Chapter 7 - Internal Controls

Question 1

What is the definition of Internal Controls?

Answer 1

To provide reasonable assurance to achieve Company objectives and to mitigate risk.

Question 2

List at least three reasons why we internal controls?

Answer 2

1- Safeguard Assets
2- Ensure accuracy and reliability of financial reporting
3- Ensure Compliance with laws and regulations
4- Promotes operational efficiency
5- To prevent and detect fraud
6- To facilitate monitoring and oversight.

Question 3

What primary control framework is used for internal controls?

Answer 3

COSO-Framework

Question 4

What are the 5 main components of the COSO-Framework for a good control environment?

Answer 4

Control Environment
Risk Assessment
Control Activities
IT
Monitoring Activities

Question 5

What is the first step to determine what controls for a company need to be set up?

Answer 5

You need to know what control framework they are following (e.g. COSO)

Question 6

After you know what control framework the company is operating under, what is the next step you need to understand before you set up internal controls?

Answer 6

Understand the environment (How, what, where the business operates), as well as the financial risks the company could deal with.

Question 7

After knowing the framework, environment, the financial risks the company may be exposed to, what is the next step you need to understand before you develop internal controls?

Answer 7

You need to know what management assertions & IT Systems need to be support for a particular process.

Question 8

What are the final steps you need to consider before you complete you control environment?

Answer 8

What monitoring activities need to be set up. These include Management Operational monitoring (E.g. Controllership) and functional monitoring and testing (Legal Compliance and Internal Audit Testing).

Question 9

What are the three lines of internal control defense?

Answer 9

1- Management and Operational Owners of Controls
2- Risk and Compliance Monitoring of Controls
3- Internal Audit Testing

Question 10

Where does External Audit Testing fall in the three lines of Defense?

Answer 10

They are outside the 3 lines of defense, as those are within the Company.

Question 11

What is the difference between a test of controls and a substantive test?

Answer 11

A test of controls is to determine if a control is functioning and supporting management assertions (e.g. Approval of Journal Entries), but it does not support the evidence associated with a management assertion. (e.g. Physical Examination). The evidence supporting a management assertion is a substantive test.

Question 12

What is the difference between SOX 404a & 404b?

Answer 12

404a is managements annual assessment of internal controls and 404b is the external auditor’s assessment of internal controls.