week 4: internal controls (phase 3)

Question 1

purpose of internal controls

Answer 1

prevent, detect and/or correct intention/unintentional errors that arise as a result of inherent/control risks at firm level and process level

Question 2

strong internal control environment implies…?

Answer 2

1. accurate & reliable financial outputs –> low probability of (un)intentional errors arising from weak controls
2. mgmt less likely to manipulate figures
3. lower audit effort because detecting RMM lower

Question 3

audit procedures for testing internal controls

Answer 3

phase 2. control design
phase 3a. control implementation (walkthrough)
phase 3b. test of controls

Question 4

purpose of control design

Answer 4

to understand the design and implementation of IC environment

Question 5

purpose of control implementation (walkthrough)

Answer 5

verify that controls are working as per understanding

Question 6

purpose of test of controls

Answer 6

to conclude that the controls were operating effectively

Question 7

what is the difference between the different phases

Answer 7

phase 2: determine preliminary CR
phase 3: revisit and reassess the CR level after doing the walkthrough
– conclude whether IC were operating effectively throughout the year

Question 8

types of IT controls

Answer 8

IT general controls and IT application controls

Question 9

how to audit information systems’ internal controls?

Answer 9

computer-aided audit tools

Question 10

what does the auditor need to know when auditing information system?

Answer 10

1. sources of information used
2. how is the information captured and processed
3. how the information produced is used

Question 11

what are the 2 kinds of processing approaches to testing IT application controls

Answer 11

1. test data
2. integrated testing facility (ITF)

Question 12

what are the 2 kinds of non-processing approaches to testing IT application controls

Answer 12

1. program code review
2. review of job accounting data

Question 13

procedures to test data approach

Answer 13

• feed test data to client application
• ensure testing application is actual program
• auditor compare results of processing with expectations
• completed during audit field work

Question 14

data required to test data approach

Answer 14

1. data which should be processed normally
2. data which should be rejected
3. data which triggers system alerts

Question 15

procedures to integrated test facility

Answer 15

• create dummy entity on live master file
• enter txn for processing by the entity
• staff responsible for processing txn should not be able to distinguish live txns from auditor’s
• done throughout the FY not just audit period

Question 16

limitations of test data approach

Answer 16

inability to verify that it was working well throughout the year

Question 17

limitations of ITF

Answer 17

disruptive to client’s daily operations - need to perform additional work to remove dummy txns before month-end closing

Question 18

limitations of non-processing approaches

Answer 18

external audit may not have time/resources to perform
client may not be keen to share information