S1 - internal controls Flashcards
what are internal controls
prevent or detect material misstatements
Rules policies and procedures to ensure:
Operating effectively
Complying with regulations
Provide reliable financial reporting
Managements responsibility
what are the key components of internal controls
control environment
Culture and tone of organisation - integrity, competence
Risk assessment procedures
Responding to business risk
Personnel, growth, corporate restructuring
Information system relevant
Infrastructure - software, people, data
Control activities
Policies and procedures that help ensure management directives are carried out
Information processing, segregation of duties, physical controls, performance reviews
Monitoring of controls
By management, internal auditors, third parties
what is the importance to auditors
if controls can be relied upon
How to design effective tests of controls
Accurate opinion
how to identify controls
enquire to management and previous audit team
Observation
Documentation
how to test effectiveness of controls
Inquiry
Observation
Walk through of transactions
Inspect relevant documents
what are document controls
part of risk assessment procedure - know your client
Flowcharts
Short notes
Questionnaires
manual systems
prone to errors and mistakes
Assume something will go wrong unless controls prevent it
Benefits
ideal where judgement required
For unusual items
Where errors are difficult to define or predict
Quickly changing circumstances
Risks
more easily ignores
Prone to simple errors
Cannot assume consistency
Not for high volume or recurring transactions
IT systems
controls are generally automated and assume things will go right
Benefits
can process large volumes of data
Enhances timelines and availability of data
Facilitate additional analysis of information
Enhances effective segregation of duties
Risks
could process inaccurate data
Risk of unauthorised changes to data
Failure to update systems
Potential loss of data or inability to access it
what are FS assertions
attributes which accounting items need to have to be correctly accounted for/disclosed in the FS
No point in any control test unless it provides evidence to support a relevant assertion
Occurrence
Completeness
Authorisation
Accuracy
Cut off
Classification
Existence
Rights and obligations
Valuation
transaction cycles and account balances
Revenue
purchases
Inventory
Payroll
Capital expenditure = acquisition, disposal, depreciation, leasing
Debt = recognition of interest expense
Equity = issuance, repurchase, dividend payments
Bank and cash
limitations of controls
cost v benefits
Management override
Instruct a junior to ignore usual controls
Errors or mistakes
Collusion
Breakdowns
Misunderstanding instructions
what to do when control weaknesses are found
revisit original risk assessment and adjust level of risk
Conduct further audit procedures
Perform more substantive procedures
Report to management
what is corporate governance
system by which companies are directed and controlled
Audit committee
Approve appointment of head of internal audit
Ensure function has necessary resources
Ensure access to board chair
Review internal audit annual work plan
Receive periodic reports
Meet with internal auditor
Monitor managements responsiveness
Review effectiveness
what is internal audit scope
Use day management to ensure effective corporate governance
evaluating risks
Evaluating compliance
Operational auditing
what do internal auditors do
determine source of risk
Recommend approaches to manage risk
Monitor operation of such controls
