Module 3

Question 1

Components of internal control

Answer 1

There are five - CRIME.
Control activities
Risk assessment systems 
Information systems 
Monitoring of controls
Control environment

Question 2

What are control activities

Answer 2

policies and procedures management put in place to ensure their directives are carried out

Question 3

What are Risk assessment systems

Answer 3

Process by which business risks are identified and managed

Question 4

What are Information systems

Answer 4

Record financial and non-financial data to maintain accountability

Question 5

Monitoring of controls

Answer 5

Ongoing assessment by management

Question 6

Control environment

Answer 6

Overall attitude - tone

Question 7

What are Business processes

Answer 7

series of activities that enable a company to meet one or more of its objectives

Question 8

Business risk

Answer 8

the threat an action or event will adversely affect the orgs ability to achieve its objectives

Question 9

Accounting information systems

Answer 9

structures used by organisations to collect, store and process financial and accounting data

Question 10

Preventative controls

Answer 10

stop errors happening

Question 11

Detective controls

Answer 11

pick up errors after they’ve happened

Question 12

Control activities categories

Answer 12

APIPS
Authorisation controls
Performance reviews 
Information processing controls 
Physical controls 
Segregation of duties

Question 13

Authorisation controls

Answer 13

transactions authorised by personnel wihtin their scope of authority

Question 14

Performance Review

Answer 14

Management can review information highlighting any exceptions or controls not working

Question 15

Physical controls

Answer 15

Limit access to assets or important records

Question 16

Segregation of duties

Answer 16

Mitigates risk that someone could commit fraud or error and then conceal it

Question 17

Sub categories of Information processing controls

Answer 17

1. IT General Controls
2. Application controls 2.1 IT Application Controls
   2. 2.Manual Application Controls

Question 18

(ITGCs) IT general controls

Answer 18

bubble around the IT systems and controls 
don't operate at the transaction level 
APOC
Access to programs and data
program changes and development 
computer operations
continuity of operations 

e.g.
use of passwords and id 
hardware and software are adequate 
maintaining IT systems
backup and recovery procedures

Question 19

What are Application controls

Answer 19

Operate at the transaction level and apply to processing of specific types of transactions to ensure they are genuine, accurate and complete.
Both manual and automated

Question 20

Specific examples of IT Application controls

Answer 20

Audit log, Batch controls, programmed editing, calculation, Check digits and exception reports

Question 21

What are entity-level controls

Answer 21

controls that help establish the tone and culture. May be known as soft controls.
e.g.
Code of Ethics, handbook, values

Question 22

Limitations of Internal Control Systems

Answer 22

RC CHUM
Relevancy
Cost
Collusion
Human Error
Unusual/ infrequent transactions
Managerial override

Question 23

IT Risks

Answer 23

Related to APOC

Question 24

Access to programs and data

Answer 24

All staff should know the policies.
Access should be restricted via
-physical access e.g. access cards, separate computer room
- user access by user ID and passwords
-administrator access- only to appropriate staff

Question 25

Program Changes and Development

Answer 25

Must consider DATA

Authorisation, development, testing, approval

Question 26

What is the Systems Development Life Cycle

Answer 26

process to introduce, develop, maintain and enhance software

Question 27

Computer Operations

Answer 27

Need to make sure they run efficiently to achieve business objectives. Should consider job processing, backup and recovery and incident and problem management procedures.

Question 28

Continuity of Operations

Answer 28

Most organisations will have disaster recovery plan