Week 4 And 5 - Control And Accounting Information Systems

Question 1

Generally, control is concerned with…

Answer 1

how we stop things from going wrong

Question 2

Why is control needed?

Answer 2

Control is needed to stop any potentially adverse or unwanted events occurrin.

Question 3

According to the Turnbull report 1999, what is the purpose of controls?

Answer 3

“Facilitate effective and efficient operation by enabling a company to respond appropriately to significant business and operational risks”

Question 4

What are the 4 core principles of effective controls?

Answer 4

1. Controls should be capable of responding quickly to risks.
2. The cost of controls should be balances against the risk posed.
3. The control must report issues immediately to management.
4. The system of controls should be embedded in the operations of the company.

Question 5

What are the three types of internal controls?

Answer 5

1. Preventive controls - deter problems from occurring.
2. Detective controls - Discover problems that are not prevented.
3. Corrective controls - Identify and correct problems; correct and recover from the problems.

Question 6

What is the acronym used to remember the strategic aims that internal controls should meet?

Answer 6

P.O.P.P.I.E.S

Question 7

What does P.O.P.P.I.E.S stand for in relation to the strategic aims of controls?

Answer 7

• Provide accurate and reliable information.
• Obey relevant laws.
• Prepare financial reports according to criteria.
• Promote and improve operational efficiency.
• Initiate and maintain sufficient records.
• Encourage adherence with management policies
• Safeguard assets

Question 8

Specific internal controls should provide assurance that the following accounting objectives are achieved:

Answer 8

Occurrence - a transaction has actually occurred.
Completeness - we have recorded all transactions that have occurred.
Accuracy - Transactions have been recorded correctly.
Posting - both sides of the transaction have been recorded.
Classification - transactions have been recorded into the correct classification.
Timing - transactions are recorded in the correct time-period.

Question 9

According to Turnbull 1999, there are 5 components of internal controls, what are they?

Answer 9

Control activities - The things we actually do to implement control.
Risk assessment process - Control is about controlling risk.
Information system including the financial reporting system
Monitoring of controls - Controls need to be monitored to ensure they’re effective.
Environment in which the control operates - The culture of the organisation?

Question 10

COSO and COSO-ERM provide a framework on which…

Answer 10

Controls should be built by an organisation

Question 11

What are the 5 key points in the COSO framework?

Answer 11

1. Control internal environment.
2. Risk Assessment.
3. Control Activities.
4. Information and communication.
5. Monitoring.

Question 12

Within element 1 of the COSO framework, ‘control the internal environment’ is concerned with…

Answer 12

Management philosophy - are they strict? Are they relaxed?
Commitment to integrity and ethical values?
Internal control oversight by Board of Directors?
Organisational Structure?

Question 13

Element 2 of the COSO framework is… and is concerned with…

Answer 13

Risk Assessment and how much risk the business is exposed to

Question 14

Risk can be assessed fro two perspectives, what are they?

Answer 14

Likelihood - Probability that the event will occur.

Impact - estimate potential loss if events occur.

Question 15

What two types of risk are organisations exposed to?

Answer 15

Inherent: Risk that exists before plans are made to control it.

Residual: Risk that is left over after you control it.

Question 16

The response to risk can vary, what are the 4 responses?

Answer 16

Reduce - Implement effective internal controls.
Accept - Do nothing, accept likelihood and impact of risk.
Share - Buy insurance, outsource or hedge.
Avoid - Do not engage in the activity. However, if no risk is taken, no reward is possible.

Question 17

Give 4 examples of control activities that could be implemented within an organisation.

Answer 17

Safeguard assets
Authorisation of activities and transactions
Segregate duties
Independent checks on performance

Question 18

In relation to segregation of duties, what is the optimal number of people who should be involved in the process and what should be their responsibilities?

Answer 18

3 people.

1 person is responsible for the custodial functions (the person who writes a cheque).

1 person is responsible for recording the cheque.

1 person is responsible for authorising the activity.

Question 19

What issue often occurs in relation to small businesses and the segregation of activities?

Answer 19

They don’t have enough people to sufficiently segregate duties.

Question 20

The fourth element of the COSO framework is… and involves conducting things such as…

Answer 20

Fourth element is Monitoring.

• Audits
• Supervision
• Hotline for whistle blowers
• Specialist in forensics
• Software to detect fraud

Question 21

What is the ‘Trust Services Framework’?

Answer 21

The trust services framework is guidance/framework on how we should look after data within an electronic system.

Question 22

What are the 5 elements of the trust services framework?

Answer 22

1. Security - Access to the system and data is controlled and restricted to legitimate users (passwords).
2. Confidentiality - Sensitive organisational data which relates to the company or stakeholders protected.
3. Relationships - Personal information about stakeholders needs to be protected.
4. Availability - System and information are available.
5. Processing integrity - The inputted data needs to be accurate, complete and inputted in a timely manner.

Question 23

Name a few Generally Accepted Privacy Principles and their impact upon firms.

Answer 23

Management - Employees need to be made accountable for procedures completed.

Choice of consent - Opt in or Opt out?

Collection - only relevant data should be collected?

Access - customers should be bale to review what info is held on them.

Question 24

Encryption is a …. and its strength depends on…

Answer 24

Preventive test control … Key length, Algorithm, Management Policies

Question 25

What are the two key forms of encryption?

Answer 25

Symmetric - Uses one key to encrypt and decrypt.

Asymmetric - Uses two different keys, each individual has their own key.

Question 26

Name some forms of Data entry controls.

Answer 26

Field check - Characters in a field are proper type.
Sign check - Data in a field is appropriate sign (positive/negative)
Limit check - Tests numerical amounts against a fixed value (E.g. DOB between 1-12)
Size check - no month entered more than 3 digits etc.
Completeness check - all lines in an address are entered.
Reasonableness check - Is the new info logical for this particular account? Abnormally large order?

Question 27

What is the zero-balance test?

Answer 27

Zero-balance tests are used in functions such as payroll and they check the total salaries are the same as the salaries of each individual employee added together.

Question 28

What is meant by ‘concurrent update controls’?

Answer 28

Prevent errors occurring when two or more users are updating the record at the same time.

Question 29

Availability controls: how is the system made so that it can be avaliable when necessary?

Answer 29

• Preventive maintenance
• Fault tolerance - Stockpile redundant components?
• Data centre location, on a raise floor? Fire suppression? Air conditioning?

Question 30

Backup procedures need to be in place in case something happens to the system, what are the two types of back-up?

Answer 30

Incremental back up - Copies only the items that have changed since the last partial update.

Differential back up - Copies all changes made since the last full back up.

Question 31

What is meant by a ‘disaster recovery plan’?

Answer 31

A plan that outlines the procedures needed to restore organisations IT Function.
Cold site - We will move the IT function to somewhere else and start again.

Hot site - A site set up in case something happens.