internal controls Flashcards Preview

test > internal controls > Flashcards

Flashcards in internal controls Deck (21)
Loading flashcards...
1

Definition of Internal Control

A process effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting and compliance.

2

Four basic purposes of internal controls

Safeguard assets, ensure reliable financial reporting, promote operating efficiency, encourage compliance with management directives.

3

Three functions that relate to separation of duties

Custodial function: Handling cash, handling inventories, tools or FA, writing cheques, receiving cheques in the mail.

Recording function: Preparing SD, entering data online, maintaining journals, files, ledgers & databases, preparing reconciliations, preparing performance reports

Authorisation function: Authorising decisions or transactions

4

Inherent risk

Exists before management takes any steps to control the likelihood and impact of an event

5

Residual risk

Remains after management implements internal controls or some other response to risk

6

Types of internal controls

Physical - swipe cards, passwords
Information system - software
Application - ensure transactions are correctly processed, accurate, reliable, valid and complete

7

Brown's Taxonomy of Risk

Financial: Market risk, credit risk, liquidity risk

Operational: Systems risk, human error risk

Strategic: Legal and regulatory risk, business strategy risk

Hazard: Director's and officer's liability risk

8

Functions of Internal controls

Preventive: Minimises the risk of an undesired event before they arise

Detective: Alerts relevant parties that an event has occurred

Corrective: Takes steps to prevent the event happening again and fixes the resulting loss

9

General authorisation

Any employee can process transactions under $1,000

10

Specific authoristion

A manager is required for any transactions over $1,000

11

Three functions of duties

Custodial, recording, authorisation

12

Examples of custody function

- Handling cash
- Handling inventories, tools, or fixed assets
- Writing cheques
- Receiving cheques in the mail

13

Examples of recording function

- Preparing source documents
- Entering data online
- Maintaining journals, files, ledgers, databases
- Preparing reconciliations
- Preparing performance reports

14

Examples of authorisation function

- Authorising decisions and transactions

15

Cost/benefit analysis

Impact
Likelihood
Expected loss
Reduction in expected loss
Cost
Net benefit

16

COSO Framework

1. Control environment
2. Risk assessment
3. Control activities
4. Information and communication
5. Monitoring

17

1. Control environment

Organisation's overall attitude about internal controls
e.g. training, communication, having an open door policy

18

2. Risk assessment

Organisation's risk exposures, uses Brown's taxonomy. It is critical to identify in order to create internal controls
e.g. the wireless network may be compromised

19

3. Control activities

Specifies internal controls to address the risks, these can be policies, processes, procedures etc (preventive, detective, corrective).
e.g. strong network security, firewalls, data encryption

20

4. Information and communication

How internal control plan is disseminated through out the organisation, how shareholders are made aware of IC plans
e.g. required annual training on internal control

21

5. Monitoring

Ensuring ongoing effectiveness and adapts to changing risks
e.g. committee reviews and updates the internal control plan regularly