Lecture 4

Question 1

internal control

Answer 1

is a process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives

Question 2

reasonable assurance

Answer 2

an organisation meets its objectives

Satisfaction as to the reliability of the information provided

Question 3

management

Answer 3

different people are involved in internal control

people effect how internal controls operate

Question 4

internal control components

Answer 4

• the control environment
• the entity’s risk assessment process
• the information sysstesm
• control activities
• monitoring of controls

Question 5

internal control evironment

Answer 5

managing integrity, ethical values, competence, philosophy, operating style, assignment of authority and responsibility and human resource policies and practices

Question 6

Sarbanes Oxley section 404

Answer 6

requires management to evaluate internal controls every year and requires financial auditors to attest to the evaluation. identify the framework used

Question 7

Sarbanes - section 302

Answer 7

the signing officers must certify that they are responsible for establishing and maintaining internal controls and have designed such internal controls to ensure that material information relating to the company

Question 8

Sarbanes - section 802

Answer 8

criminal penalties for altering documents

Question 9

Preventive controls

Answer 9

designed to stop errors or irregularities occuring

Question 10

detective controls

Answer 10

will not prevent errors from occurring but rather they alert those using the system to errors and anomalies

Question 11

corrective controls

Answer 11

are designed to correct an error or irregularity after it has occurred

Question 12

general controls

Answer 12

a manual and IT control affecting the overall information of the organisation; the objective is to provide a reasonable level of assurance that the overall objectives of internal control are achieved

Question 13

application controls

Answer 13

specific controls over specific applications

Question 14

Security controls

Answer 14

Secure the computing infrastructure from internal and external threats

Question 15

Database controls

Answer 15

database processing involves simulatenously updating of multiple tables

Question 16

Business continuity controls

Answer 16

must develop and follow a sound backup strategy to prevent disruption of business activity due to computer failures and disasters

Question 17

deterrent controls

Answer 17

intended to discourage individuals from intentionally violating information security policies and procedures

Question 18

recovery controls

Answer 18

restore lost computing resources or capabilities and help the organisation recover monetary losses caused by security violation

Question 19

compensating controls

Answer 19

attempt to reduce the risk that an existing or potential control weakness will result in a failure to meet a control objective

Question 20

Limitations of controls

Answer 20

• judegement of error
• unexpected transactions
• collusion
• management override
• weak internal controls
• conflicting signals

Question 21

documenting controls

Answer 21

once controls are established it is essential to ensure that documentation outlines how these controls operate

Question 22

methods of documentation

Answer 22

• narrative descriptions
• questionnaires and check lists
• flow charts
• control matrix