Internal Control

Question 1

What is the main purpose of internal control?

Answer 1

To facilitate the achievement of the organisation’s objectives

An effective system of internal control involves established processes and practices applied by the board of directors, management, and personnel.

Question 2

List the main categories of objectives in internal control.

Answer 2

• Operations objectives
• Reporting objectives
• Compliance objectives

These categories help in assessing the effectiveness and efficiency of an organisation’s activities.

Question 3

What framework is recognized for designing and implementing internal controls?

Answer 3

Internal Control – Integrated Framework by COSO

COSO provides a flexible, principles-based approach applicable to any type of entity.

Question 4

True or false: An effective internal control system can completely eliminate risk.

Answer 4

FALSE

COSO uses ‘reasonable assurance’ to acknowledge that limitations exist in all systems of internal control.

Question 5

What are the five integrated components of internal control according to COSO?

Answer 5

• Control environment
• Risk assessment
• Control activities
• Information and communication
• Monitoring activities

These components are essential for achieving an organisation’s objectives.

Question 6

Fill in the blank: The control environment includes considerations such as the integrity and ethical values of the organisation, the organisational structure, and the assignment of _______.

Answer 6

authority and responsibility

The control environment is foundational for establishing control activities.

Question 7

What does segregation of duties aim to reduce?

Answer 7

The risk of error or fraudulent actions

It involves dividing responsibilities among different individuals.

Question 8

List examples of physical controls in internal control.

Answer 8

• Secure entry systems
• Cameras
• Security guards
• Safes and locked storage areas
• Regular inventory checks

These controls protect assets against damage, theft, or unauthorized access.

Question 9

What type of control is represented by the requirement for authorisation and approvals?

Answer 9

Authorisation and approval controls

These controls affirm that a transaction is valid and prevent unauthorized transactions.

Question 10

What is the role of supervisory controls?

Answer 10

To ensure other control activities are performed completely, accurately, and timely

Supervisory controls are typically implemented over higher risk transactions.

Question 11

What is the purpose of reconciliation, verification, and arithmetical controls?

Answer 11

To address completeness and accuracy of processing

Examples include bank reconciliations and checking payroll calculations.

Question 12

What is the benefit of automated technology controls?

Answer 12

They are generally more reliable and less susceptible to human errors

Examples include financial process controls that match purchase orders with invoices.

Question 13

What is the ultimate responsibility for overseeing a company’s system of internal control?

Answer 13

The organisation’s board of directors

In the absence of a board, other governance structures may assume this responsibility.

Question 14

Why is documentation important in internal control?

Answer 14

• To define roles and responsibilities
• To capture the design of internal controls
• To assist in assessing effectiveness
• To aid in training new personnel

Comprehensive documentation supports the internal control system’s integrity.

Question 15

What does the risk assessment process involve?

Answer 15

Identifying and assessing risks to the achievement of objectives

It is a dynamic and iterative process that informs control activities.

Question 16

Fill in the blank: Internal control should be based on a _______ and risk-oriented approach.

Answer 16

systemic

This ensures adequate controls in high-risk areas and avoids excessive controls in low-risk areas.

Question 17

What is the significance of monitoring activities in internal control?

Answer 17

To ensure components of internal control are present and functioning

Monitoring helps identify deficiencies that need corrective action.

Question 18

What are the three-way match controls in vendor payments?

Answer 18

Ensures vendor invoices match with purchase orders and receiving reports

This control prevents unauthorized payments and ensures accuracy in financial transactions.

Question 19

What is the purpose of performance review in an organization?

Answer 19

To compare operating or financial data against expectations or policy

This helps management monitor the organization’s performance and make informed decisions.

Question 20

Define automated technology control.

Answer 20

Uses technology to automate control activities, reducing human error

This enhances the reliability of control processes within an organization.

Question 21

What is the role of authorisation and approval control?

Answer 21

Ensures transactions are valid and approved by authorized personnel

Typically involves someone higher in the reporting hierarchy than the initiator.

Question 22

What does reconciliation, verification, and arithmetical control involve?

Answer 22

Comparison of two or more items to ensure completeness and accuracy

This control helps identify discrepancies and ensures compliance with policies.

Question 23

What are organisational controls?

Answer 23

Establish reporting lines, hierarchy, and division of responsibilities

These controls are embedded in the organization’s structure.

Question 24

True or false: Risk management is part of the overall governance process.

Answer 24

TRUE

It helps organizations create, preserve, and realize value while managing uncertainties.

Question 25

Define **risk** in the context of risk management.

Answer 25

The effect of uncertainty on objectives ## Footnote Understanding risk is crucial for effective risk management.

Question 26

What is the **COSO ERM framework** focused on?

Answer 26

Integrating risk management with strategy and performance ## Footnote It incorporates internal control into the broader topic of enterprise risk management.

Question 27

List the **four categories of objectives** in COSO's ERM framework.

Answer 27

* Strategic * Operations * Reporting * Compliance ## Footnote Strategic objectives reflect management's choices for creating value.

Question 28

What does **ISO 31000** provide guidance on?

Answer 28

Integrating risk-based decision-making throughout the organization ## Footnote It is applicable to all organizations regardless of type or size.

Question 29

What are the **eight principles** of ISO 31000?

Answer 29

* Scope, context, criteria * Risk assessment * Risk identification * Risk analysis * Risk evaluation * Risk treatment * Communication and consultation * Recording and reporting * Monitoring and review ## Footnote These principles guide the design and operation of a risk management system.

Question 30

What is the **conclusion** regarding internal control and risk management?

Answer 30

They are vital for achieving organizational objectives ## Footnote Without them, organizations are at risk of failure.

Question 31

What are common examples of **control activities** in organizations?

Answer 31

* Physical controls * Authorisation and approval controls * Reconciliation, verification, and arithmetical controls ## Footnote These controls help ensure the integrity of financial and operational processes.

Question 32

Fill in the blank: **Risk management** focuses on the creation, preservation, and _______ of value.

Answer 32

realisation ## Footnote It is integrated into all aspects of the business.