AIS - Chapter 3
Define internal control and explain its importance in the accounting information system.
A process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting and compliance. / Safeguard assets, such as by depositing cash daily in the bank. Ensure reliable financial reporting, such as through financial statement audits.
Examples of internal control discussed in the chapter include: (i) data encryption, (ii) employee bonding, (iii) document matching.
A) (i) and (ii) only. B) (ii) and (iii) only. C) (i) and (iii) only. D) (i), (ii) and (iii). D) Correct Answer
The purposes of internal control include: (i) safeguarding assets, (ii) ensuring financial statement truthfulness, (iii) promoting operational efficiency, (iv) encouraging compliance with management's directives.
A) (i), (ii) and (iii) only. B) (ii), (iii) and (iv) only. C) (i), (iii) and (iv) only. D) (i), (ii), (iii) and (iv). C) Correct Answer
The president of TLF Corporation discussed the company's internal control plan in an annual meeting of its stockholders. The president's action can be associated with which elements of the COSO framework?
A) Control environment only B) Information and communication only C) Both A and B D) Neither A nor B C) Correct Answer Feedback: Correct. By discussing the plan, the president is emphasizing the importance of internal control, thus contributing to a strong control environment. Additionally, the president is informing and communicating with stockholders about the plan.
TLF Corporation has 500 employees spread across five different geographic locations. Which of the following are likely to appear in the same column of its risk / control matrix?
A) Falsified educational credentials and human error risk B) Background checks and employee bonding C) Falsified educational credentials and background checks D) Employee bonding and human error risk B)Correct Answer
TLF Corporation has 500 employees spread across five different geographic locations. The first column of TLF's risk / control matrix is likely to include:
A) Falsified educational credentials. B) Human error risk. C) Background checks. D) Employee bonding. B) Correct Answer
The ___ column of a risk / control matrix is most closely associated with the ___ element of COSO's internal control framework
A) First, first B) Last, fourth C) Second, last D) Third, third C) Correct Answer
Because of the potential for ___, internal controls are designed to provide ____.
A) Fraud, reasonable assurance B) Unanticipated risk, legal protection from prosecution C) Collusion, reasonable assurance D) All of the above C) Correct Answer
Which of the following best pairs an element of the COSO internal control framework with an example of that element?
A) Monitoring, ensuring two employees are present when mail is opened so one can monitor the other B) Risk assessment, asking employees to complete a survey about security weaknesses C) Control environment, accounting for environmental liabilities D) Safeguarding assets, keeping cash in the bank B) Correct Answer
The COSO definition of internal control specifies that it is a
A) Set of rules to be memorized by accountants. B) Process involving many groups of people. C) List of ways to ensure fraud does not occur. D) Generic part of the accounting information system. B) Correct Answer
In Brown's taxonomy of risk, systems risk is a form of ___ risk.
A) operational B) financial C) internal control D) fraud A) Correct Answer
Summarize and explain the importance of COSO's 2013 "Internal Control—Integrated Framework."
Committee of Sponsoring Organizations of the Treadway Commission on Fraudulent Financial Reporting Five components, all necessary for strong internal control -Control environment -Risk assessment - Organization's risk exposures Tools like the Brown framework can help ensure "all the bases are covered -Control activities - Specific internal controls to address risks Preventive / detective / corrective A control may address multiple risks; a single risk may involve multiple controls. -Information and communication - How the entire internal control plan is disseminated throughout the organization This framework element relates to the plan in its totality. -Monitoring - Ensuring the plan's ongoing effectiveness May be entrusted to the internal audit department Organization's overall attitude about internal control Must be established at the top of the organization (CEO, CFO) Often called the "tone at the top" or "tone from the top"
Critique existing internal control systems and design effective internal controls
In the 2013 update, COSO added 17 principles to provide more detail about the five components. Control environment. "The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control."
Prepare a simple risk/control matrix.
Look at risk/control matrix chart
Explain the basic purposes of internal control and its relationship to risk
Promote operating efficiency, such as with a procedures manual. Encourage compliance with management directives, such as by appropriate training & performance reviews.
Describe and give examples of various kinds of risk exposures.
To develop strong internal controls that achieve the four purposes, many organizations think in terms of risk. -By identifying their risk exposures, they can develop and implement internal controls to address them. -"Address" can refer to preventive, detective or corrective controls. Four major categories -Financial- market, credit, liquidity -Operational - systems, human -Strategic - legal/regulatory risk, business risk -Hazard - Directors & Officers, liability
