Introduction to internal control and information flows Flashcards
Define internal control.
The process designed, implemented and maintained by those charged with governance, management, and other personnel to provide reasonable assurance about the achievement of an entity’s objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations and compliance with applicable laws and regulations.
The term ‘controls’ refers to any aspects of one or more of the components of internal control.
What are three reasons for internal controls?
minimising the company’s business risks
ensuring the continuing effective functioning of the company
ensuring the company complies with relevant laws and regulations
What are three limitations of internal controls?
Human element
Collusion
Unusual transactions - Internal controls are generally only designed for routine, normal transactions
Difficult for small companies - Small companies generally have fewer employees than larger companies, meaning that there are fewer people to
involve in the internal control system. In a small company, if its staff capacity is not such to ensure that lots of people are involved in the internal control system, then the control system will be weaker.
What are the five components of internal control?
- The control environment
- Control activities
- Entity’s risk assessment process
- The information system and communication
- Monitoring of controls
define control environment
- governance and management functions and the attitudes, awareness and actions of those charged with governance and management concerning the entity’s internal control and importance in the entity
- It is reflected in, for example, management style, the corporate culture, values, philosophy and operating style, the organisational structure, personnel policies and procedures.
What is the audit committee?
The audit committee is an important aspect of the control environment of the company. It is a sub-committee of the board of directors responsible for overseeing an entity’s internal control structure, financial reporting and compliance with relevant laws and regulations.
What is the audit committee comprised of?
The audit committee is comprised of non-executive directors. It is a requirement in UK listed companies under the rules of the UK Corporate Governance Code.
What does the UK Corporate Governance Code require the audit committee to have in terms of written terms of reference?
To review the integrity of the financial statements of the company and formal announcements relating to the company’s performance.
To review the company’s internal financial controls and the company’s risk management systems
To monitor and review the effectiveness of the company’s internal audit function (if relevant)
To make recommendations to the board in relation to the external auditor.
To monitor the independence of the external auditor.
To implement policy on the provision of non-audit services by the external auditor.
Define the entity’s risk management process.
A component of internal control that is the entity’s process for identifying business risks relevant to financial reporting objectives and deciding about actions to address those risks, and the results thereof.
Identify relevant business risks –> Estimate the significance of the risks –> Assess the likelihood of occurrence –> Decide upon actions
define business risk
risk resulting from significant conditions, events, circumstances, actions or inactions that could adversely affect an entity’s ability to achieve its objectives and execute its strategies, or from the setting of inappropriate objectives and strategies
what is the entity’s risk assessment process?
process for identifying and analysing risks to achieving the entity’s objectives and forms the basis for how management or those charged with governance determine the risks to be managed
what is the information system and communication?
component of internal control that includes the financial reporting system, and consists of the procedures and records established to initiate,record, process and report entity transactions and maintain accountability for the related assets, liabilities and equity
What aspects of the information system will auditors be interested in?
the classes of transactions that are significant to the entity’s financial statements
the procedures by which transactions are initiated, recorded, processed, corrected and reported
the related accounting records and supporting information
how the information system captures events other than transactions that are significant to the financial statements
the process of preparing the financial statements
Define control activities.
They are the policies and procedures that help ensure that management directives are carried out.
What are five types of control activities?
Authorisation - Approval of transactions/documents
Performance reviews - Review and analysis of actual performance versus budgets, relating different sets of data to one another, comparing internal data with external sources of information, review of functional or activity performance.
Information processing - Controls to check the accuracy, completeness and authorisation of transactions.
Physical controls - Physical security of assets, authorisation for access to computer programs and data files, periodic counting and comparison with the amount shown on accounts.
Segregation of duties - Assigning different individuals the responsibilities of authorising transactions, recording transactions and maintaining custody of assets.
