Week 4 | Risk and Controls I Flashcards
What are the types of data errors?
Double charge error
Fraud
Fat fingers
Resubmitting old data
Data errors
Paying fake invoices
What is the accounting process?
Accounting process
Transaction occurs - capturing transaction data - data captured (used by) -
(financial report preparation) - management (makes) - assertions (through) - financial statements
How can a risk of misstatement be seen in the capturing transaction data stage (accounting process)
-Missing transaction (C(E))
- Unauthorised transactions
incorrect data about transactions (V)
- False/transactions/parties (V)
- incomplete data about an individual transaction (C(D))
What are real life risks of the financial report preparation stage?
risk of misstatement:
- decisions about what to include in report (V, C(E))
- Classifications of items in report (A)
- Conflicting incentives for management - agency problem
- external pressure for entity
Are making random or systematic risks more severe?
Random risk: no set pattern or trend in occurrence of error
Systematic:
- the result of incorrect rules or procedure consistently followed in system
program to calculate sales has error in it
Systematic may be more severe because it is rule based. But it depends on situation
What is internal control and the limitations of it?
The process designed, implemented and
maintained by those charged with governance, management and
other personnel to provide reasonable assurance about achievement of an entity’s objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations and compliance with applicable laws and regulation
limitations: control can be bupassed
employees may collude to circumvent the system
breakdowns in control
What is the outline of activities in COSO and what sets the tone in the COSO framework?
COSO: control enviro, risk assessments, control activities, info and communication, monitoring
- Control environment
The set of standards, processes, and structures that provide the
basis of the internal control structure (ICS) across the organization.
Key elements: - Commitment to integrity and ethical values
* Compliance with Code of conduct, penalizing unethical and
dishonest behavior. - Exercising oversight responsibility
* Audit committee members should be qualified, competent
and diligent. - Establishing structure, authority, and responsibility
* Provides a framework for planning, executing, controlling
and monitoring a firm’s operations - Commitment to competence
* Appropriate qualifications or experience.
* Adequate remuneration.
What does the risk assessment component do?
the dynamic process for identifying, assessing and evaluating risks
Risk identification: requires an understanding of business process and objectives
Risk evaluation: risk should be evaluated based on 1) combined assessment of likelihood of occurrence and impact/severity of occurrence and consideration of existing internal controls
Risk response: implementing controls
What are the control activities
- Segregation duties
- incompatible tasks should not be performed by the same person
- There should be a separation of activities, especially those involving
authorization, custody, or recordkeeping - Proper authorization of transactions and activities
- All transactions and activities conducted are authorized or approved by relevant employees before they occur
- proper authorization practices prevent invalid transactions from occurring - Adequate documents and records
- helps to ensure there is an audit trail - Physical controls over assets and records
- physical measures to safeguard the assets and records of a company - Independent checks on performances
- involves monitoring the activities of an employee
What is the importance of information and communication?
Proper systems to obtain and generate relevant and quality
information that will support the functioning of the other internal
control components
