Module 3 Internal Control Systems Flashcards Preview

ICAS TC Assurance and Reporting > Module 3 Internal Control Systems > Flashcards

Flashcards in Module 3 Internal Control Systems Deck (9)
Loading flashcards...
1
Q

What is the purpose of a system of internal control?

A

To provide directors with reasonable assurance over:

The reliability of financial reporting

The effectiveness and efficiency of operations

Compliance with applicable laws and regulations

2
Q

What are the five components of internal control?

A

CRIME

Control Environment - Management view/attitude
Risk assessment process - How is risk assessed?
Information Systems - Ensuring data is complete and accurate
Control activities - the procedures and policies of implementing internal control
Monitoring of controls - How the control activities monitored

3
Q

What is accounting information systems?

A

Structures used by organisations to collect, store and process financial and accounting data

4
Q

What are the 5 categories of control activities?

A

APIPS

Authorisation control - Transactions are authorised by personnel acting within the scope of their authority

Performance Review - Reviewing information to highlight any exceptions or controls that have not operated effectively

Information processing controls - IT General Controls and Application controls (Transactional level) (IT Application Controls/ Manual Application controls)

Physical controls - Limit access to assets and important records

Segregation of duties - To mitigate the risk that individuals are put in a position that they would be able to carry out a fraud or error and then conceal it

5
Q

What are the six commonly used IT application controls

A

Audit Log - Keeping a log of activities that can be reviewed

Batch controls - A manual count is made before entering into the system and the numbers are compared at the end to make sure it is correct

Programmed Editing - Computer is programmed to anticipate entries fields

Calculation - Automatic calculations

Check digits - A alphanumeric digit added to a number for detecting the sorts of errors humans typically make.

Exception reports - A report that identifies any transactions that are outside the normal expected range

6
Q

What are the limitations of internal control systems?

A

RC CHUM

Relevancy/Obsolescence - Control activities can become irrelevant over time as technologies and business needs change

Cost - When the cost is greater than the benefit

Collusion - Two or more employees working together to circumvent control activities

Human error - the risk of mistakes

Unusual/infrequent transactions - Unusual/Infrequent transactions are inherently risky.

Management override - The risk of management overriding controls

7
Q

What are the four commonly covered areas by ITGC?

A

Access to programs and data
Program changes and development
Computer operations
Continuity of operations

8
Q

Program changes and development, what needs to be considered?

A

Authorisation
Development
Testing
Approval

9
Q

What are the stages of system development life cycle

A
Business analysis
Feasibility study 
Systems analysis 
Design
Development
Testing 
Implementation 
Maintenance 
Post implementation review
Enhancements/Wish list