Chapter 8: Internal Control Systems

अब Quizwiz के साथ अपने होमवर्क और परीक्षाओं को एस करें!

COSO

- Committee of Sponsoring Organizations - US standard approach to internal controls which supports RORCS

advantages of COSO

- alignment of risk appetite and strategy - links growth, risk and return - chooses best risk response - minimise surprises and losses - identify and manage risks across organisation - provide responses to multiple risks - seize opportunities - rationalise capital

financial controls essentials

- assets and transactions are recorded completely and accurately in the accounting records - entries are posted correctly within the accounting records - cut-off is applied correctly, so that transactions are recorded in the correct year - the accounting system can provide the necessary data to prepare the annual report and accounts - accounting system does provide the data as required, that the system is organised to supply on time and in a usable format the data that underpins the accounts and the other content of the annual report

voluntary controls

- chosen by the organisation to support the management of the business - authorisation controls, certain key transactions requiring approval by a senior manager, are voluntary controls

non-discretionary controls

- controls that are provided automatically by the system and cannot be bypassed, ignored or overridden - eg. checking the signature on a PO is discretionary, whereas inputting a PIN number when using a cash dispensing machine is a non-discretionary control

discretionary controls

- controls that are subject to human discretion - eg. a control that goods are not dispatched to a customer with an overdue account may be discretionary as the customer could have a good previous payment record or be an important customer

financial controls

- focus on key transaction areas - emphasis on safeguarding assets and maintenance of proper accounting records and reliable financial info

Quantitative non-financial controls

- numeric techniques (like performance indicators) - balanced scorecard - activity-based management

RORCS

- objectives of any system of internal control 1. Risk Management 2. Operations 3. Reporting 4. Compliance 5. Safeguarding assets

Qualitative non-financial controls

- organisational structures - rules and guidelines - strategic plans - HR policies

mandatory controls

- required by law and imposed by external authorities - a financial services organisation may be subject to the control that only people authorised by the financial services regulatory body may give investment advice

levels of info

- strategic info - tactical info - operational info

non-financial controls

- tend to focus on a wider performance issues - two types: 1. Quantitative non-financial controls 2. Qualitative non-financial controls

qualities of good info

1. Accurate 2. Complete 3. Cost-beneficial 4. User Targeted 5. Relevant 6. Authoritative - expert opinions 7. Timely 8. Easy to use - clearly presented

elements of COSO framework of internal control

1. control environment - culture, infrastructure, architecture of control and attitude of directors and managers towards control 2. risk assessment 3. control activities - detailed controls in place in an organisation 4. information and communication - essential for ensuring the board and others in a position of authority can make informed decisions 5. monitoring activities - ensures whether remedial action needs to be taken

categories of control

1. corporate controls - general policy statements, established core culture and values and overall monitoring procedures such as the audit committee 2. Management controls - planning and performance monitoring, system of accountabilities to superiors and risk evaluation 3. Business process controls - authorisation limits, validation of inputs, reconciliation of different sources of info 4. Transaction controls - complying with prescribed procedures and accuracy and completeness checks

types of info to monitor

1. external info - info about competitors, suppliers, impact of future economic and social trends 2. financial info - important for internal purposes and to fulfil legal requirements for true and fair external reporting 3. non-financial info - quality reports, customer complaints, human resource data

disadvantages of COSO

1. internal focus - ignores the external environment and the risks they pose 2. risk identification - prioritises sudden events over more gradual risks that evolve over time 3. risk assessment - makes the process appear too simplistic and thus too easy 4. stakeholders' involvement in risk management often tends to get ignored

Turnbull

UK standard approach to internal controls which supports RORCS

administrative controls

concerned with achieving the objectives of the organisation and with implementing policies. Controls relate to: - establishing a suitable organisation structure - division of managerial authority - reporting responsibilities - channels of communication

detect controls

controls designed to detect errors once they have occurred

correct controls

controls designed to minimise or negate the effect of errors

prevent controls

controls designed to prevent errors from happening

accounting controls

controls that aim to provide accurate accounting records and to achieve accountability, which apply to the following: - recording of transactions - establishing responsibilities for records, transactions and assets

direct controls

direct activities of staff towards a desired outcome

APIPS

most common forms of control activity 1. authorisation 2. performance reviews 3. information processing 4. physical controls 5. segregation of duties

inherent limitations of internal control

they provide reasonable assurance but nothing more because: - costs of control not outweighing their benefits - poor judgement in decision making - potential for human error or fraud - collusion between employees - possibility of controls being bypassed or overridden by management or employees - controls only being designed to cope with routine and not non-routine transactions - controls being unable to cope with unforeseen circumstances - controls depending on the method of data processing - controls not being updated over time

tactical info

used to decide how the resources of the business should be employed, and to monitor how they are being, and have been, employed - mainly generated internally - summarised at a lower level - relevant to short and medium term - concerned with activities and departments - routinely and regularly prepared - based on quantitative measures

operational info

used to ensure that specific operational tasks are planned and carried out as intended - derived from internal sources such as transaction recording methods - detailed - relevant to the immediate term - task-specific - prepared very frequently - largely quantitative

strategic info

used to plan the objectives of the organisation and to assess whether the objectives are being met in practice - derived from both internal and external sources - summarised at a high level - relevant to the long term - concerned with the whole organisation - often prepared on an ad hoc basis - both qualitative and quantitative - often uncertain, as the future cannot be acccurately predicted

general and application controls

used to reduce the risks associated with the computer environment 1. general controls - controls that relate to the environment in which the application system is operated 2. application controls - controls that prevent, detect, and correct errors and irregularities as transactions flow through the business system


संबंधित स्टडी सेट्स

Testbank Questions: Managing Digital Media

View Set

Module 3 - Vocabulary Builder (Home) - part 1

View Set

Chapter 8: Documenting Systems and Processes

View Set

Problem Solving: What is a problem

View Set