Week 4 And 5 - Control And Accounting Information Systems Flashcards
Generally, control is concerned with…
how we stop things from going wrong
Why is control needed?
Control is needed to stop any potentially adverse or unwanted events occurrin.
According to the Turnbull report 1999, what is the purpose of controls?
“Facilitate effective and efficient operation by enabling a company to respond appropriately to significant business and operational risks”
What are the 4 core principles of effective controls?
- Controls should be capable of responding quickly to risks.
- The cost of controls should be balances against the risk posed.
- The control must report issues immediately to management.
- The system of controls should be embedded in the operations of the company.
What are the three types of internal controls?
- Preventive controls - deter problems from occurring.
- Detective controls - Discover problems that are not prevented.
- Corrective controls - Identify and correct problems; correct and recover from the problems.
What is the acronym used to remember the strategic aims that internal controls should meet?
P.O.P.P.I.E.S
What does P.O.P.P.I.E.S stand for in relation to the strategic aims of controls?
- Provide accurate and reliable information.
- Obey relevant laws.
- Prepare financial reports according to criteria.
- Promote and improve operational efficiency.
- Initiate and maintain sufficient records.
- Encourage adherence with management policies
- Safeguard assets
Specific internal controls should provide assurance that the following accounting objectives are achieved:
Occurrence - a transaction has actually occurred.
Completeness - we have recorded all transactions that have occurred.
Accuracy - Transactions have been recorded correctly.
Posting - both sides of the transaction have been recorded.
Classification - transactions have been recorded into the correct classification.
Timing - transactions are recorded in the correct time-period.
According to Turnbull 1999, there are 5 components of internal controls, what are they?
Control activities - The things we actually do to implement control.
Risk assessment process - Control is about controlling risk.
Information system including the financial reporting system
Monitoring of controls - Controls need to be monitored to ensure they’re effective.
Environment in which the control operates - The culture of the organisation?
COSO and COSO-ERM provide a framework on which…
Controls should be built by an organisation
What are the 5 key points in the COSO framework?
- Control internal environment.
- Risk Assessment.
- Control Activities.
- Information and communication.
- Monitoring.
Within element 1 of the COSO framework, ‘control the internal environment’ is concerned with…
Management philosophy - are they strict? Are they relaxed?
Commitment to integrity and ethical values?
Internal control oversight by Board of Directors?
Organisational Structure?
Element 2 of the COSO framework is… and is concerned with…
Risk Assessment and how much risk the business is exposed to
Risk can be assessed fro two perspectives, what are they?
Likelihood - Probability that the event will occur.
Impact - estimate potential loss if events occur.
What two types of risk are organisations exposed to?
Inherent: Risk that exists before plans are made to control it.
Residual: Risk that is left over after you control it.
The response to risk can vary, what are the 4 responses?
Reduce - Implement effective internal controls.
Accept - Do nothing, accept likelihood and impact of risk.
Share - Buy insurance, outsource or hedge.
Avoid - Do not engage in the activity. However, if no risk is taken, no reward is possible.
Give 4 examples of control activities that could be implemented within an organisation.
Safeguard assets
Authorisation of activities and transactions
Segregate duties
Independent checks on performance
In relation to segregation of duties, what is the optimal number of people who should be involved in the process and what should be their responsibilities?
3 people.
1 person is responsible for the custodial functions (the person who writes a cheque).
1 person is responsible for recording the cheque.
1 person is responsible for authorising the activity.
What issue often occurs in relation to small businesses and the segregation of activities?
They don’t have enough people to sufficiently segregate duties.
The fourth element of the COSO framework is… and involves conducting things such as…
Fourth element is Monitoring.
- Audits
- Supervision
- Hotline for whistle blowers
- Specialist in forensics
- Software to detect fraud
What is the ‘Trust Services Framework’?
The trust services framework is guidance/framework on how we should look after data within an electronic system.
What are the 5 elements of the trust services framework?
- Security - Access to the system and data is controlled and restricted to legitimate users (passwords).
- Confidentiality - Sensitive organisational data which relates to the company or stakeholders protected.
- Relationships - Personal information about stakeholders needs to be protected.
- Availability - System and information are available.
- Processing integrity - The inputted data needs to be accurate, complete and inputted in a timely manner.
Name a few Generally Accepted Privacy Principles and their impact upon firms.
Management - Employees need to be made accountable for procedures completed.
Choice of consent - Opt in or Opt out?
Collection - only relevant data should be collected?
Access - customers should be bale to review what info is held on them.
Encryption is a …. and its strength depends on…
Preventive test control … Key length, Algorithm, Management Policies
