Internal Controls

Question 1

What are the three categories of objectives in internal control?

Answer 1

To provide reasonable assurance of achieving objectives relating to the company’s
1. Operations
2. Reporting
3. Compliance

Each category addresses different needs and may overlap, but all are essential for achieving a company’s objectives.

Question 2

What are the fundamental concepts of internal control according to COSO?

Answer 2

• It is a process to achieve objectives.
• It provides reasonable assurance.
• It is accomplished by people.

Internal control is ongoing and adaptable, focusing on achieving objectives in operations, reporting, and compliance.

Question 3

What are the fundamental concepts of an internal control system?

Answer 3

• The cost of an internal control system should not exceed the expected benefits.
• The overall impact of a control procedure should not hinder operating efficiency.

Question 4

What is internal control risk?

Answer 4

The risk that the design or operation of an entity’s internal control system will not prevent or detect a threat to the company’s achievement of its objectives relating to operations, reporting, and compliance.

Question 5

Why can internal control only provide reasonable assurance?

Answer 5

• Human error
• Collusion
• Management override
• Outdated controls due to lack of monitoring

Question 6

What is segregation of duties?

Answer 6

The process of assigning various steps in a process to different people to prevent one person from having control over a process that allows them to both perpetrate and conceal theft or fraud.

Question 7

List the four functions that should be separated in segregation of duties.

Answer 7

• Authorizing a transaction
• Recordkeeping
• Keeping physical custody of the related asset
• Periodic reconciliation of physical assets to recorded amounts

Question 8

What is the purpose of periodic reconciliation in segregation of duties?

Answer 8

To independently check that the records of how much of something the company should have matches the amount that they actually have.

Question 9

What is a potential consequence of inadequate segregation of duties?

Answer 9

Fraud or errors going unrecognized due to one person having control over multiple functions.

Question 10

What is collusion in the context of internal controls?

Answer 10

When two or more individuals work together to overcome the internal control system and perpetrate a fraud.

Question 11

What are the two main types of safeguarding controls for assets?

Answer 11

• Physical controls
• Software controls

Question 12

What is the goal of physical security controls?

Answer 12

To reduce or eliminate the risk of losing organizational assets and the risk of harm to employees.

Question 13

What are common examples of physical security controls?

Answer 13

• Walls and fences
• Locked gates and doors
• Manned guard posts
• Monitored security cameras
• Guard dogs
• Alarm systems
• Smoke detectors and fire suppression systems

Question 14

What are the three strategies for user authentication?

Answer 14

• Something you know (e.g., passwords)
• Something you are (e.g., biometrics)
• Something you have (e.g., fobs)

Question 15

What is two-factor authentication?

Answer 15

A security process that requires two independent, simultaneous actions before access to a system is granted.

Question 16

What are some additional user access security controls?

Answer 16

• Automatic locking or logoff policies
• Logs of all login attempts
• Accounts that automatically expire

Question 17

What can internal controls help an organization achieve?

Answer 17

• Performance and profitability goals
• Reliable financial reporting
• Compliance with laws and regulations

Question 18

What are the limitations of internal controls?

Answer 18

• Human error or faulty judgments
• Circumvention through collusion
• Well-planned fraud