INTERNAL CONTROL

    avatar
    Created by
    NIKKI EVANS

    Cards (121)

    • Control
      Any action taken by management, the board, and other parties to manage risk and increase the likelihood that established objectives and goals will be achieved. Management plans, organizes, and directs the performance of sufficient actions to provide reasonable assurance that objectives and goals will be achieved.
      View source
    • Control processes
      The policies, procedures (both manual and automated), and activities that are part of a control framework, designed and operated to ensure that risks are contained within the level that an organization is willing to accept.
      View source
    • Control environment
      The attitude and actions of the board and management regarding the importance of control within the organization. The control environment includes:
      1) Integrity and ethical values,
      2) Management's philosophy and operating style,
      3) Organizational structure,
      4) Assignment of authority and responsibility,
      5) Human resource policies and practices,
      6) Competence of personnel.
      View source
    • Components of the control environment
      • Commitment to integrity and ethical values
      • Management's philosophy and operating style
      • Organizational structure
      • The audit committee of the board of directors
      • Methods of assigning authority and responsibility
      • Human resources policies and practices
      View source
    • How the organization demonstrates a commitment to integrity and ethical values
      1. Setting the tone at the top
      2. Establishing standards of conduct
      3. Evaluating the performance of individuals and teams based on the established standards of conduct
      4. Correcting deviations in a timely and consistent manner
      View source
    • The board
      • Establishes oversight responsibility
      • Applies relevant experience by defining, maintaining, and periodically evaluating the skills and expertise needed among its members to ask difficult questions of management and take appropriate actions
      • Operates independently
      • Provides oversight
      View source
    • How management establishes structures, reporting lines, and appropriate authorities and responsibilities
      1. Considers all structures of the entity (nature of the business, size and geographic scope, risks, assignment of authority, reporting lines, reporting requirements)
      2. Establishes and evaluates reporting lines
      3. Designs, assigns, and limits authorities and responsibilities
      View source
    • How the organization demonstrates a commitment to attract, develop, and retain competent individuals
      • Policies and practices reflect expectations of competence
      • The board and management evaluate competence and address shortcomings
      • The organization attracts, develops, and retains individuals
      • Senior management and the board plan and prepare for succession
      View source
    • How the organization holds individuals accountable for their internal control responsibilities
      1. Enforce accountability through structures, authorities, and responsibilities
      2. Establish performance measures, incentives, and rewards
      3. Evaluate performance measures, incentives, and rewards for ongoing relevance
      4. Consider excessive pressures
      5. Evaluate performance and reward or discipline individuals
      View source
    • Categories of control procedures
      • Proper authorization of transactions and activities
      • Segregation of duties
      • Design and use of adequate documents and records
      • Adequate safeguards of assets and records
      • Independent checks on performance
      View source
    • Principles relating to control activities
      • The organization selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels
      • The organization selects and develops general control activities over technology to support the achievement of objectives
      • The organization deploys control activities through policies that establish what is expected and procedures that put policies into action
      View source
    • Authorization
      The empowerment management gives employees to perform activities and make decisions
      View source
    • Digital signature or fingerprint

      A means of signing a document with a piece of data that cannot be forged
      View source
    • Specific authorization
      The granting of authorization by management for certain activities or transactions
      View source
    • Segregation of duties
      Good internal control demands that no single employee be given too much responsibility. An employee should not be in a position to perpetrate and conceal fraud or unintentional errors.
      View source
    • How segregation of duties prevents problems
      1. If two of the three functions (authorization, custody, recording) are the responsibility of a single person, problems can arise
      2. Segregation of duties prevents employees from falsifying records in order to conceal theft of assets entrusted to them
      3. Segregation of duties prevents authorization of a fictitious or inaccurate transaction as a means of concealing asset thefts
      4. Segregation of duties prevents an employee from falsifying records to cover up an inaccurate or false transaction that was inappropriately authorized
      View source
    • Design and use of adequate documents and records
      Helps ensure the accurate and complete recording of all relevant transaction data. Documents that initiate a transaction should contain a space for authorization.
      View source
    • Procedures to safeguard assets
      1. Effectively supervising and segregating duties
      2. Maintaining accurate records of assets, including information
      3. Restricting physical access to cash and paper assets
      4. Having restricted storage area
      View source
    • What can be used to safeguard assets
      • Cash registers
      • Safes, lockboxes
      • Safety deposit boxes
      • Restricted and fireproof storage areas
      • Controlling the environment
      • Restricted access to computer rooms, computer files, and information
      View source
    • Independent checks on performance
      Independent checks to ensure that transactions are processed accurately
      View source
    • Types of independent checks
      • Reconciliation of two independently maintained sets of records
      • Comparison of actual quantities with recorded amounts
      • Double-entry accounting
      • Batch totals
      View source
    • Batch totals used in computer systems
      • Financial total (sum of a currency unit field)
      • Hash total (sum of a field that would usually not be added)
      • Record count (number of documents processed)
      • Line count (number of lines of data entered)
      • Cross-footing balance test (compares the grand total of all the rows with the grand total of all the columns to check that they are equal)
      View source
    • Risk assessment
      The third component of COSO's internal control model. Companies must identify the threats they face: strategic, financial, information, and compliance.
      View source
    • Types of objectives for risk assessment
      • Operations
      • External financial reporting
      • External nonfinancial reporting
      • Internal reporting
      • Compliance
      View source
    • How the organization identifies and assesses risks
      1. Considers various types of fraud, assesses incentives and pressures, assesses opportunities, and assesses attitudes and rationalizations
      2. Identifies and assesses changes that could significantly affect the system of internal control
      View source
    • Threats pose a greater risk because the probability of their occurrence is more likely. A company is more likely to be the victim of a computer fraud rather than a terrorist attack.
      View source
    • Expected loss

      Risk x exposure
      View source
    • Information and communication
      The fourth component of COSO's internal control model. Accountants must understand how transactions are initiated, data are captured, computer files are accessed, data are processed, information is reported, and transactions are initiated.
      View source
    • Principles of information and communication
      • The organization obtains or generates and uses relevant, quality information to support the functioning of internal control
      • The organization internally communicates information, including objectives and responsibilities for internal control, necessary to support the function of internal control
      • The organization communicates with external parties regarding matters affecting the functioning of internal control
      View source
    • Audit trail
      When individual company transactions can be traced through the system
      View source
    • Monitoring
      The fifth component of COSO's internal control model. A process that assesses the quality of internal control performance over time to ensure that controls continue to meet the needs of the organization.
      View source
    • Key methods of monitoring performance
      • Effective supervision
      • Responsibility accounting
      • Internal auditing
      View source
    • Stages in the monitoring-for-change continuum
      1. Control Baseline (understanding internal control's design and effectiveness)
      2. Change Identification (ongoing or separate evaluations to identify changes in process or risks)
      3. Change Management (verifying that the internal control system manages the changes and establishes a new control baseline)
      4. Control Revalidation (using monitoring procedures to confirm the conclusion that controls are effective)
      View source
    • The control process
      1. Establishing standards for the operation to be controlled
      2. Measuring performance against the standards
      3. Examining and analyzing deviations
      4. Taking corrective action
      5. Reappraising the standards based on experience
      View source
    • Internal control only provides reasonable assurance of achieving objectives. It cannot provide absolute assurance because of inherent limitations: 1) Human judgment is faulty, 2) Management may inappropriately override controls, 3) Controls can be circumvented by collusion, 4) The cost of internal control must not be greater than its benefits.
      View source
    • Control process
      1. Establishing standards for the operation to be controlled
      2. Measuring performance against the standards
      3. Examining and analyzing deviations
      4. Taking corrective action
      5. Reappraising the standards based on experience
      View source
    • An evaluation-reward system should be implemented to encourage compliance with the control system
      View source
    • Internal control only provides reasonable assurance of achieving objectives. It cannot provide absolute assurance because any system of internal control has inherent limitations
      View source
    • Inherent limitations of internal control
      Human judgment is faulty, and controls may fail because of simple errors or mistakes<|>Management may inappropriately override internal controls, e.g., to fraudulently achieve revenue projections or hide liabilities<|>Manual or automated controls can be circumvented by collusion<|>The cost of internal control must not be greater than its benefits
      View source
    • Internal control
      A process effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievements of objectives in the following categories: Effectiveness & efficiency of operations, Reliability of financial reporting, Compliance with applicable laws and regulations, Safeguarding of assets, Adherence to managerial policies
      View source
    See similar decks