Module 3: Internal Control Systems

Question 1

What assurance does a sound system of internal controls provide to directors?

Answer 1

1. The reliability of financial reporting
2. The effectiveness and efficiency of operations
3. Compliance with applicable laws and regulations

Question 2

What are the 5 components of internal control (MC RICE)?

Answer 2

1. Control environment - The overall attitude, awareness and actions of directors and management regarding control activities and their importance in the company. Example, management providing a staff manual to employees outlining key processes/procedures.
2. Risk assessment process - The process by which business risks are identified and managed by the company. Should be carried out on a regular basis.
3. Information systems - Companies use information systems to record financial transactions and non-financial data. Communication helps to monitor progress against company objectives. Example is a payroll system.
4. Control activities - The policies and procedures that management put in place to ensure that their directives are carried out and mitigate risks to the achievement of these objectives. Example, requiring significant payments to suppliers to be authorised by a responsible figure.
5. Monitoring of controls - This involves an ongoing assessment by management of the internal control systems

Question 3

What is a business process?

Answer 3

A series of activities that enable a company to meet one or more of its objectives. They cover every conversion of business transactions to financial statements as well as non-financial information flows. Example, human resources process.

Question 4

What is business risk?

Answer 4

The threat that an action or event will adversely affect the organisations ability to achieve its objectives. Control activities will mitigate this risk.

Question 5

What is an accounting information system?

Answer 5

Structures used by organisations to collect, store and process financial and accounting data.

Question 6

What are control activities and what are the two elements of them?

Answer 6

Control activities provide management with assurance over the validity, completeness and accuracy of data and will either be preventative (stops errors happening) or detective (picks up errors after they’ve happened).
Two elements are:
1. The policies which establish what should be done
2. The procedures required to implement the policies.

Question 7

What are the five control activities? (APIPS)

Answer 7

1. Authorisation controls
2. Performance reviews
3. Information processing controls
4. Physical controls
5. Segregation of duties

Question 8

Authorisation controls?

Answer 8

Ensures that transactions are authorised by personnel acting within the scope of their authority.

Question 9

Performance Reviews?

Answer 9

Allow management to review information to highlight any exceptions or controls that have not operated effectively.
May include review and analysis of:
Reports that summarise details of balances and transactions
Actual performance compared with expectation

Question 10

Information processing controls can be broken down into sub-categories, what are they?

Answer 10

1. IT general controls (ITGCs)
2. Application controls
   2(i) IT application controls
   2(ii) Manual application control

Question 11

IT general controls?

Answer 11

ITGCs are policies and procedures relating to all applications. They support the effective functioning of application controls by ensuring the continued operation of information systems.

ITGCs can be manual, automated or a combination of both.

Question 12

Application controls?

Answer 12

Typically operate at the transaction level and apply to the processing of specific types of transactions. Ensure that transactions are genuine, accurate and complete.

Question 13

Physical controls?

Answer 13

Limit access to assets and important records. Example a safe.

Question 14

Segregation of duties?

Answer 14

Aims to mitigate the risk that individuals are put in a position that they would be able to carry out fraud and conceal it.

Question 15

Entity-level control?

Answer 15

Controls that help establish the tone and culture of the organisation and can be relevant to a number of the components of internal control including control environment.
Examples include: Code of ethics/values statement, employee handbook, training, inductions, whistleblowing hotline, performance review policies.

Question 16

Limitations of internal control systems? RC CHUM

Answer 16

1. Relevancy/Obsolescence - Any process can become irrelevant over time
2. Cost - Cost of control could outweigh the benefit
3. Collusion - Two humans working together to circumvent a control
4. Human error - Always a risk of human error, including operation of controls
5. Unusual/infrequent transactions - Higher risk associated with infrequent transactions as controls are designed to find errors in frequent transactions
6. Management override - Management may override function. Inflate sales for bonus

Question 17

What are the four key areas that ITGCs cover? APOC

Answer 17

1. Access to programs and data
2. Program changes and development
3. Computer operations
4. Continuity of operations