Lecture 4 Flashcards
(22 cards)
internal control
is a process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives
reasonable assurance
an organisation meets its objectives
Satisfaction as to the reliability of the information provided
management
different people are involved in internal control
people effect how internal controls operate
internal control components
- the control environment
- the entity’s risk assessment process
- the information sysstesm
- control activities
- monitoring of controls
internal control evironment
managing integrity, ethical values, competence, philosophy, operating style, assignment of authority and responsibility and human resource policies and practices
Sarbanes Oxley section 404
requires management to evaluate internal controls every year and requires financial auditors to attest to the evaluation. identify the framework used
Sarbanes - section 302
the signing officers must certify that they are responsible for establishing and maintaining internal controls and have designed such internal controls to ensure that material information relating to the company
Sarbanes - section 802
criminal penalties for altering documents
Preventive controls
designed to stop errors or irregularities occuring
detective controls
will not prevent errors from occurring but rather they alert those using the system to errors and anomalies
corrective controls
are designed to correct an error or irregularity after it has occurred
general controls
a manual and IT control affecting the overall information of the organisation; the objective is to provide a reasonable level of assurance that the overall objectives of internal control are achieved
application controls
specific controls over specific applications
Security controls
Secure the computing infrastructure from internal and external threats
Database controls
database processing involves simulatenously updating of multiple tables
Business continuity controls
must develop and follow a sound backup strategy to prevent disruption of business activity due to computer failures and disasters
deterrent controls
intended to discourage individuals from intentionally violating information security policies and procedures
recovery controls
restore lost computing resources or capabilities and help the organisation recover monetary losses caused by security violation
compensating controls
attempt to reduce the risk that an existing or potential control weakness will result in a failure to meet a control objective
Limitations of controls
- judegement of error
- unexpected transactions
- collusion
- management override
- weak internal controls
- conflicting signals
documenting controls
once controls are established it is essential to ensure that documentation outlines how these controls operate
methods of documentation
- narrative descriptions
- questionnaires and check lists
- flow charts
- control matrix
