Introduction To Internal Control

Question 1

What is a system of internal control?

Answer 1

Designed implemented and maintained by those charged with governance, management and other personell

To provide reasonable assurance the entity achieves financial reporting objectives, effectiveness, efficiency of operations and compliance with laws and regulations

To address identified business risks that threaten these objectives

Question 2

Some limitations of internal controls

Answer 2

Human error
Unusual transactions
Collusion

Question 3

Limitations of internal controls in small companies

Answer 3

Informal nature/lack of documentation
Limited numbers of staff detriment segregation of duties

Question 4

Are D’s applying Uk CGC required to report on risk management and systems of internal control in the company’s annual report?

Answer 4

Yes

Question 5

Components of internal control

Answer 5

1. Control environment
2. Risk assessment process
3. Info system and communication
4. Control activities
5. Monitoring

Question 6

What is the control environment?

Answer 6

Government and management functions

Attitude, awareness and actions of those charged with G+M concerning internal control + its importance

Question 7

Examples of strong control environment

Answer 7

Existence of audit committee
Internal audit function
Effective documentation of controls
Importance of controls communicated
No management override
Recruitment of employees with integrity

Question 8

Is an audit committee required under UK CGC?

Answer 8

Yes

Question 9

What is an audit committee required to have?

Answer 9

Written terms of reference

Question 10

Can business risk arise from setting inappropriate objectives and strategies?

Answer 10

Yes

Question 11

Developing internal controls to address business risks process

Answer 11

1. Identify relevant business risks
2. Estimate their significance
3. Assess likelihood of their occurrence
4. Decide actions to address risks

Question 12

Examples of circumstances that cause risks

Answer 12

Changes in operating environment
New personell
New Information system
Rapid growth
Restructuring
New technology
New business models
New products
New activities
Expanded foreign operations

Question 13

Information systems and communication

Answer 13

A component of internal control

Including the financial reporting system

Consists of procedures and records
To initiate, record, process and report entity transactions

And maintain accountability for the related assets, liabilities and equity

Question 14

Examples of elements of information systems and communication that auditors are interested in

Answer 14

Identifying significant classes of transactions
Systems for preparing FS
Accounting software used
Related accounting records and supporting information
Roles and responsibilities allocated to personell
Danger of internal controls being overridden at the FS preparation stage

Question 15

What are control activities?

Answer 15

The policies and procedures that help ensure management directives are carried out

Question 16

ISA (UK) 315 types of control activities

Answer 16

1. Authorisation + approval
2. Reconciliations
3. Verifications
4. Physical/logical controls
5. Segregation of duties

Question 17

Authorisation

Answer 17

Affirms transaction is valid

Question 18

Authorisation usually takes form of…

Answer 18

Approval by higher management

Or verification

Question 19

Approval

Answer 19

Automatic

Question 20

Reconciliations

Answer 20

Compare 2 (or more) data elements.

If differences are identified then action is taken to bring data into agreement.

Generally address completeness or accuracy of processing transactions

Question 21

Verifications

Answer 21

Compare 2 (or more items) with each other
Or to policy

Likely includes follow up action when they don’t match

Generally address completeness, accuracy or validity of processing transactions

Question 22

Physical or logical controls examples

Answer 22

Secured facilities
Banking cash immediately
Authorisation to filed
Electronic tagging of inventory and portable non-current assets

Question 23

Segregation of duties examples

Answer 23

Authorising transactions
Recording transactions
Maintaining custody over assets

Question 24

2 general types of computer controls

Answer 24

1. General IT controls
2. Information processing controls

Question 25

General IT controls definition

Answer 25

Support continued proper operation
Including information processing controls
And integrity of the information (completeness, accuracy and validity)

E.g. controls over system design, programming, documentation.
Testing system performance
Staff training
Password protection
Restricting physical access to central computers
Virus checks
Black ups off site
Disaster recovery procedures

Question 26

Information processing controls

Answer 26

Can be IT or manual

Directly assessed risks to the integrity of information
(I.e. completeness, accuracy, and validity of transactions and other info)

Question 27

4 types of information processing controls

Answer 27

1. Input completeness
2. Input accuracy
3. Input authorisation
4. Standing data

Question 28

Controls over input completeness examples

Answer 28

Sequence checks
Document counts
Onto to one checking of processed output to source documents
Procedures over resubmission of rejected data

Question 29

Controls over input accuracy examples

Answer 29

Existence checks e.g. customer name
Reasonableness checks e.g. VAT to total
Character checks e.g. no unexpected characters in ref no.
Range checks e.g. no timesheet processed over certain no. weekly hours

Question 30

Controls over input authorisation definition

Answer 30

Manual

To ensure information was authorised and input by authorised personell

Question 31

Controls over standing data

Answer 31

One to one checking of amendments to source documents

Periodic review

Question 32

Who is recommended to monitor the actions of the executive related to cyber security?

Answer 32

NEDs/ Audit committee

Question 33

What does understanding systems and controls allow an external auditor to do?

Answer 33

1. Assess level of control risk
2. Determine audit approach

Question 34

The auditor must document the client’s internal controls. What are 3 ways of doing that?

Answer 34

1. Narrative notes
2. Questionnaires/Checklists
3. Diagrams/flowcharts

Question 35

Narrative notes

Answer 35

Good for simple systems
Juniors can complete

Question 36

Questionnaires/Checklists pros

Answer 36

Easy to complete

Covers all areas

Question 37

Questionnaires/Checklists cons

Answer 37

May overstate controls

Not tailored to client

Question 38

Diagrams/Flowcharts pro

Answer 38

Best for complex system overview

Question 39

Diagrams/Flowcharts cons

Answer 39

Complex and time-consuming to prepare

Reader needs to understand symbols used