storeroom illustrate?
Control activities
Are companies required to have an audit committee?
Only listed companies
Whose attitude is a significant aspect of an entity’s control environment?
Directors and other senior staff
Which type of internal control activity is illustrated by the financial controller counting petty cash on a monthly basis?
Physical control
Which type of internal control activity is illustrated by there being two keys to a safe; one held by the finance director and the other by the managing director?
Physical control
Which type of internal control activity is illustrated by the financial controller reconciling the receivables ledger to the receivables ledger control account monthly?
Information processing; are undertaken to check the completeness and accuracy of information
Which type of internal control activity is illustrated by the receivables ledger clerk posting invoices to the receivables ledger and the cash book clerk posting cash receipts to the receivables ledger?
Segregation of duties
What type of system would be the simplest way of recording a straightforward system not subject to a great deal of change annually?
Narrative notes
Define monitoring controls
Controls that consider the adequacy of internal controls in the light of changes in the environment and business risks. Includes reviewing the effectiveness of controls.
Which type of internal control activity is illustrated by the financial controller reconciling the payables ledger to the payables ledger account?
Information processing
Which component of ISA 315 ‘Identifying and Assessing the Risks of Material Misstatement Through Understanding of the Entity and its Environment’ does the entity’s internal audit function illustrate?
Monitoring of controls; the internal audit function monitors controls that are already in operation
Which component of ISA 315 ‘Identifying and Assessing the Risks of Material Misstatement Through Understanding of the Entity and its Environment’ does the audit committee illustrate?
Control environment; the audit committee contributes to the status of internal controls within an organisation
Who appoints and recommends the external auditor?
The external auditor is appointed by shareholders but the audit committee makes recommendations in relation to this.
Define input completeness
All valid events and objects are captured and entered into a system