What is the definition of an Internal Control (IC) system according to ISA 315?
The process designed, implemented, and maintained by management to provide reasonable assurance about the achievement of the entity’s objectives regarding the reliability of financial reporting, effectiveness and efficiency of operations, and compliance with laws and regulations.
What are the inherent limitations of an internal control system?
- Cost vs. Benefit,
- Directed at routine transactions,
- Human error,
- Collusion to circumvent controls,
- Abuse of responsibility,
- Controls becoming inadequate.
What is the auditor’s responsibility regarding internal control?
To gain an adequate understanding of the business and its internal control system through inquiry, observation, inspection of documents, and walk-through tests.
How must an auditor document their understanding of the internal control system?
Using 1. System descriptions, 2. Internal Control Questionnaires (ICQs), and 3. System flowcharts.
What are the five components of the COSO internal control framework?
- Control Environment, 2. Risk Assessment Process, 3. Information System & Communication, 4. Control Activities, 5. Monitoring of Controls.
What does the Control Environment component encompass?
The overall attitude and actions of management regarding internal control (e.g., commitment to competence, ethical values, organizational structure, governance participation).
What is the Risk Assessment Process?
The process by which management identifies and responds to business risks that threaten the achievement of its objectives. It involves identification, quantification, and evaluation of risks.
What are the five steps in the information system for financial reporting?
- Initiate (Decision & approval), 2. Execute (Implementation), 3. Record (Source documents), 4. Process (Accounting records), 5. Report (Financial statements).
What does the ‘S’ in the SCRRAR control activities acronym stand for?
Segregation of Duties. It means separating incompatible functions like authorization, execution, recording, and custody of assets.
What does the ‘C’ in the SCRRAR control activities acronym stand for?
Access Control. This involves physical and logical security measures to protect assets and records.
What does the first ‘R’ in the SCRRAR control activities acronym stand for?
Independent Review. A second person independently checks and signs off on the work of the first person.
What does the second ‘R’ in the SCRRAR control activities acronym stand for?
Documentation and Records. This involves the design (pre-numbered, pre-printed) and control (register, safeguarding) of documents.
What does the ‘A’ in the SCRRAR control activities acronym stand for?
Authorisation and Approval. Transactions must be authorized by designated personnel according to company policy, with evidence like a signature.
What does the final ‘R’ in the SCRRAR control activities acronym stand for?
Reconciliation. Comparing different sets of records (e.g., bank account vs. bank statement, sub-ledger vs. general ledger) or physical counts to recorded amounts.
What are the three primary control objectives for transactions?
- Validity, 2. Completeness, 3. Accuracy.
What does the control objective ‘Validity’ ensure?
That all recorded transactions were authorized, actually occurred, relate to the correct period, and are supported by appropriate documentation.
What does the control objective ‘Completeness’ ensure?
That all transactions that occurred are recorded, in a timely manner, and that none are omitted.
What does the control objective ‘Accuracy’ ensure?
That transactions are recorded at correct amounts, correctly classified in the accounting records, and correctly summarized and posted.
What are the three steps management should take to design an internal control system?
- Identify risks (‘What could go wrong?’), 2. Formulate control objectives, 3. Apply internal control components to design a system that addresses the risks and achieves the objectives.
What is the purpose of monitoring controls?
To assess the effectiveness of the design and operation of internal control measures over time. This is often the responsibility of the internal audit function.
Name the typical business cycles in an accounting system.
Purchases & Payments, Sales & Receipts, Salary & Wages (HR), Inventory & Production, Investment & Financing, Cash & Bank.
What is the overall goal of an internal control system?
To provide reasonable assurance regarding the achievement of objectives in: 1. Reliable Financial Reporting, 2. Effective & Efficient Operations, and 3. Compliance with Laws & Regulations.
