C. Internal controls Flashcards

Question

what are non-financial quantitative controls?

Answer 1

controls focus on targets against which performance can be measured and monitored e.g. balances scorecard targets and TQM quality measures feedback loop essential

Answer 2

- performance target - actual result recorded - compared with target - control action taken

Answer 3

these form day-to-day controls over most employees in organisations e.g. employee training, management control methods, physical controls. project management

Answer 4

non financial control 1st July 2011 in the UK bring UK in line with international norms on anti-corruption legislation offences: - give or receive a bribe - failing to prevent a bribe prosecuted by the Serious Fraud Office can prosecute both domestic and foreign companies with UK presence could face 10 years in prison and unlimited fine

Answer 5

- ascertain the objectives - research regarding the current systems - research new controls - implement new controls

Answer 6

time of management involved in the design of the system implementation: - costs of IT consultants to implement new software - training all staff in new procedures maintenance of system: - software upgrades - monitoring and review

Answer 7

reduction of the risks and achievement of business objectives

Answer 8

- over-reliance on any system - can't turn a poor manager into a good one - at risk from mistakes and errors - can be by-passed by collusion and management override - controls are only designed to cope with routine transactions and events - resource constraints in provision of internal control systems, limiting their effectiveness

Answer 9

dishonestly obtaining an advantage, avoiding an obligation or causing a loss to another party intentional act

Answer 10

- theft of cash - employee fraud against employers - crimes against investors, consumers and employees:expense claims - crimes against financial institutions:fraudulent insurance claims - crimes against government:benefits fraud, tax evasion - crimes by professional criminals : money laundering - e-crime by people using computers e.g. spamming, copyright crimes

Answer 11

- dishonesty on the part of the perpetrator - opportunity for fraud to occur - motive for fraud

Answer 12

warning signs | fraud alerts

Answer 13

organisational indicators of fraud risk - absence of anti-fraud policy and culture - inadequate recruitment processes and absence of screening - dissatisfied employees who have access to desirable assets - poor physical security of assets - rapid changes in information technology

Answer 14

specific events or red flags, which may be indicative of fraud - anonymous emails - emails sent at odd times - discrepancy between earnings and lifestyle - unusual behaviour - alteration of docs - subsidiary ledgers which don't reconcile - inappropriate use of journals

Answer 15

prevention detection response together they result in fraud deterrence

Answer 16

anti-fraud culture risk awareness whistleblowing sound internal control systems WARS

Answer 17

control environment: management show active interest in prevention and detection risk recognition and assessment:identify risk areas, activities where risk might be high e.g. cash handling, assess risk control activities and procedures: information:monitoring and reporting:info to the top so they can manage and investigate, revise controls iterative process

Answer 18

performing regular checks warning signals/fraud risk indicators: - failures in internal control procedures - lack of information provided to auditors - unusual behaviour by individual staff members - accounting difficulties whistleblowers

Answer 19

accidentally as a result of information received (whistleblowing)

Answer 20

response plan: - internal disciplinary action - civil litigation - criminal prosecution - responsibliities

Answer 21

- establish the facts - establish how the fraud occurred and initially went undetected - consider whether anyone else might have been involved in the fraud - establish or estimate the size of the loss

Answer 22

- existing internal controls are not sufficient to limit risk so introduce stronger controls - existing internal controls are sufficient to limit risk but applied inadequately or were ignored in the past

Answer 23

independent appraisal activity established within an organisation as a service to it. It is a control which functions by examining and evaluating the adequacy and effectiveness of other controls

Answer 24

- integral part of management's role - identification, evaluation and management of all key risks facing the organisation - effectiveness of internal control- financial, operational, compliance and risk management controls - communication of risk objectives - action to be taken if weakness found

Answer 25

internal audit: testing and evaluating controls | RM: own entire risk management process

Answer 26

IA: special investigations as directed by mgmt RM: maintain risk register

Answer 27

IA: support and assist senior mgmt in projects, some outside risk mgmt arena RM: lead in developing risk response strategy

Answer 28

IA: contribute to risk identification RM: provide training and development in risk management matters

Answer 29

risk management managers auditors

Answer 30

- the scale, diversity and complexity of the company's activities - the number of employees - cost/benefit considerations - changes in the organisational structures, reporting processes or underlying information systems - changes in key risks could be internal or external in nature - problems with existing internal control systems - an increased number of unexplained or unacceptable events

Answer 31

larger, more diverse and the more complex a range of activities is, the more there is to monitor

Answer 32

as a proxy for size, no/ employees signifies that larger organisations are more likely to need internal audit to underpin investor confidence than smaller concerns

Answer 33

must be sure benefits outweigh costs

Answer 34

any internal (or external) modification is capable of changing the complexity of operations and, accordingly, the risk

Answer 35

the introduction of a new product, entering a new market, a change in any of the PESt/PESYEL factors or changes in the industry might trigger the need for internal audit

Answer 36

any problems with existing systems clearly signify the need for a tightening of systems and increased monitoring

Answer 37

system failures or similar events are a clear demonstration of internal control weakness

Answer 38

- formal plan of all audit work that is reviewed by the head of audit and the board/audit committee - the audit plans should be reviewed at least annually - each engagement should be conducted appropriately - progress of the audit should be monitored by head of internal audit

Answer 39

attribute standards:characteristics of org and the parties performing internal auditing activities performance standards:nature of auditing activities and quality criteria

Answer 40

INDEPENDENCE:free from interference OBJECTIVITY: no bias, conflict of interest PROFESSIONAL CARE:knowledge of the key IT risks and controls

Answer 41

MANAGING INTERNAL AUDIT - head should manage the internal audit - establish risk-based plans to decide the priorities - plans reviewed at least annually and submitted for board approval RISK MANAGEMENT -identify and evaluate significant risk exposures and contribute to the improvement of risk management and control systems CONTROL -help maintain control system by evaluating the effectiveness and efficiency of controls, and by promoting continuous improvement GOVERNANCE -assess the corporate governance process and make recommendations INTERNAL AUDIT WORK - identify, analyse, evaluate and record sufficient information to achieve the objectives of the engagement - conclusions should be based on suitable analysis and evaluation COMMUNICATING RESULTS -communicate the results of their engagement, including conclusions, recommendations and action plans

Answer 42

- internal auditors should be independent of exec management - head of internal audit should report directly to a senior director - head of IA should have direct access to the chairman and the audit committee - accountable to the A committee - could outsource internal audit function

Answer 43

- greater focus on COST and EFFICIENCY of the internal audit function - staff may be drawn from a broader range of expertise - RISK of staff turnover is passed to the outsourcing firm - SPECIALIST skills may be more readily available - COSTS of employing permanent staff are avoided - may improve INDEPENDENCE - access to new market place TECHNOLOGIES - REDUCED MANAGEMENT TIME in administering an in-house department

Answer 44

- possible CONFLICT OF INTEREST if provided by the external auditors - pressure on the INDEPENDENCE of the outsourced function - risk of LACK OF KNOWLEDGE and understanding of the organisation - the decision may be based on cost with the EFFECTIVENESS of the function being reduced - FLEXIBILITY and AVAILABILITY may not be as high as with as in-house function - LACK OF CONTROL over standard of service - risk of BLURRING OF ROLES between internal and external audit

Answer 45

- controls over acceptance of internal audit contracts to ensure no impact on independence or ethical issues - regular reviews of the quality of audit work performed - separate departments covering internal and external audit - clearly agreed scope, responsibilities and reporting lines - performance measures, management information and risk reporting - procedure manuals for internal audit

Answer 46

by comparing actual costs and output against a target, such as: - the cost per internal audit day - the cost per audit report - the number of audit reports produced

Answer 47

identifying evidence of improvements in internal control

Answer 48

EXEC SUMMARY - main objectives - scope of audit - work performed in brief - results SCOPE -detail methodology OBSERVATIONS and RECOMMENDATIONS - testing observations - what to put in place RECS GRADED BY IMPORTANCE -difference levels STATEMENT OF RESPONSIBILITY - detail Auditing Standards - sign off from auditor

Answer 49

EA: statute, for limited companies | IAL directors and shareholders, usually in larger organisations

Answer 50

EA:shareholders or directors IA:directors, via the Chief Internal Auditor

Answer 51

EA:shareholder (primary duty) and management (professional responsibility) IA:directors, via the CIA

Answer 52

EA:financial statements IA:internal controls mainly

Answer 53

EA:true and fair view and proper presentation IA: adequacy of ICS and a contribution to the EEE use of resources

Answer 54

EA:unlimited, to fulfil statutory obligation IA:prescribed by directors

Answer 55

external auditors should take into account the following when planning their audit: - STATUS of internal audit within organisation - SCOPE of internal audit function - whether management ACT on recs of internal audit - technical COMPETENCE of internal auditors - OBJECTIVES of internal audit - due PROFESSIONAL CARE demonstrated in internal audit work

Answer 56

auditor produces letter that usually includes a list of 'issues' that the auditor came across during the course of his audit work table of: - issues concerning the auditor i.e control that can be improved - recommendations to implement or improve the controls

Answer 57

- implement control - improve control within a time frame then revisited management must respond to auditor's queries

Answer 58

the external auditor -purpose is to identify material misstatements in the financial statements in order to ensure that they give a true and fair view - have no responsibility for immaterial frauds - if identifies, will be reported to internal audit/directors

Answer 59

no, company is responsible it is their duty to report a fraud if during the course of their work they identify fraudulent activities

Answer 60

1) ascertaining the facts of the fraudulent activity 2) gathering evidence of the crime-documentary, interviews with witnesses, observational 3) corroborating the evidence 4) consider whether you have the right of access to the evidence you require. Many cases have been thrown out of court because evidence has been inappropriately obtained 5) maintaining confidentiality so that the perpetrator doesn't realise that are being investigated 6) consider the cost of the investigation versus the value of the fraud, although ethically all frauds should be stopped 7) consider the loss of reputation if the fraud becomes public

Answer 61

- check the implementation of written rules, regulations and procedures - used originally for financial transactions, because the government (tax authorities) needed assurance that the financial figures were correct - concept of compliance has been extended to other areas, such as regulatory inspections and quality audits, where there is a requirement to verify that activities are being performed in strict compliance with approved standards and procedures

Answer 62

- involved checking of a sample of transactions against documentary evidence - can be used where controls are weak or where transactions are high risk

Answer 63

- a systems audit in which the auditors use their judgement to decide on the level of risk that exists in different areas of the system, and to plan their audit tests so that more effort is directed towards the most risky areas - less time and effort is spent on elements of the system that are relatively 'safe'

Answer 64

- systematic investigation to establish whether quality objectives are being met - quality audit might look into the system for setting quality standards, the relevance of those standards, the system for comparing actual performance against the quality standards and whether the quality controls work effectively

Answer 65

- independent appraisal of the measure of success of a project - cover the project throughout its lifecycle from the planning and implementation stages through to performance after commissioning - review should take place at some time after the project or precess has been completed or is being used - provide feedback on success of a project - acts as a learning tool

Answer 66

internal audit, as long as they weren't involved in the original design of the project itself judge based on quality, time and cost

Answer 67

whether proper arrangements have been made for securing economy, efficiency and effectiveness in the use of resources - achieving VFM is manager's responsibility - commonly associated with public sector jobs

Answer 68

ECONOMY:obtaining the required resources at the lowest cost EFFICIENCY:using the minimum quantity of resources to achieve a given quantity and quality of output EFFECTIVENESS: when the output from a system achieves its intended aims and objectives

Answer 69

- difficult to measure outputs, esp for govt e.g. education - objectives of the activity might be difficult to establish - focus must be either on economy and efficiency OR on effectiveness as cost and quality interlinked - quality might be ignored when economy and efficiency are measured

Answer 70

evaluation of how well the company is safeguarding the environment and meeting regulatory requirements -'accounting' trained auditor could be asked to perform one of these auditors but unlikely to have skillset

Answer 71

looks at the company's contribution to society and the community -could confirm statements made by the directors or make recommendations for social policies that the company should perform contributions could be made through: - donations - sponsorship - employment practices - education - health and safety - ethical investments

Answer 72

- sustainability - targets achieved - compliance with regulations - emissions - industrial legacies - obtaining ISO 14001 (environmental management systems) -included in the annual report

Answer 73

internal audit then verified by external auditors/assessors

Answer 74

an objective and independent appraisal of the effectiveness of managers and the corporate structure in the achievement of the entities' objectives and policies aim: identify existing and potential management weakness and recommend ways to rectify them - this type of audit would require the use of very experiences staff who understand the nature of the business

Answer 75

- re-focusing resources towards 'mission-critical' objectives - improving efficiency - improving the effectiveness of management support tools - assessing the appropriate levels of service for an activity or operation - identifying cost savings - identifying opportunities to enhance revenue - improvements in governance

Answer 76

- review of policies and procedures - general review of workloads, work methods and work flows - evaluation of systems and processes - review of management practices - review of resource utilisation - detailed cost analysis

Answer 77

- lack of technical competence or knowledge of the business amongst managers, and insufficient management training - an unwillingness to delegate - regular failure to achieve standards or targets - inadequate management ISs - poor communications within or between departments - poor management/staff relationships - an absences of clear leaderships - an absence of clear leadership - a failure by management to make good decisions

Answer 78

audit of internal controls within an organisation - associated with the audit of accounting systems - identify weaknesses int he system

Answer 79

- Identify the objective of each system - identify the procedures - identify why the system might not meet its objectives - identify ways to manage the above - identify if current controls are adequate - report on the above

Answer 80

``` agree the objectives of the audit plan the audit find out about systems and controls confirm the operation of the system assess if controls are adequate ```

Answer 81

test compliance with controls | test application of controls

Answer 82

review, report and recommend

Answer 83

one for each financial year, in which the internal auditors set out which activities or operations they will audit and the purpose of the audit

Answer 84

OBJECTIVES of the audit -e.g. check internal controls are adequate CONDUCT OF THE AUDIT - need to decide what information to collect - decisions have to be made about - -how to collect and record evidence - -how much evidence to collect RESOURCES and TIMING -auditors should assess how much time and effort will be required to carry out the audit and schedule the work accordingly

Answer 85

- most audits carried out using this approach - auditor assesses whereabout of the key risks and then concentrates audit efforts on these key risks - more efficient and effective at achieving its objectives

Answer 86

benchmarking:comparing one's business processes to best practice from other industries

Answer 87

focuses on observation and investigation on business processes with a goal of identifying and observing the best practices from one or more benchmarked firms -common in back-office processes where outsourcing is a consideration

Answer 88

designing new products or upgrades to current ones can involve reverse engineering which involves taking apart competitors products to assess wekaness/strengths

Answer 89

focus its benchmarking on a single function e.g. production unlikely to be complex function as hard to compare in cost and efficiency terms

Answer 90

involves studying the leading competitor or the company that best carried out a specific function

Answer 91

process of collecting, analysing and relating environmental performance data of the comparable activities with the purpose of evaluating and comparing performance between or within the entities entities can include processes, buildings or companies could be internal within organisation departments or eternal between competing entities

Answer 92

- performing ratio analysis:profit, liquidity, return, efficiency - spot anomalies - spot risks - investigate these

Answer 93

inherent risk control risk detection risk

Answer 94

risk of the activity or operation, ignoring the controls in the system related to both severity and the incidence of the risk

Answer 95

- size of the operations unit - size of the expenditure budget - the nature of the assets used or handles - the extent to which procedures are computerised

Answer 96

perceived quality of the existing controls for the activity

Answer 97

- the apparent effectiveness of management and supervision - pressures on management to achieve targets - changes in the system activities and procedures - changes in key personnel - a high staff turnover - rapid expansion in operations and the volume of transactions handles - length of times since last audit: confidence diminished over time

Answer 98

priority for audit are those where the inherent risk is high and the quality of control is low

Answer 99

risk that the existing controls are not sufficient to prevent or detect a material misstatement

Answer 100

risk that the auditors' substantive tests will not reveal a materially incorrect amount in the financial statements, if such an error exists

Answer 101

commission or misstatement of its value would be likely to influence a user of the financial statement - has a quantitative and qualitative component - considered in relative terms

Answer 102

flowcharts -examined or created interviews/questionnaires - describe how they use it - can see inefficiencies systems documentation - find documentation of the system - best for computerised systems - lease well understood by users observation -the operation of the system can be observed

Answer 103

could use standard control questionnaires - structures so as they identify all key internal controls - enable the auditor to assess the quality of the controls

Answer 104

- sequence of activities and checks within an operation or procedure - which individuals carry out each procedure or check

Answer 105

- more often effective at presenting information in an understandable form than a narrative description - if there are weaknesses in the controls within an operation, these might be easier to identify by studying a flowchart

Answer 106

list of questions used to gather info - ideally yes or no - leave room to expand help the auditor both to: - establish the facts - identify potential control weaknesses

Answer 107

compliance testing substantive testing analytical review

Answer 108

test of controls - ensure they operate correctly - spot any material weaknesses

Answer 109

whether: - controls are effective - controls are ineffective in practs

Answer 110

test of balances or transactions - concentrate on output coming out as expected - associated with finance systems

Answer 111

- confirm that the controls are effective | - where the controls are ineffective, to establish the apparent consequences

Answer 112

use: - analyse - reconcile - observe - monitor - sample avoid: -check

Answer 113

examination of ratios, trends and changes in balances investigate causes of abnormalities

Answer 114

testing a proportion to gain assurance about the population as a whole

Answer 115

application of audit procedures to less than 100% of the items within an account balance or class of transactions to obtain and evaluate evidence about some characteristic of the items selected in order to forma conclusion on the population

Answer 116

sampling risks: different to result if whole population tested non-sampling risk:may use inappropriate methods or misinterpret evidence that the test results give so fail to recognise an error (avoidable)

Answer 117

can be used on most items (financial or non financial) and at various points most important test as can be used on most items and at various points - can be used at planning ,substantive testing and overall review stages of an audit

Answer 118

profitability: GPM, net profit efficiency: receivables, inventory, payable days liquidity: current ratio, quick ratio, gearing return: ROCE, ROE

Answer 119

- identify risks - help decide the level of testing - decide nature and timing

Answer 120

procedures are used to conclude whether the area being tested is consistent with the auditors' knowledge of the business entity and the expected results

Answer 121

when there have been lots of one-off events in the year as there is nothing to compare them with

Answer 122

can help create an expectation if operations are significantly different from before and more so if the changes haven't been planned for

Answer 123

objectives of the audit work summary of the process undertaken by the auditor results of tests carried out audit opinion (should be cost effective and practical) recommendations for action

Answer 124

the recommendation is not worthwhile

Answer 125

head of internal audit meets head of department head will discuss points raised can make their own arguments

Answer 126

after discussing with manager of department, submit report for review within internal audit and then send to audit committee remains confidential within organisation

Answer 127

- check whether the system is achieving its intended objectives - in the case of accounting systems, to check that the information produced by the system is reliable

Answer 128

``` lack of primary records encoded date loss of audit trail overwriting of data program controls concentration of controls in the IT department ```

Answer 129

in large computer systems, many of the controls over data are concentrated int he central IT department can be a potential weakness in the control system, if users are not aware of an accidental or deliberate corruption of data or programs

Answer 130

document originating a transaction might not be creates e.g. telephone order keyed in, call cant be traced

Answer 131

risk of error in input details so effectiveness of program controls, such as data validation checks, to prevent the acceptance of incorrect data by the system, especially changes to standing data on a master file

Answer 132

should be evidence during processing of transaction in accounting system in manual system, evidence provided by hard copy computer systems minimise paper so no hard copy originals

Answer 133

when data are stored on a magnetic file, the file will eventually be overwritten with new data if auditor needs some of the data to carry out tests, it will be necessary to take steps to make the data available the auditor might therefore need to take copies of data files during the course of the year, and retain them for audit purposes

Answer 134

the auditor has to test the controls in the computer system on which they intend to rely. This means that testing the controls written into the computer programs to do this, it will be necessary to use computer-assisted audit techniques

Answer 135

- no one-off errors unless deliberate amendment of individual items - systematic errors which repeat across all transactions - higher danger that input errors will not be detected

Answer 136

- through the computer | - round the computer

Answer 137

the auditor does not attempt to understand the operation of the computer system, but rather treats it as a 'black box' to audit the system, the auditor matches up inputs to predicted outputs to ensure that the outputs are being processed correctly

Answer 138

does not require high level of expertise of IT in the audit teams

Answer 139

- computer processing is relatively simple - audit trail is clearly visible - substantial amount of up-to-date documentation exists about how the system works

Answer 140

- computer files and programs are not tested, hence there is no direct evidence that program is working as documented - errors are found it may be impossible to determine why they have happened - all discrepancies between predicted and actual results must be fully resolved and documented no matter how small

Answer 141

interrogates the computer files and computer controls and relies much more on the processes that the computer uses auditor follows the audit trail through the internal computer operations and attempts to verify that the processing controls are functioning correctly controls are directly tested and the accuracy of computer based processing of input data is verified utilises different CAATs

Answer 142

requires more expertise and a longer set up time but of a very good quality

Answer 143

computer-assisted audit techniques are methods of using a computer to carry out an audit of a computer system

Answer 144

audit software, such as audit interrogation software | test data

Answer 145

consists of computer programs used by auditors to interrogate the files of a client normally the client's data files are input into the audit software program on the auditors' computer and the auditor can then test those files

Answer 146

- extract a sample according to specified criteria - calculate ratios and select those outside the criteria - check calculations - prepare reports - produce letters to send out to customers /suppliers - follow items through a computerised system - search for underlying relationships and check for fraud

Answer 147

- read computer files - select information - perform calculations - create data files - print reports in a format specified by the auditor

Answer 148

enables large volumes of data to be process very quickly and accurately can take a long time to set up the systems with the client data and it will require expertise

Answer 149

- comparing the home addresses of employees with the addresses of suppliers, to identify employees who are also suppliers - searching for duplicate cheque numbers - analysing the sequence of transactions to identify missing invoices or cheques - identifying suppliers with more than one supplier code or mode than one mailing address - finding several suppliers all with the same address - listing payments for transactions that fall just within the spending authorisation limit of the individual who has authorised the payment

Answer 150

- force auditor to rely on programmed controls during the audit, only way to test controls - large number of items can be tested quickly and accurately - test original documentation instead of print outs, therefore the authenticity of the document is more valid this way - after initial set-up costs, using CAATs are likely to be cost-effective, as the same audit software can be used each year as long as the system doesn't change - allow the results from using CAATs to be compared with 'traditional' testing

Answer 151

- will be limited depending on how well the computer system is integrated. More integration, the better use of CAAT [ensure understanding of system to assess whether audit software is relevant] - takes time to design CAATs tests therefore may not be cost-effective if the auditor is dealing with a bespoke system, as there may be a lot of set-up costs [CBA analysis of audit software] - if the company you are auditing cannot confirm all system documentation is available, the the auditors will be unable to perform the tests effectively due to lack of understanding [do not use audit software until these have been identified] - if there is a change in the accounting year, or from the previous year, then the audit software will have to be reset and designed, therefore may be costly[CBA from audit point of view should be carried out prior to deciding to use the audit software]

Answer 152

written into a program, particularly in on-line/real-time systems. carry out automatic checks or provide information for subsequent audit

Answer 153

- extracting and storing information for subsequent audit review, with sufficient details to give the auditor a proper audit trail - identifying and recording items that are of some particular audit interest, as specified by the auditor

Answer 154

can be used by inputting the data into the system and checking whether it is processed correctly expected results can be calculated in advance, and checked against the actual output from the system auditors might include some invalid data in the tests, which the system should reject

Answer 155

only if the auditor is intending to do a 'test of controls' audit, and it must be considered cost effective

Answer 156

test data are processed during a normal production run

Answer 157

test data are processed outside the normal cycle

Answer 158

1) gain a thorough understanding of how the system being tested is supposed to work and controls that are included in it 2) devise the test data set. This should be a set of data containing both valid and invalid items. The controls in the system should identify the invalid items 3) Run the test data. This can be 'live' or 'dead' 4) evaluate the results. It is important that the auditor fully evaluates the results of the test data and does further work if unexpected results occur

Answer 159

live data is more reliable but more risky

Answer 160

- damage to the system as the system is tested to its limits [ensure auditors understand the system and have software support] - corruption of the systems data if test data are not properly removed [ensure process for data removal] - system down time if 'dead' data used [establish when system can be used with minimum disruption to the business]

Answer 161

- input order that would exceed client limit:should pop up query asking if you wish to proceed - input negative number of items on an order:should flag up negative number - input incomplete customer details:system should not process order unless all information is completed - inout an excessive amount:there are reasonable checks in the system to identify possible input errors

Answer 162

- raise an order from a supplier not on list:query should be raised about whether to proceed - process an order with an unauthorised staff ID:system should reject the process altogether or send the request through to an appropriate person for authorisation - try and make changes to the supplier standing data using the ID of someone who is not authorised to do so:system should reject the process altogether or send the request through to an appropriate person for authorisation

Answer 163

- try and set up a new employee up on the payroll system using an unauthorised ID:system should reject the process altogether or sent the request through to the appropriate person for authorisation - try and make employee change of details sing an unauthorised ID: system should reject the process altogether or send the request through to an appropriate person for authorisation - make an excess change e.g. salary change:system should have parameters in place to question this amount, and maybe reject it due to it being outside the normal range

C. Internal controls Flashcards

(187 cards)