Chapter 5 - Intro to internal control and info flow Flashcards
(32 cards)
What is a system of internal control?
System designed and maintained by those charged with governance and management of assurance
What are the steps when implementing internal controls?
- Identify risks
- Implement controls to mitigate
What is the purpose of internal controls?
- Minimise risks
- Ensure effective functioning
- Compliance with rules
What are the limitations of internal controls?
- Human error possibility
- Collusion
- Unusual transactions
- Hard for small companies to implement
What are the 5 components of internal control set out by ISA 315?
- Control environment
- Entity’s risk assessment process
- Entity’s process to monitor internal controls
- Info system and communication
- Control activities
What does the extent of reliance on internal control depend on?
Nature of the engagement and practitioner’s expectations of effectiveness of controls
What is the control environment?
Includes the governance and management functions and the attitudes, awareness and actions of those charged with governance and management
What is the audit committee?
Sub-committee of the board of directors responsible for overseeing entity’s internal controls
What happens in a strong control environment?
Management ensures individuals have the competence to perform roles
What does the audit committee comprise of?
NEDs
What does the UK corporate governance code require the audit committee to have written terms of reference on?
- Review integrity of financial statements
- Review internal financial controls
- Monitor internal audit function
- Monitor external auditor
What is the risk assessment process?
Iterative process for identifying and analysing risks
What is a business risk?
Risk resulting from significant conditions that could adversely affect achievement of objectives
What is the role of a company’s internal audit department?
Review overall control system
Are smaller companies likely to have an internal audit function?
No
What is meant by info system and communication?
Components of internal control that includes the financial reporting system and records of transactions
What are control activities?
Policies and procedures that help ensure management directives are carried out
What is the most tangible internal control for auditors?
Control activities
What forms can control activities take?
Manual or computerised
What are the different types of control activity?
- Authorisation and approvals
- Reconciliations
- Verifications
- Physical controls
- Segregation of duties
What are the risk to cyber security?
- Human threats
- Fraud
- Deliberate sabotage
- Viruses
- Malware
- DoS
What suggestions to combatting cyber risks did the IACEW 2014 Audit insights report make?
- Communications is a key barrier
- Organisational structure need to define responsibility
- NEDs and audit committee need to play an active role
What are the 3 types of docs used for recording the understanding of the business?
- Narrative notes
- Questionnaires/checklists
- Diagrams
What is the best way of recording relationships and reporting lines?
Organisation charts and family frees
