INTERNAL CONTROL CONCEPTS & INFORMATION TECHNOLOGY Flashcards
What is COSO components of internal control framework?
- Control Environment
- Risk Assessment process
- Control Activities
- Information Systems
5 Monitoring
Inherent limitation of internal control includes?
- Reasonable assurance
- Human Error
- Collusion
- Management override
- Fraud
- Cost-benefit consideration.
What is control Risk?
Control Risk is the risk that a material misstatement that could occur could not be prevented or detected.
is a function of the effectiveness of the system for internal control.
The control Environment?
Sets the tone at the top of the organization. It includes policies and practices related to hiring, orientation, training, evaluation, counseling, promoting and compensating and remedial actions.
What makes an authorization specific and General?
Specific authorization —applies to a unique decision-a one time decision such as approval of construction budget.
General authorization —-are recurrent and have criteria that authorizes the routine of making decisions that refers to those criterias.
The control Environment components?
- Participation of those charge with governance.
- Integrity and Ethical Values
- Organizational structure
- management’s philosophy and operating style.
- Assignment of authority and responsibility.
- Human resources policies and practices
- Commitment to competence.
With procedures evaluating controls, the auditor is expected in accordance with Generally accepted Auditing standards to?
Document his/her understanding of the entity’s internal control.
he/she is not required to test, determine suitability or effectiveness of a control unless the auditor plans to use the information to reduce the risk of material misstatements.
Part of understanding the system of internal control relevant to the audit of a NON-Issuer, does not include?
Obtaining knowledge about the operating effectiveness of the system of internal control.
An entity’s information Systems refers to?
Computer programs used for financial reporting purposes.
The understanding of the information system of an entity includes?
- Classes of significant transactions.
- How the transactions are initiated, authorized, recorded, processed, corrected, transfer to general ledger and reported.
- Accounting records, manual or electronic.
- how significant events and conditions other than transactions are captured.
- The process used to create financial statements including stimates and disclosures.
- controls over journal entries.
What are the types of program flow charts available to be used?
- A Program Micro-flowchart = represents specific steps in a computer program and the order it which its carried out.
- A Program Macro-flowchart = is less detailed that a micro flowchart.
3.Document flowchart = flow of document through the entity. - System flowchart = provides an overview of the inputs, processes and outputs of a system.
In a computerized environment, General controls are?
Controls related to all computer activities, they are tested first because they are the main controls and they not working properly, then the specific controls can not be rely upon.
General controls are policies and procedures that relate to many applications. They are?
General controls are policies, they apply to many applications in Systems, some common general controls include:
Control over data center and network
Operations
systems software acquition and maintenance
access security
application system acquisition
development
maintenance.