Assurance and Risk: Chapter 5 - Risk, Internal Controls and Information Flows

These flashcards cover key concepts and vocabulary related to risk, internal controls, and information flows from the lecture notes.

Internal Control

Rules and checks a business uses to keep its money and assets safe and make sure its records are correct.

Limitations of Internal Controls

Internal controls cannot eliminate fraud and error entirely due to:

• Expense: Implementing controls can be too expensive relative to the benefit.

• Human element: People can make mistakes, be careless, or override controls.

• Collusion: Two or more individuals can work together to bypass controls.

• Unusual transactions: Controls are often designed for routine events and may not cover unique situations.

Control Environment (setting the tone) (CRIME)

Overall tone by management on internal control's importance.

Audit committee (E)

A group from the board that checks the company’s finances to make sure everything is accurate and properly reviewed.

Business Risk (CRIME)

A risk preventing an entity from achieving objectives.

How do firms manage risks? (Risk register)

A simple list of all the risks the business might face and what actions the firm will take to control them.

Information system (CRIME)

The system an organization uses to manage its information.

What does the information system include? (I)

Methods/records used to identify and report transactions.

Technological advances (I)

New technologies that improve business operations.

Control activities (CRIME)

Actions designed to protect a firm’s assets by detecting and preventing fraud and errors.

State all Control activities (PARIS-V) (CRIME): Explain + Provide 1 examples

• Physical or logical controls - Physical counting, locking and securing of assets (e.g locks, biometric assets)

• Authorisation and approvals - Approval of transactions/documents (e.g a gatekeeper against unauthorised personnels)

• Reconciliations - Comparing two or more data elements (e.g using bank statements to find irregularities in FS)

• Information processing and IT controls - Manual and other procedures within computer programs (e.g controls to check the accuracy of transactions)

• Segregation of duties - Separating duties to minimise errors or fraud to protect sensitive info.

• Verifications - Ensuring things are properly done and documented to detect and prevent errors or fraud

Monitoring activities (CRIME)

Ongoing evaluations to ensure internal controls are effective.

Where do auditors obtain information about internal controls from?

• Talking to staff

• Watching processes

• Checking documents

• Performing walkthrough tests

What tools do auditors use to gather evidence of internal controls?

• Narrative notes: Detailed written descriptions of internal control systems.

• Questionnaires and checklists: Structured forms to gather information about controls from management and staff.

• Diagrams (flowcharts): Visual representations of the flow of transactions and controls within a system.

Walkthrough testing

Following one transaction end-to-end to understand a system.

Digital Transformation

Using technology to improve business operations and customer service.

Robotic Process Automation (RPA)

Technology using software robots to automate repetitive tasks.

Artificial Intelligence (AI)

Machines that perform human-like tasks, like learning and problem-solving.

Cloud Computing

Accessing computer services/storage online, without owning hardware.

Cybersecurity Risks

Threats from cyber attacks targeting organisations, requiring auditor understanding and mitigation.