2. systems of internal controls

control environment

attitudes, awareness and actions of those charged with governance and management concerning the entity’s system of internal conrold and its importance in the entity

good control environment in practice

• director’s communicate and enforce integrity and ethical values

• committed to competence

• organisation is structured in a way that promotes control

• HR policies promote controls

IT controls are separated into ___ and ____

general

application

control activities

policies and procedures that help ensure that management directives are carried out (they are often simply known as controls)

variety of control activities

• performance reviews

• information processing

• physical controls

• segregation of duties

control activities may include

authorisation of documents

controls over computerised applications

controls over arithmetical accuracy

reconciliations

comparing assets to records

how might a system of internal controls contain inherent limitations

human error

• human judgement

• misinterpreting results

fraud

unusual nature of transactions

internal audit

independent control designed to evaluate other controls in place within an organisation and add value throughout

factors that could influence the need for an internal audit

• company size and complexity

• unexpected risk

• cost vs benefit approach

differences between internal audit and external audit

1. responsible to:

2. responsible for:

3. activities undertaken:

4. standards used:

internal:

1. responsible to: management

2. responsible for: any task required

3. activities undertaken: anything

4. standards used: anything

external

1. Responsible to: shareholders

2. responsible for: opinion on truth and fairness and compliance with laws and regulations

3. activities undertaken: testing via evidence gathering

4. standards used: laws and regulations, auditing standards, accounting standards

control objective

what a system is trying to do

risks

what a system is trying to avoid

control of procedures

how a system achieves objectives and manages risks

purchases: e.g. ordering authorisation

control objectives

risks

control procedures

control objectives:

• orders should be authorised by the appropriate personnel

risks:

• unnecessary orders and payments

control procedures:

• order prepared by separate people - segregation of duties

• order should be justified

• ordered should be pre-numbered, and blank order forms should be safeguarded

purchases: e.g. ordering supply

control objectives

risks

control procedures

control objectives:

• order from authorised suppliers

risks:

• other suppliers might be low quality

control procedures

• central policy in place for choosing suppliers

what methods can the auditor use to understand the accounting system

review last year’s wp

review of policies

documenting the accounting system (3)

1. internal control questionare (ICQs)

2. internal control checklists (ICCs)

3. flowcharts

internal control questionare (ICQs)

standard list of control questions

can understand what controls are in operation

flowcharts

should be kept simple and easy to read

should be a key

adv and dis :

narrative notes

adv: quick to prepare

dis: confusing if systems are complex

adv and dis :

flowcharts

adv: easy to interpret

dis: need experience to prepare

adv and dis :

questionnaires

adv: easy to delegate

dis: client may overstate controls

the control environment is the attitudes, awareness and actions of management and those charged with governance about internal control and its importance

t/f

t

as information system that is heavily documented in physical ledgers is a ____ information system

manual

a company won’t place an order for good until a senior member of staff has confirmed that order

1. information processing

2. performance reviews

3. physical controls

4. segregation of duties

1. information processing

a company locks the storeroom so that raw materials can’t be accessed

1. information processing

2. performance reviews

3. physical controls

4. segregation of duties

3. physical controls

an accounts department is organised so that Debbie is in charge of invoicing, and Phil incharge of receipts.

1. information processing

2. performance reviews

3. physical controls

4. segregation of duties

4. segregation of duties

which in NOT an inherent limitation of an internal control system

1. employees may make mistakes implementing controls

2. controls may have been badly designed by management

3. employees and third parties may collude to circumvent controls

4. controls may be too expensive to operate on a daily basis

2. controls may have been badly designed by management

which is a risk, control objective, control procedure

1. customers don’t pay for goods

2. customers should pay promptly for goods

3. customers are allocated credit limits

1. risk

2. control objective

3. control procedure

which is a risk, control objective, control procedure

1. a company intends to invoice all despatches correctly

2. a company can match despatch records with invoiced prior to them being sent out

3. a company can send out goods and not invoice them

1. control objective

2. control procedure

3. risk

which is a risk, control objective, control procedure

1. company buys assets it doesn’t need

2. depreciation rates should reflect the useful life of an asset

3. the company keeps a non-current assets register

1. risk

2. control objective

3. control procedure

which one are auditors NOT going to use to record company systems

1. graph

2. flowchart

3. narrative notes

4. questionnaire

1. graph

a walkthrough test is a test designed to ensure that the system _____ as the _____ have been told it does. they select a transaction in a particular area (e.g. a sale) and trace it through the company’s information system from the initial point (e.g. sale ___ or purchase____)

order

operates

receipt

auditors

A walkthrough test is a test designed to ensure that the system operates as the auditors have been told it does. they select a transaction in a particular area (e.g. a sale) and trace it through the company’s information system from the initial point (e.g. sale order or purchase receipt)

credit checks are run on new customers to mitigate the risk that:

customers are not good credit risks

despatches are checked for quality before leaving the warehouse to mitigate the risk that:

customers are issued credit noted incorrectly

which one of the following should NOT be performed by internal auditors

1. fraud investigations

2. value for money reviews

3. implementing a new sales system

4. reviewing compliance with new legislation

3. implementing a new sales system

Which of the following criteria would be used by external auditors to determine whether they can rely on the work of an internal audit

1. objectivity

2. competence

3. approach

4. duplication

4. duplication

Which of the following is not one of the auditor’s statutory rights under the Companies Act 2006?
A) Right to access books and records
B) Right to request explanations from officers
C) Right to attend relevant meetings
D) Right to include any matter on the agenda

D) Right to include any matter on the agenda

Match the ethical principle to its description:

• A member must be straightforward and honest

• A member must not allow bias or undue influence

integrity

objectivity

Which TWO are control objectives in the sales/revenue cycle?
A) Supply goods only to likely payers
B) Record all goods sent
C) Uninvoiced goods lead to loss
D) Loss of goods = loss of value

• A) Supply goods to customers likely to pay

• B) Record all goods sent

Which of the following is not a main limitation of internal controls?
A) Human error
B) Collusion
C) Items of complex nature
D) Unusual nature

C) Items of complex nature

Classify these IT controls:

• Systems development controls

• Password access

• Exception reports

general

general

application

Match the following system terms to definitions:

• Risks

• Control objectives

• Control procedures

the aim of the internal control

Activities required to reduce this exposure

The exposure if this aim is not met

• Risks: The exposure if this aim is not met

• Control objectives: the aim of the internal control

• Control procedures: Activities required to reduce this exposure

Classify each of the following as a control objective or procedure:

• Orders should be authorised

• Inventory protected from loss

• Pay employees only for work done

• Examine goods for quality/quantity

• Orders authorised → Control procedure

• Inventory protection → Control objective

• Pay for work done → Control objective

• Examine goods → Control procedure

Match the internal control recording technique:

• Posting an authorised journal in bespoke system

• Reclaiming VAT process

• Flowchart → Posting journal

• Internal control checklist → Reclaiming VAT

Which TWO describe audit committee responsibilities?
A) External auditor appointment/removal
B) Internal auditor appointment/removal
C) Review of risk management/internal controls
D) Review of external auditor effectiveness

• A) External auditor appointment/removal

• D) Review of external auditor effectiveness

Match internal audit work types:

• Compare collection costs vs benchmarks

• Track recycled paper vs targets

• Value for money → Compare collection costs

• Social & environmental → Recycled paper vs target

JHT & Co is approached by a competitor of an existing client. What should they do before accepting the audit?

Seek consent to act from both Birdington and the competitor