Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Audit Exam > Chapter 3 - Internal Control > Flashcards

Chapter 3 - Internal Control Flashcards

(79 cards)

Start Studying
1
Q

What are the 5 elements of internal control systems?

A

1) Control Environment
2) Risk Assessment process
3) Entity’s process to monitor the system of internal control
4) The information system and communication
5) Control Activities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are features of the control environment?

A

Attitudes, awareness, actions of those charged with governance and mgmt concerning internal control - sets the tone of organisation, influencing consciousness of its people

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are features of the risk assessment process?

A

Auditor needs to determine whether the entity has a process for identifying and controlling the risks in the business

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the features of an entity’s process to monitor the system of internal control?

A

Mmgts monitoring of controls includes considering whether they are operating as intended and modified as appropriate for changes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the features of an entities information system and communication?

A

Evaluating whether the information system and communication appropriately support the preparation of the FS and understanding how information flows through the information system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are features of the control activities?

A

1) Authorisation and approval
2) Physical (logistical controls)
3) Segregation of duties
4) Verification controls
5) Reconciliations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is an example of direct control activities?

A

Controls over inventory count - direct controls will give good evidence about material misstatements in FS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is an example of indirect controls?

A

Manager reviewing sales reports, controls completeness in FS but does not directly contribute to ensuring they are. Indirect controls are less effective in preventing, detecting or correcting material misstatements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are 5 limitations to internal controls?

A

1) Costs of controls may outweigh benefits so controls are not implemented
2) Many controls only cover routine transactions so non-routine transactions may not be subject to controls
3) Human error
4) Staff collusion
5) Management override of controls - controls bypassed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What steps would an auditor take if they found internal controls to be ineffective?

A

1) Report to mgmt
2) Full substantive testing on year end balances

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What steps would an auditor take if they found the controls to be effective?

A

1) Test controls
2) Auditor can reduce substantive testing on year end balances

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the three ways auditors record internal control systems?

A

1) Narrative notes
2) Flowcharts
3) Questionnaires

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the advantages and disadvantages of internal control systems?

A

Advantage:
Simple and quick to record
Easy to understand for all of the audit team

Disadvantage:
Can be cumbersome, especially if system is complex
Can make it more difficult to identify missing internal controls as notes record details but do not identify control exceptions clearly

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the advantages and disadvantages of flow charts?

A

Advantage:
Easier to identify missing internal controls
Visual aid can make it easier to record complex systems

Disadvantage:
Time consuming to prepare
Needs training to understand

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are advantages and disadvantages of questionnaires?

A

Advantages:
1) Quick to prepare, cost effective
2) All controls in system are considered and recorded (missing controls clearly highlighted)
3) Simple to complete

Disadvantages:
1) Company could easily overstate levels of controls
2) Needs to be tailored for each client otherwise unusual controls may be missed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What does an auditor perform once the clients internal control system has been documented?

A

Walkthrough test - following one transaction through each stage of the accounting process to ensure systems and controls operate as documented (not a test of control)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is the ‘objective of control’ and the ‘control procedures’ in response to the sales risk that customer orders are not received or properly recorded - therefore sales are understated (receipt of customer order)

A

Objective of control - ensure sales are properly accounted for

Control procedures:
1) Orders taken should be recorded on a pre-numbered multipart document generated by computer - one part could form invoice and one could go to despatch department
2) Regular checks performed on completeness of sequence of pre-numbered documents, any documents unaccounted for should be traced and investigated

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is the ‘objective of control’ and the ‘control procedures’ in response to the sales risk that a customer is unable to pay - therefore bad debts (receipt of customer order)

A

Objective of control - to ensure that goods are sold on credit only to customers who can pay

Control procedures:
1) Credit limits should be checked - any orders that exceed credit limits should be rejected

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is the ‘objective of control’ and the ‘control procedures’ in response to the sales risk that a orders are placed without inventory available for despatch - therefore unfulfilled orders (receipt of customer order)

A

Objective of control - Ensure that inventory is available for despatch

Control procedure:
1) Availability of inventory should be checked so that orders cannot be taken for good with nil/low inventory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is the ‘objective of control’ and the ‘control procedures’ in response to the sales risk that a good despatched are not the correct good ordered by customer? (Despatch of customer order)

A

Objective of control - To ensure that good are despatched are those that are ordered

Control procedure:
1) All good despatched should be accompanied by a Goods Despatch Note
2) the GDN should be matched to the original customer order

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is the ‘objective of control’ and the ‘control procedures’ in response to the sales risk that a good despatched of poor quality? (Despatch of customer order)

A

Objective of control - Ensure that satisfactory quality is dispatched

Control procedures:
1) Random control check should be performed on randomly selected despatches
2) Customer should sign and return GDN as acceptance of goods

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is the ‘objective of control’ and the ‘control procedures’ in response to the sales risk that customers are not invoiced correctly? (Invoicing of customer)

A

Objective of control - To ensure that invoices are raised correctly

Control procedure:
1) Sales invoice should be raised rom/matched to the GDN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is the ‘objective of control’ and the ‘control procedures’ in response to the sales risk that invoices are not recorded in the ledger at all? (Invoicing of customer)

A

Objective of control - To ensure that are invoices are properly included

Control procedure:
1) All sales invoices should be prenumbered
2) All invoices should be posted to the sales day book, accounts receivable ledger and the accounts receivable control account
3) Regular checks should be performed on completeness of sequence of pre-numbered invoices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is the ‘objective of control’ and the ‘control procedures’ in response to the sales risk that some items are not posted, or are posted incorrectly to the ledgers? (Invoicing of customer)

A

Control objective - Ensure all items are correctly and accurately recorded

Control procedures:
1) Receivabales ledger and receivables control account should be reconciled each month and reviewed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
What is the 'objective of control' and the 'control procedures' in response to the sales risk that customers do not pay or pay late? (Collection of cash)
Objective of control - customers pay on a timely basis Control procedures: 1) Credit control department should ensure that all debts are paid promptly by sending out regular statements and chasing overdue debts
26
What is the 'objective of control' and the 'control procedures' in response to the sales risk that funds received are incorrectly allocated? (Collection of cash)
Control Objective - Ensure funds are correctly allocated Control procedure: 1) Banks transfers should be matched with individual transactions
27
What is the 'objective of control' and the 'control procedures' in response to the cash/cheques sent through the post go missing? (Collection of cash)
Control objective - cheques and cash do not go missing Control procedures: 1) Segregation of duties in post room so cheques cannot be stolen 2) Cheques recorded and banked promptly 3) Bank reconciliation should be performed on monthly basis in order to ensure company's cash records are complete
28
What is the 'objective of control' and the 'control procedures' in response to the purchase risk that goods are ordered without proper authorisation? (Purchase order raised)
Control objective - Ensure that good are ordered are properly authorised Control procedure: 1) Purchase orders (PO's) should be sequentially numbered and sequence checked regularly 2) All PO's must be authorised by responsible official
29
What is the 'objective of control' and the 'control procedures' in response to the purchase risk that goods are ordered from an unauthorised sauce? (Purchase order raised)
Control objective - Ensure that goods are ordered from authorised suppliers Control procedure: 1) Only authorised suppliers are used from a preferred supplier list 2) If there is no authorised supplier, a tender should be invited and the best value supplier selected
30
What is the 'objective of control' and the 'control procedures' in response to the purchase risk that the supplier sends goods that are incorrect or substandard? (Receipt of goods)
Control objective - Ensure that goods are received are as ordered in terms of quantity and quality Control procedure: 1) All goods recieved should be checked for quality and quantity 2) A prenumbered Goods Reived Note should be matched and matched to PO.
31
What is the 'objective of control' and the 'control procedures' in response to the purchase risk that goods received are not added to inventory? (Receipt of goods)
Control objective - Ensure goods received are added to inventory Control procedures: 1) Inventory systems should be updated if goods are for resale. If items are for business use, the correct entry should be made to non-current assets etc. 2) GRN should be initialled to show inventory updated
32
What is the 'objective of control' and the 'control procedures' in response to the purchase risk that suppliers invoice for the incorrect product quantity or price? (Receipt of purchase invoice)
Control Objective - to ensure that correct product, quantities and prices are invoiced Control procedure: 1) All invoices received should be checked back to PO and GRN
33
What is the 'objective of control' and the 'control procedures' in response to the purchase risk that invoices are not included in the accounts? (Receipt of purchase invoice)
control objective - to ensure that invoices are included in the accounts control procedure: 1) Invoices should be added to the purchase day book 2) Purchase day book should be posted to the nominal ledger/purchase ledger 3)Supplier statements should be reconciled back to the purchase ledger
34
What is the 'objective of control' and the 'control procedures' in response to the purchase risk that payments are made to the incorrect supplier/incorrect amount? (payment of purchase invoice)
Control objective - ensure payments are made to correct suppliers and for correct amounts Control procedures: 1) Payments whether cheque or bank transfer should be authorised by a responsible official and counter signed over a certain amount 2) All paid invoices should be stamped paid 3) Purchase ledger should be updated promptly/automatically 4) Purchase ledger should be reconciled to nominal ledger monthly
35
What is the 'objective of control' and the 'control procedures' in response to the inventory risk that Inventory is stolen?
Objective of control - inventory is stored securely Control procedure: 1) Should be appropriate physical security 2) Should be regular manual checks to make sure that actual numbers agree to stock records
36
What is the 'objective of control' and the 'control procedures' in response to the inventory risk that inventory could be obsolete or slow moving?
Objective of control - ensure that inventory is current and saleable Control procedure: 1)Regular review of stock listing to monitor slow moving items 2) There should be regular reviews of physical stock to check for damage
37
What is the 'objective of control' and the 'control procedures' in response to the inventory risk that inventory may run out?
Objective of control - ensure that inventory does not run out Control procedure: Regular review of re-order levels
38
What is the 'objective of control' and the 'control procedures' in response to the payroll risk that non bona fide employees are paid?
Objective of control - Ensure that only bona fide employees are paid Control procedure: new employees entered onto or leavers removed from payroll system should authorised by responsible official - segregation of duties between human resources and payroll function
39
What is the 'objective of control' and the 'control procedures' in response to the payroll risk that employees are paid incorrect amounts?
Objective of control - ensure that employees are paid correct amount Control procedure: 1) Time sheets reviewed for all employees 2) Overtime/bonuses should be properly authorised by appropriate manager 3) Changes in pay rates properly documented 4) Monthly payroll should be reviewed for reasonableness by appropriate manager 5) Exception reports generated and reviewed for pay over certain threshold
40
What is the 'objective of control' and the 'control procedures' in response to the payroll risk that Tax and NI are incorrectly calculated?
Objective of control - ensure that Tax and NI are correctly calculated Control procedure: 1) Tax and NI should be calculated by trained official 2) Software used should be updated regularly to account for changes in legislation
41
42
43
44
45
46
47
48
49
50
50
51
52
53
What is the 'objective of control' and the 'control procedures' in response to the payroll risk that wages paid in cash may be stolen?
Objective of control - cash is properly secured Control procedures: 1) Adequate security available 2) Staff must sign to confirm receipt of cash wages 3) Only pay staff directly into bank accounts
53
What is the 'objective of control' and the 'control procedures' in response to the bank and cash risk that petty cash is spent inappropriately?
Objective of control - Proper control of petty cash Control procedure: 1) Expenditure should be appropriately authorised
53
What is the 'objective of control' and the 'control procedures' in response to the bank and cash risk that cash kept on premises could go missing?
Objective of control - petty cash is kept securely Control procedure: 1) Appropriate security for petty cash 2) Imprest system that is regularly checked
53
What is the 'objective of control' and the 'control procedures' in response to the bank and cash risk that receipts go missing or payments are made to unauthorised persons?
Objective of control - Ensure that receipts are banked and all payments are made to bona fide persons Control procedures: 1) Bank reconciliation should be performed at least once per month. This reconciliation should be reviewed and authorised
53
What are the two types of information processing controls that operate within a computer system and what is their nature?
Manual or automated and can be preventative or detective in nature and they aim to ensure transactions are input, processed or output completely, accurately and valid
53
What is the 'objective of control' and the 'control procedures' in response to the bank and cash risk that cheques are paid to unauthorised persons?
Objective of control - Payments are only made to authorised persons Control procedure: 1) At least two persons that sign cheques. Cheques should be kept in a secure location
54
What are 5 examples of information processing controls?
1) Mandatory input fields for websites 2) Checking arithmetical accuracy of records 3) Range/Limit checks on whether a customer has exceeded their credit limit 4) Edit checks of input data 5) Numerical sequence checks
55
What are some examples of general IT Controls?
1) Virus protection 2) Regular backups 3) Operating logs 4) Acquisition and maintenance of new hardware and software, as well as password controls
55
What is a test of control?
1) Evaluation of operating effectiveness of controls in preventing, detecting and correcting material misstatements.
55
How would an auditor test a control?
If auditor told purchase orders are authorised by responsible official - auditor would select sample and inspect for evidence of appropriate authorisation
55
What is the impact on the auditor if the internal controls are found to be strong?
The auditor can perform reduced substantive testing and more tests of control (control risk is lower - reduced chance that errors exist in FS)
55
Can the auditor recommend how a client can improve their controls?
Yes, and this adds value to the audit
56
What is the aim of a substantive test?
Ensure that there are no material misstatements at the assertion level in the client's financial statements
57
When would an internal control system be deemed deficient?
1) If it's designed, implemented or operated in such a way that is it unable to prevent, detect and correct misstatements in the FS on a timely basis 2) If it is missing
58
When would an internal control system be deemed significantly deficient?
1) Merits the attention of those charged with governance and is determined by: 1) Likelihood of deficiency leading to material misstatement 2) Susceptibility of loss or fraud 3) Cause and frequency of exceptions detected as result in deficiencies in controls 4) Volume of activity occurring in the account balance exposed to deficiency
59
How is the communication of significant deficiency communicated to the client?
in writing in a 'report to management' - highlighting deficiency in internal control, potential effects and recommendations
60
What are the four points to cover if drafting a covering letter?
1) Statement report is no comprehensive list of deficiencies, but only significant items that have come to light 2) Clarify report is sole use of company and no disclosures communicated to third party without consent of auditor 3) no responsibility is assumed by auditor to other third parties
61
What are the four factors to be taken into account when assessing the need for internal audit?
1) Size and complexity of the company 2) Scale and diversity of activities 3) Cost/benefit considerations 4) Desire of mgmt to have assurance and advice on risks and controls
62
Role of external auditor?
Objectives: Form an opinion on whether sets of accounts are "true and fair" Standards: Must follow internal Standards of Auditing Report to: Shareholders via auditors report Status: Independent Qualification: Qualified accountant and member of recognised supervisory body
63
Role of internal auditor?
Objectives: Improve company's operations in terms of efficiency and effectiveness of internal controls Standards: Choose to use guidelines of Institute of Internal Auditors Report to: Board of Directors or audit committee Status: Objective Qualification: No formal qualifications required
64
What is the scope of the internal audit function?
1) Reviewing the internal controls of the business 2) Reviewing accounting systems of business 3) Reviewing key risk areas of business, including fraud 4) Preparing schedules for the external auditors
65
What are some advantages of outsourcing the internal audit department?
1) More independent 2) Industry experience and pool of qualified accountants available 3) Experienced auditors increase reliability of findings 4) Cheaper than having a full time presence 5) Quicker set up time
66
What are some disadvantages of outsourcing internal audit department?
1) Lack of client-specific knowledge 2) Loss of internal audit as training ground for new managers of business 3) Possible loss of control over how and when work is performed 4) Possible self-review threat if the external auditors are not being used 5) Potential confidentiality issues
67
What are the three E's of an Value for Money Audit?
Economy - least cost with acceptable level of risk Efficiency - best use of resources Effectiveness - organisational objectives will be achieved
68
What is the formant and content of internal audit review reports?
1) Addressee - normally audit committee or board of directors 2) Terms of reference - who requested the report and what purpose of report is 3) Executive summary
69

Audit Exam (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions