Study Unit 5 - Internal Control Concepts & Information Technology

Question 1

What are the three objectives of internal control?

Answer 1

1. Operations
   
   • Effectiveness and efficiency of operations
2. Reporting
   - Reliability of financial reporting
3. Compliance
   
   • Compliance with applicable laws and regulations

Question 2

List the five components of internal control.

Answer 2

Internal controls stop CRIME

Control activities Policies and procedures
Risk assessment process Identification and analysis of relevant risks

Information system Information systems and communication

Monitoring of controls Assessment of control effectiveness over
time and corrective actions

Control Envirmonment Tone at the top and control consciousness of members

Question 3

What is the level of assurance of internal control on the achievement of objectives?

Answer 3

Internal controls provide only reasonable assurance, but not absolute assurance, that an entity’s objectives are met.

Question 4

Give examples of inherent limitations of internal control.

Answer 4

• Human error (e.g., faulty human judgement)
• Collusion
• Management override
• Cost and benefit constraint

Question 5

Give examples of control activities, a component of internal control.

Answer 5

Authorization

Performance reviews Actual performance vs. budgets/prior performance

Information Processing Checks accuracy, completeness, and authorization

Physical Controls Physical security of assets, periodic counts, reconciliation

Segregations of Duties Separation of functions to minimize fraud opportunities

Question 6

Segregation of duties involves the separation of what three functions?

Answer 6

1. Authorization of transactions
2. Recording of transactions
3. Custody of assets associated with transactions

Question 7

What are the five elements of information systems, a component of internal control?

Answer 7

1. Physical and hardware elements (infrastructure)
2. People
3. Software
4. Data
5. Manual and automated procedures

Question 8

What are the elements of the control environment, a component of internal control?

Answer 8

CHAMPION
Commitment of competence
Human resource policies and practices
Assignment of authority and responsibility
Management’s philosophy and operating style
Participation of those charged with governance
Integrity and ethical values
Organizational Network

Question 9

Compare evaluation of design and evaluation of implementation of internal control.

Answer 9

Evaluation of design Whether a control can effectively prevent,
or detect and correct, material
misstatement

Evaluation of implementation Whether the control is
- Present and
- Working effectively

Question 10

Give examples of documentation of the understanding of internal control used by auditors.

Answer 10

Flowchart - A pictorial diagram that presents processes sequentially from the point of origin to the distribution of final output

Questionnaire - A series of questions (yes or no) about internal control policies and procedures

Narrative memorandum - A written description of internal control processes, document flows, and control points

Decision table - Problems and appropriate action to be taken presented in matrix form

Checklist - A list of procedures to be performed

Question 11

What are the basic processing modes of data?

Answer 11

1. Batch processing
   
   • Transactions are accumulated and processed as a single batch
2. Online, real-time-time processing
   
   • Transactions update the database immediately upon entry

Question 12

Compare the scopes of general controls and application controls.

Answer 12

Type of Control Scope

General Controls The organization’s entire processing environment

Application controls Particular to each of the organization’s applications

Question 13

What are the three categories of application controls?

Answer 13

1. Input controls
2. Processing controls
3. Output controls

Question 14

Compare hot-site and cold-site backup facilities.

Answer 14

A hot sire is fully operational and immediately available for processing.

A cold site is a shell facility where the user needs to install equipment for processing.

Question 15

What are the three types of controls implemented to protect against viruses?

Answer 15

1. Preventive controls
2. Detective controls
3. Corrective controls

Question 16

What do input controls provide reasonable assurance about?

Answer 16

Input controls provide reasonable assurance that data submitted for processing are
- Authorized
- Complete
- Accurate

Question 17

Give examples of input controls.

Answer 17

Control Description/Example

Preformatting - Entry in an online tax return
Edit (field) checks - Rejecting the input of letters for SSNs
Limit (reasonableness) checks - Rejecting working hours of over 100 per week
Check digits - Using algorithms to verify ID numbers
Record count - Matching the number of time clock cards with the number of payroll records processed
Financial total - Matching the sum of individual salaries with the total salaries
Hash total - Marching the sum of individual SSNs with the predetermined total

Question 18

What do processing controls provide reasonable assurance about?

Answer 18

Processing controls provide reasonable assurance that
- All data submitted for processing are processsed
- Only approved data are processed

Question 19

Give examples of processing controls.

Answer 19

Control Description/Example
Validation Rejecting transactions by vendors whose vendor
numbers are not in the vendor master file

Completeness check Rejecting records with missing data

Arithmetic controls Zero-balance checking

Question 20

What do output controls provide assurance about?

Answer 20

Output controls provide assurance that processing was complete and accurate.

Question 21

Give examples of output controls.

Answer 21

Control Description/Example

Audit trail Checking for the completeness of each process

Error listing Reporting all transaction rejected by the system