What is internal controls?
The whole system of controls, financial and otherwise established by the management in order to carry out the business of the enterprise in an orderly and efficient manner, ensure adherence to management policies, safeguard the assets, present and detect fraud and errors and secure as far as possible the completeness and accuracy of the records
what are information flows
refer to processes by which information is exchanged between people and systems within the entuty
what is the purpose of internal controls?
help an organisation to achieve its objectives and mitigate the business risks it faces
What are examples of internal controls?
- quality controls
- credit controls- to limit bad debts
- inventory ordering controls
- payroll controls- ensure employees are paid the right amount
what are the limitations to internal controls?
- human error
- unusual transactions outside the scope of controls
- collusion
- management override
-special considerations in small companies:
informal nature/ lack of documentation
limited staff
what are the reporting rules for internal controls?
Directors of companies applying the UK Corporate Governance Code are required to report on risk management and systems of internal control in the companies annual reports
What are the components of internal control set out in ISA 315?
- Control environment
- The entity’s risk assessment process
- Information system and communication
- Control activities
- Monitoring
what is meant by the control environment?
includes both the governance and management functions of an organisation.
It will focus upon the attitudes, awareness and actions of those responsible within the business for designing, implementing and monitoring internal controls.
What would indicate a strong control environment?
- existence of an audit committee
- An internal audit function
- effective documentation of control systems
- the importance of controls communicated to all staff members
- no management override controls
What is meant by an audit committee?
subsection of the board of directors which has a particular interest in the accounting and finance activities of the company
Effective systems of internal control consist of five integrated elements. These include:
a)control activities.
b)control environment.
c)governance.
d)information and communication.
e)monitoring.
a,b, d, e
Which element of an effective systems of internal control is most concerned with the day-to-day procedures put in place to ensure continuation of business processes?
a)control activities.
b)monitoring activities.
c)risk assessment.
d)control environment.
a
what is meant by business risk?
Business risk is a risk resulting from significant conditions, events, circumstances, actions or inactions that could adversely affect an entity’s ability to achieve its objectives and execute its strategies, or from the setting of inappropriate objectives and strategies.
what can cause risks to arise or change?
- changes in operating environment
- new personnel
- new or revamped information system
- rapid growth or corporate restructuring
- new technology
- new business models, products or activities
- expanded foreign operations.
what is meant by information systems and communication?
include the financial reporting system and consist of the procedures established to initiate, record, process and report entity transactions and to maintain accountability for the related assets, liabilities and equity
- examples: ledger, daybooks
What information systems and communications are auditors interested in?
- systems for preparing financial statements
- accounting software used
- accounting records and books
- roles and responsibilities allocated to personnel
What is meant by control activities?
the policies that help ensure that management directives are carried out
what are preventative controls
prevent errors occuring
what are detective controls?
identify an error has occurred and correct it
what are the 5 control activities the ISA 315 set out? (Examinable topic)
- authorisation and approval
- reconciliations
- verifications
physical or logical controls - segregation of duties
what is meant by authorisation and approval controls?
affirms that a transaction is valid these can be manual or automated
what is an example of authorisation and approval controls?
- supervisor approving an expense report after reviewing
- director reviewing then signing back reconciliations
what is meant by reconciliations controls?
Controls that compare two or more data elements. If differences are identified, action is taken to bring the data into agreement
