1/31
Flashcards coming from Gleim material for Control information to be covered under part 1 of the CIA exam.
Name | Mastery | Learn | Test | Matching | Spaced | Call with Kai | Chat |
|---|
No analytics yet
Send a link to your students to track their progress
Controls
Any action taken by management, the board, and other parties to manage risk and increase the likelihood that established objectives and goals will be achieved.
Control Processes
Policies, procedures, and activities designed and operated to manage risks to be within the level of an organization’s risk tolerance.
Control environment
Attitude and actions of the board / management regarding importance of controls in the org.
Provides discipline and structure for achieving primary objectives of internal control system
Integrity and ethical values; Org structure; Mgmt philosophy; Assigning authority and responsibility; HR policy and practices; Competency
6 elements of control environment
Risk and Control Matrix (RACM)
Tool that facilitates the performance of internal auditing.
Links business objectives, risks, control processes, and key info to support IA processes.
Evaluation of Design Adequacy and Operating Effectiveness.
Mapping can be One to One, One to Many, or Many to Many - just depends!
Control Process
Establishing operational standards →
Measuring performance against the standards →
Analyze exceptions →
Take corrective action →
Reappraise standards overtime → repeat!
Faulty human judgment; Mgmt override; Collusion; if Cost>Benefits
Limitations of Internal Controls
Audit Trail
Record of accounting measurements, trade details, or other financial data can be traced back to their source.
Verification and tracking of transactions.
Segregation of Duties
Fraud mitigation tool. Distributing tasks and responsibilities among multiple individuals so no one has sole control over a transaction’s lifecycle
Batch Processing
Transactions accumulated and submitted to computer as big group.
User cannot influence the process once the job has begun.
Efficient for payroll due to high volume.
Online, Real-Time Processing
System where transactions are available at all times. Database is instantly updated when a transaction is entered.
Primary Internal Control
Crucial measure / procedure that organizations implement to manage risks and maintain integrity of financial reporting and operations
Preventive Controls
Detective Controls
Corrective Controls
Directive Controls
Preventive Controls
[Primary Control] Deter potential problems before they occur. Stopping errors, fraud, other risks from happening.
Ex. physical locks; database validity checks; etc.
Detective Controls
[Primary Control] alert the proper people after unwanted event.
Active controls as they require human intervention.
Effective when alert occurs before harm occurs.
Ex. Burglar alarm; duplicate invoice rejection & notification; etc.
Corrective Controls
[Primary Control] Fix negative effect of unwanted event.
Ex. Justification of cost variances over a threshold; etc.
Directive Controls
[Primary Control] Cause or encourage the occurrence of desirable event
Ex. Policy and procedures; Employee training; Job descriptions
Secondary Internal Controls
Supplementary measure to enhance effectiveness of primary controls.
Establishment of direct procedures and processes to provide additional layers of protection and assurance.
Ex. Supervision, Independent reviews / spot checks, UAM
Compensating Controls
[Secondary Control] Likely to be established when Segregation of Duties is not maintained / ineffective primary controls.
Do not, by themselves, reduce risk to acceptable level.
Ex. Increased Supervision
Complementary Controls
[Secondary Control] Work with other controls to reduce risk to acceptable level. Focus on their synergy.
Ex. obtaining deposit slips validated by bank in Cash Receipts process.
Entity-Level Controls
Attempt to achieve organizational objectives and address entity-wide risks.
Governance Controls - est by BOD. Org policies & procedures over culture and expectations
Management Oversight Controls - implemented at business unit level.
Process-Level Controls
Designed to achieve process objectives and address process risk.
Ex. physical inventory counts; performance assessments; etc.
Transaction-Level Controls
Designed to achieve transaction objectives and address risks specific to transactions.
IT General Controls (ITGC)
Wide range of policies and procedures that help maintain integrity, security, and availability of org’s IT systems and data.
Network operations & Data Centers
System software acquisition, changes, maintenance
Access Security (UAM)
Application acquisition, dev, maintenance
Ex. passwords, SDLC controls, change management, backup & recovery processes
Application Controls
[ITGC] Specific measures in place within software to ensure accuracy, integrity, and security of data processed.
Prevent errors and unauthorized access.
input controls
processing controls
output controls
Batch Input Controls
[Application Control] Identify errors or inconsistencies in groups of transactions prior to processing.
Financial Totals - sum; actual vs expected
Record Counts - counts; actual vs expected
Hash totals - sum of nonmeaningful numbers (vendor or invoice nums); actual vs expected
Online (Real Time) Input Controls
[Application Control] Measures to ensure security and integrity of individual transactions while being processed.
Preformatting of data entry
Field / Format Checks - i.e. no letters in a zip code
Validity Checks - compare entry to table of acceptable values
Limit and range checks (reasonableness) - over threshold?
Check digits - allows algorithmic check of identification number
Sequence Checks - check based on logical sorting of files {i.e. sorted based on a key field}
Zero Balance Checks - reject where sum of debits and credits <> 0
Processing Controls
[Application Control] Ensure that data is complete and accurate during updating
Concurrency Controls - manage situation where 2+ users attempt to access/update file or database simultaneously
Output Controls
[Application Control] Ensure that processing results are complete, accurate, and properly distributed.
Ex. User Review {Quality Assurance}
Integrity Controls
[Application Control] Monitor data being processed and in storage to ensure it remains consistent and correct.
Ex. circular reference error in Excel
Feedback Controls
[Time-Based Control] Report information about completed activities. Allows for improvement in the future by learning from mistakes.
Ex. Quality Control; Variance Analysis
Concurrent Controls
[Time-Based Control] Adjusting ongoing processes. Real time monitoring to prevent deviations beyond a threshold.
Ex. close supervision of production line workers
Feedforward Controls
[Time-Based Control] Anticipating and preventing problems. Require long term perspective.
Ex. Policies and procedures.