Module 3 - Internal Control Systems

Question 1

Why do directors want to implement a sound system of internal control?

Answer 1

To provide them with assurance over:

Reliability of financial reporting

Effectiveness and efficiency of operations

Compliance with applicable laws and regulations

Question 2

Mnemonic for the five components of a sound system of internal control

Answer 2

CRIME

Question 3

What does CRIME stand for?

Answer 3

Control activities

Risk assessment process

Information systems

Monitoring of controls

control Environment

Question 4

What is a Business Process?

Answer 4

A series of activities that enable a company to meet one or more of its objectives

Question 5

What is a business risk?

Answer 5

The threat that an action or event will adversely affect the organisation’s ability to achieve its objectives

Question 6

What are accounting information systems?

Answer 6

Structures used by organisations to collect, store and process financial and accounting data

Question 7

Mnemonic for control activities

Answer 7

PAIRS

Question 8

How many categories of control activities are there?

Answer 8

Five

Question 9

What does PAIRS stand for?

Answer 9

Physical

Authorisation

Information processes (ITGCs and IT and manual application controls)

performance Reviews

Segregation of duties

Question 10

Examples of common IT application controls include

Answer 10

Audit log

Batch controls

Programmed editing

Calculation

Check digits

Exception reports

Question 11

What are entity-level controls?

Answer 11

Controls that help establish the tone and culture of the organisation and can be relevant to a number of the components of internal control including the control environment, risk assessment, information systems and monitoring

Question 12

Mnemonic for limitations of internal control systems

Answer 12

CROUCH

Question 13

What does CROUCH stand for?

Answer 13

Cost

Relevancy / obsolescence

management Override

Unusual / infrequent transactions

Collusion

Human error

Question 14

Mnemonic of the four key areas that ITGCs commonly cover

Answer 14

APOC

Question 15

What does APOC stand for?

Answer 15

Access to programs and data

Program changes and development

computer Operations

Continuity of operations

Question 16

What are the components of Access to programs and data?

Answer 16

Awareness of information security policies by all staff

Appropriate restriction of access to IT computing resources

Segregation of duties within key processes

Question 17

What is the mnemonic when considering program changes and development

Answer 17

DATA

Question 18

What does DATA stand for?

Answer 18

Development

Authorisation

Testing

Approval

Question 19

What is the System Development Life Cycle (‘SDLC’)?

Answer 19

A process to introduce, develop and maintain and enhance software

Question 20

Stages of the System Development Life Cycle (‘SDLC’)

Answer 20

Business analysis

Feasibility study

Systems analysis

Design

Development

Testing

Implementation

Maintenance

Post-implementation review

Enhancements / wish list

Question 21

What computer operations components should organisations consider to mitigate operational problems?

Answer 21

Job processing

Backup and recovery procedures

Incident and problem management

Question 22

Continuity of operations - is the ability to carry on trading after a disaster a key objective of any company and therefore its IT department?

Answer 22

Yes