Module 3 Flashcards
Components of internal control
There are five - CRIME. Control activities Risk assessment systems Information systems Monitoring of controls Control environment
What are control activities
policies and procedures management put in place to ensure their directives are carried out
What are Risk assessment systems
Process by which business risks are identified and managed
What are Information systems
Record financial and non-financial data to maintain accountability
Monitoring of controls
Ongoing assessment by management
Control environment
Overall attitude - tone
What are Business processes
series of activities that enable a company to meet one or more of its objectives
Business risk
the threat an action or event will adversely affect the orgs ability to achieve its objectives
Accounting information systems
structures used by organisations to collect, store and process financial and accounting data
Preventative controls
stop errors happening
Detective controls
pick up errors after they’ve happened
Control activities categories
APIPS Authorisation controls Performance reviews Information processing controls Physical controls Segregation of duties
Authorisation controls
transactions authorised by personnel wihtin their scope of authority
Performance Review
Management can review information highlighting any exceptions or controls not working
Physical controls
Limit access to assets or important records
Segregation of duties
Mitigates risk that someone could commit fraud or error and then conceal it
Sub categories of Information processing controls
- IT General Controls
- Application controls 2.1 IT Application Controls
2. 2.Manual Application Controls
(ITGCs) IT general controls
bubble around the IT systems and controls don't operate at the transaction level APOC Access to programs and data program changes and development computer operations continuity of operations
e.g. use of passwords and id hardware and software are adequate maintaining IT systems backup and recovery procedures
What are Application controls
Operate at the transaction level and apply to processing of specific types of transactions to ensure they are genuine, accurate and complete.
Both manual and automated
Specific examples of IT Application controls
Audit log, Batch controls, programmed editing, calculation, Check digits and exception reports
What are entity-level controls
controls that help establish the tone and culture. May be known as soft controls.
e.g.
Code of Ethics, handbook, values
Limitations of Internal Control Systems
RC CHUM Relevancy Cost Collusion Human Error Unusual/ infrequent transactions Managerial override
IT Risks
Related to APOC
Access to programs and data
All staff should know the policies.
Access should be restricted via
-physical access e.g. access cards, separate computer room
- user access by user ID and passwords
-administrator access- only to appropriate staff
Program Changes and Development
Must consider DATA
Authorisation, development, testing, approval
What is the Systems Development Life Cycle
process to introduce, develop, maintain and enhance software
Computer Operations
Need to make sure they run efficiently to achieve business objectives. Should consider job processing, backup and recovery and incident and problem management procedures.
Continuity of Operations
Most organisations will have disaster recovery plan
