Internal controls

Question 1

What is the audit risk model?

Answer 1

Audit risk = Inherent risk x control risk x detection risk

Question 2

What is inherent risk?

Answer 2

The risk of misstatement

Question 3

What is control risk?

Answer 3

Risk that misstatement is not prevented or detected by internal controls (Test of controls)

preventative controls and detective controls.

Question 4

What is Detection risk?

Answer 4

Risk of the auditor failing to detect material misstatement (Substantive tests)

Question 5

What is internal control?

Answer 5

The process designed, implemented and maintained by those charged with governance.

• effectiveness and efficiency of operations
• reliability of financial reporting
• compliance with applicable laws and regulations.

Question 6

What are the reasons for internal controls?

Answer 6

• Preventing and detecting fraud/error.
• minimising and mitigating the companies business risk
• ensuring the company complies with relevant laws and regulations.

Question 7

What are the director’s responsibilities?

Answer 7

They need to prepare reliable financial statements and keep accurate accounting records.
They need to design and implement such internal controls as they deem necessary to prepare financial statements.

Question 8

Why can internal controls never be 100%?

Answer 8

They all have some inherent risk e.g., they cant guarantee efficiency or eliminate fraud.

human element - some are only as good as the person operating them. may make a mistake implementing them.

collusion - two or more people colluding together to bypass a control (segregation of duties)

Unusual transactions - controls are generally designed to deal with what routinely happens (control may not register the unusual transaction

Question 9

How can a auditor obtain info about controls?

Answer 9

• manuals of internal controls / copies of policies
• access the controls of previous years and prior deficiencies
• talk to staff about operating the internal controls
• observation, making notes.

Question 10

1 - Control Environment

Answer 10

Auditors will evaluate this as part of their risk assessment. (includes governance, management functions and attitudes).

If strong more likely to rely on control systems of entity.

Audit committee is an aspect of control environment as its a sub-committee of the directors. They are responsible for overseeing an entity’s internal controls structure, financial reporting and compliance with relevant laws and regulations.

Question 11

What are the Audit committees responsibilities?

Answer 11

• Review integrity if financial statements
• Review adequacy of internal controls + risks
• monitor and review effectiveness of the internal audit
• recommend appointment and removal of external auditors.

Question 12

2 - Business Risk and Entity’s risk assessment process

Answer 12

Business risk can result from conditions, events and circumstances. This could affect ability to meet objectives and strategies
Entity’s risk assessment process is a component of internal controls which are responsible for identifying business risks relevant to financial reporting objectives.

Risks are both internal and external things that threaten the accomplishment of objectives.

Question 13

Why are internal controls implemented?

Answer 13

They are implemented by management to manage business risks.

Question 14

What are the relevant actions when identified a business risk?

Answer 14

Assess the significance of risk - Assess likelihood of risk occurring - Agree actions to mitigate risk

Question 15

3 - information systems relevant to financial reporting

Answer 15

This is the accounting system and the internal control systems.

It is a component on internal control that includes the financial reporting system.

Consists of the procedures and records established to initiate, record, process and report entity transactions.

Question 16

What will the auditor be interested in to do with these systems and their reliability?

Answer 16

• The classes of transactions that are significant
• The procedures by which they are initiated, recorded, processed, corrected etc
• the related accounting records and supporting info
• how systems capture other events other than the significant ones

Question 17

4 - control activities

Answer 17

These are initiated by those charged with governance to safeguard company assets by detecting/preventing fraud and error.

They are policies and procedures that help ensure that management directives are carried out.
each control may prevent or detect an error

Question 18

Control - Authorisation

Answer 18

Approval of transactions and documents

(e.g. overtime should be approved by department manager)

Question 19

Control - Performance reviews

Answer 19

Comparing actual performance to budgets, forecasts and prior periods.

E.g. A review highlights and explains any unexpected variance.

Question 20

Control - Information processing

Answer 20

Controls to check the accuracy, completeness and authorisation of transactions.

e.g. application controls and general IT controls

Question 21

Controls - Segregation of duties

Answer 21

Using different individuals for authorising, processing and maintain custody of assets.

e.g. the staff who record the transactions should not carry out the reconciliations.

Question 22

Control - Physical controls

Answer 22

Physical security of assets, access authorisation and periodic counting to check control accounts.

e.g. ensuring the company safe is locked and physical count of petty cash.

Question 22

What is application controls?

Answer 22

Manual or automated procedures that operate at a process level.

They can be preventative or detective in nature and are deigned to ensure the integrity of accounting records. (input, processing or output of data)

Question 23

What is an example of application controls?

Answer 23

Controls over input accuracy (e.g. downloading of data) - digit verification, reasonableness test.

Controls over input authorisation - manual and automatic checks (digital signature)

Question 24

What is an example of general controls?

Answer 24

Prevention or detection of unauthorised changed to programs - password protection, virus checks.

Controls to prevent unauthorised changes to data files - passwords.

Question 24

What are general controls?

Answer 24

Policies and procedures that relate to many applications,

They are controls that help to ensure the continued proper operation of information systems

Question 25

What are cyber security risks?

Answer 25

Human threats
Fraud
Sabotage
Viruses

Question 26

What are some cyber security controls?

Answer 26

Preventions - system access controls
Detections - a log of unauthorised changes
Deterrence - deter misuse
Procedure policies
Security to prevent unauthorised access

Question 26

5 - Monitoring of Controls

Answer 26

Internal control systems are monitored by management to assess their effectiveness.

Ongoing monitoring is necessary to react dynamically to changing conditions.

Question 27

How can I identify risks in the exam?

Answer 27

People - look an the name, job and department
Documents - invoices, RNs, order forms, inventory listings
Processes - data input, recording, delivery, receiving goods.
Controls - authorisation, approval and checks

Question 28

For test of controls what words should you use?

Answer 28

Observe
Inspect
Examine
Preform
Check