Chapter 8 - Internal control systems Flashcards Preview

SBL > Chapter 8 - Internal control systems > Flashcards

Flashcards in Chapter 8 - Internal control systems Deck (25)
Loading flashcards...
1
Q

Define internal control

A

A process affected by an entity’s board of directors to provide reasonable assurance regarding achievement of objectives, reporting and compliance

2
Q

Define COSO

A

The US standard approach to internal controls

3
Q

What is the FRC?

A

UK guidance relating to risk management and internal controls

4
Q

What are the objectives of internal control systems?

A

RORCS

  • Risks - manage them
  • Operations - maintain effectiveness and efficiency
  • Reporting - ensure reliability
  • Compliance - support compliance with regulations
  • Safeguarding - shareholders investments
5
Q

What are the limitations of internal control?

A
  • Only reasonable assurance
  • Cost vs benefits
  • Potential for human error or fraud
  • Collusion between employees
  • Possibility of management override
  • System only designed to cope with routine transactions
  • Out of date controls
6
Q

What does the COSO cube do?

A

Illustrates how internal controls operate across three dimensions:

  • Objectives
  • Components of internal control
  • Levels of the organisation
7
Q

What are the components of the COSO cube under ‘Objectives’?

A
  • Opertations
  • Reporting
  • Compliance
8
Q

What are the components of the COSO cube under ‘components of internal control’?

A

CRIME

  • Control activities - policies and procedures
  • Risk assessment - how risk analysed
  • Information and communication - info is relevant
  • Monitoring activities - regular review
  • Environment (control) - attitude to internal control
9
Q

What are the components of the COSO cube under ‘levels of the organisation’?

A
  • Entity level
  • Division
  • Operation unit
  • Function
10
Q

What are the categories of control?

A
  • Corporate controls - general policy statements, culture
  • Management controls - performance monitoring
  • Business process controls - authorisation limits, reconciliation of sources
  • Transacation controls - completeness and accuracy checks
11
Q

Define administrative controls

A

Controls concerned with achieving the objectives of the organisation and with implementing policies

  • Establish structure
  • Division of managerial authority
  • Channels of communication
12
Q

Define accounting controls

A

Controls aiming to provide accurate accounting records

  • Recording of transactions
  • Establishing responsibilities
13
Q

Define discretionary controls

A

Controls that are subject to human discretion e.g. goods not being dispatched to customer with overdue account

14
Q

Define non-discretionary controls

A

Controls provided automatically by system and cannot by bypassed e.g. ATM asking for PIN number

15
Q

Define general controls

A

Controls that relate to the environment in which the application system is operated

16
Q

Define application controls

A

Controls that prevent, detect, correct errors

17
Q

What are the different forms of control activity?

A

APIPS

  • Authorisation
  • Performance reviews
  • Information processing
  • Physical controls
  • Segregation of duties
18
Q

What are the qualities of good information?

A

ACCURATE

  • Accurate
  • Complete
  • Cost-beneficial
  • User-friendly
  • Relevant
  • Authoritative - source should be reliable
  • Timely
  • Easy to use
19
Q

What should be covered in external reporting on internal controls?

A
  • Acknowledgement that the board are responsible for system of internal control
  • Explain that such a system is designed to manage rather than eliminate risk of failure (reasonable assurance)
  • Summary of the process directors have used to review effectiveness
  • Information about deficiencies that have resulted in material losses.
20
Q

What are the advantages of audit committees?

A
  • Quality of financial reporting (review FS on behalf of board)
  • Discipline and control climate
  • Enable NED to contribute independent judgement
  • Channel of communication for external auditor
  • Greater degree of independence for internal audit function
  • Increase public confidence
21
Q

What are the disadvantages of audit committees?

A
  • Not clear what they do as findings not always made public
  • Drag on entrepreneurial flair
  • Barrier between external auditors and main board
  • Less effective if under influence of dominant board member
22
Q

Who should be on the audit committee?

A

At least three NED’s, one should have recent and relevant financial experience

23
Q

What are the responsibilities of the audit committee?

A
  • Monitoring and review (FS, independence of external auditors)
  • Overseeing (internal audit, appointing external auditors, remuneration for external auditors)
  • Policy setting (non-audit services)
  • Whilstleblowers
  • Responses to audits
24
Q

How can the quality of an internal audit be assessed?

A
  • Scope of work
  • Authority - if their reports are reviewed and actioned
  • Independence
  • Resources
25
Q

How can independence of internal auditors be achieved?

A
  • Report to board not to finance director
  • Should not conduct audits on departments in which they have worked
  • Should not conduct post-implementation audits where they have designed systems
  • Rotation of staff