General IT controls

Question 1

What is a general IT control

Answer 1

A control over the businesses IT processes ensuring reliability and security.

They apply across the entire IT organisation system.

They also ensure continued functioning of the information processing controls.

Question 2

Examples Of GIC

Answer 2

Passwords to restrict access

Back up procedures and recovery plans to ensure continued operation.

Virus checks and restricted access to ensure prevention of unauthorised changes to systems

Question 3

What is a Information Processing control

Answer 3

Controls over processing of Information.

It aims to detect errors or fraud within specific transaction processes.

The controls are at the business level and ensure accuracy and completeness of inputs.

Question 4

Examples of IPC

Answer 4

Signatures as a control over input authorisation of data.

Batch checks e.g of invoices as a control of accuracy

Document counts as a control over completeness

Question 5

Example, what is one-to-one checking and segregation of duties

Answer 5

One to one checking is at a data level and checking data accuracy so is Information processing control

Segregation of duties is a general IT system as it is general and not related to a specific piece of data.

Question 6

Control activities (Crime)

Answer 6

Policies and procedures to ensure management directives (actions/procedures instructed by management) are carried out

Aim is to correct material misstatement.

Question 7

What the auditor is focused on relating to control activities

Answer 7

Whether the control prevents an error occurring or detects the error has happened and corrects it.

Question 8

5 types of control activities nemonic

Answer 8

SPARV

Question 9

S

Answer 9

Segregation of duties- separate personell responsible for activities.

Question 10

P

Answer 10

Physical or logical controls-

e.g safes, swipe cards for doors, passwords,

Petty cash count (logical)

Question 11

A

Answer 11

Authorisation approval e.g approving NCA purchase or overtime

Question 12

R

Answer 12

Reconciliations e.g compare bank st and cashbook

Question 13

V

Answer 13

Verifications- compare actual expenditure with budgeted and investigate difference

Similar to reconciliation however with a reconciliation we expect a match but not with a verification.

Question 14

entity’s process of monitoring the system of internal control (criMe)

Answer 14

Management need to ensure the controls are actually taking place and fit for purpose.

They should consider whether it is suitable for the size of the organisation.

Question 15

Who can monitor the effectiveness of internal controls

Answer 15

Directors

The audit committee

Internal auditors

Question 16

Limitations of internal controls- Who is vulnerable and why

Answer 16

Often it is harder implementing controls for smaller companies.

There are a few people in each department and therefore there may not be enough staff members to review the work.

Often there is a single person in charge of the entire process e.g sales process. Can lead to manipulation

Often smaller companies have less experienced staff and so may not have the technical knowledge for all circumstances.

Question 17

Limitations of internal controls

Answer 17

Expense of internal control- technology, extra staff etc

Controls often operated by people.This can lead too human error and therefore not detection.

Collusion- staff may get together and override controls

Unusual transactions- Often don’t pass through the normal system and therefore may bypass internal controls too.