Module 3: Internal Control Systems Flashcards
What assurance does a sound system of internal controls provide to directors?
- The reliability of financial reporting
- The effectiveness and efficiency of operations
- Compliance with applicable laws and regulations
What are the 5 components of internal control (MC RICE)?
- Control environment - The overall attitude, awareness and actions of directors and management regarding control activities and their importance in the company. Example, management providing a staff manual to employees outlining key processes/procedures.
- Risk assessment process - The process by which business risks are identified and managed by the company. Should be carried out on a regular basis.
- Information systems - Companies use information systems to record financial transactions and non-financial data. Communication helps to monitor progress against company objectives. Example is a payroll system.
- Control activities - The policies and procedures that management put in place to ensure that their directives are carried out and mitigate risks to the achievement of these objectives. Example, requiring significant payments to suppliers to be authorised by a responsible figure.
- Monitoring of controls - This involves an ongoing assessment by management of the internal control systems
What is a business process?
A series of activities that enable a company to meet one or more of its objectives. They cover every conversion of business transactions to financial statements as well as non-financial information flows. Example, human resources process.
What is business risk?
The threat that an action or event will adversely affect the organisations ability to achieve its objectives. Control activities will mitigate this risk.
What is an accounting information system?
Structures used by organisations to collect, store and process financial and accounting data.
What are control activities and what are the two elements of them?
Control activities provide management with assurance over the validity, completeness and accuracy of data and will either be preventative (stops errors happening) or detective (picks up errors after they’ve happened).
Two elements are:
1. The policies which establish what should be done
2. The procedures required to implement the policies.
What are the five control activities? (APIPS)
- Authorisation controls
- Performance reviews
- Information processing controls
- Physical controls
- Segregation of duties
Authorisation controls?
Ensures that transactions are authorised by personnel acting within the scope of their authority.
Performance Reviews?
Allow management to review information to highlight any exceptions or controls that have not operated effectively.
May include review and analysis of:
Reports that summarise details of balances and transactions
Actual performance compared with expectation
Information processing controls can be broken down into sub-categories, what are they?
- IT general controls (ITGCs)
- Application controls
2(i) IT application controls
2(ii) Manual application control
IT general controls?
ITGCs are policies and procedures relating to all applications. They support the effective functioning of application controls by ensuring the continued operation of information systems.
ITGCs can be manual, automated or a combination of both.
Application controls?
Typically operate at the transaction level and apply to the processing of specific types of transactions. Ensure that transactions are genuine, accurate and complete.
Physical controls?
Limit access to assets and important records. Example a safe.
Segregation of duties?
Aims to mitigate the risk that individuals are put in a position that they would be able to carry out fraud and conceal it.
Entity-level control?
Controls that help establish the tone and culture of the organisation and can be relevant to a number of the components of internal control including control environment.
Examples include: Code of ethics/values statement, employee handbook, training, inductions, whistleblowing hotline, performance review policies.
