Internal controls (14)

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Types of Controls in ICOFR (3)

- business process controls -monitoring control -financial reporting control

Limitation of management control

- failure to link to organization objectives -poor assumptions -no accountability -communication breakdowns -top management circumvention

Internal control attributes (5)

- ongoing process -management's responsibility -hardly ever totally effective in eliminating all risk (reasonable assurance not absolute protection -reduces the potential for negative consequences of risk -increases the org's ability to achieve its objectives

types of process controls (5)

- process performance reviews -processing controls -application controls -physical controls (limit access) -segregation of duties

ICOFR objectives: Reduce the risk of errors in financial reporting

-accurately report routine transactions (revenue) -conformity with GAAP -prevent fraud -Serve as general control over ITGC -facilitates estimation process for non-routine transactions -facilitate period-end close and preparation of financial statements

application controls

-authorization -use of documents and records

errors and fraud differing in manual vs auto

-frauds can built into design and difficult to detect -errors might not surface for lagged period -unauthorized access to information a significant risk

control objectives (3)

-improve the effectiveness of decisions making and the efficiency of business processes -increase the reliability of information -to comply with laws, regulations and contractual obligations

types of management controls

-top-level reviews -performance indicators & bench marking -independent evaluations

Implications of Residual Risk (5)

1. conditions expectations about financial results 2. suggest potential financial misstatements 3. raises concerns about viability 4. indicates proper threats to the control environment 5. highlights potential comments for client

Characteristics of good control activities (5)

1. separation of duties 2. proper authorization 3. adequate documents and records 4. physical control over assets and records 5. independent checks on performance

business process control

Authorizing specific transactions and capturing information at the point that a transaction occurs (e.g., linking the invoicing system to the sales journal).

Operations

Contingency planning (backup/offsite storage)

IT General controls (auto system control)

Controls that are indirect to the actual system application ("Wall" built around the application)

Preventive

Controls that are put in place to avoid material misstatements. EX segregation of duties, approvals

Detective

Controls that are put in place to discover or identify material misstatements. EX: reconciliations, reviews, inventory counts

Corrective

Controls that are put in place to remove material misstatements that were discovered by detective controls Example: Backups of master file, corrective journal entries, updating password access after firings

Financial Reporting Controls

Estimating accruals, making adjusting entries, and preparing disclosures and reports.

Development of systems

How designed, tested, and placed in operation (Formal Procedures)

Changes to systems

How modified once application in place (separation of duties/testing of changes)

process performance review example (process control types)

KPIs and detailed reviews

Performance indicators (i.e., KPIs) and benchmarking (management controls)

Potential inventory valuation problems arising from competition or new entrants may be indicated by looking at the rate at which inventory is being sold, disaggregated by product line and geographic region

Monitoring Controls

Provide periodic performance reports to process owners and can lead to managerial intervention when problems occur (e.g., KPIs, performance reports).

PCAOB Standard No. 5

Requires audits to include opinions on financial statements and ICFR (based on SOX 404)

Access to programs and data (ITGC - ctrls within auto system)

Security issues (passwords/firewalls/encryption)

Top-level reviews

Senior management periodically reviewing the results of operations against forecasts and budgets and quickly following up on potential problems

Input controls

The key objective associated with the front end of an application

threat to mgt override (auto vs manual)

Those who design or program can have a significant impact on risk of fraud if they are able to circumvent controls

Independent evaluations (management control)

Unfavorable budget variances may not be followed up aggressively unless brought to the attention of someone who is independent of the process creating the variances

Output controls

What are the key objectives associated with the results of transactions and systems performance?

Process controls

What are they key objective associated with the actual transaction processing and master file maintenance?

control definition

a control is a process that "compromises an organization (including its resources, systems, processes, culture structure and tasks) that, taken together, support people in the achievement of the org's objectives."

significant deficiency (auditor reporting)

a deficiency that has more than a remote likelihood of leading to a misstatement that is consequential but not material

material weakness (adverse ICOFR opinion)

a deficiency with more than a remote likelihood of leading to a material misstatement

You can plot risk with and without ________ on a risk map

controls

application controls

controls built into application (often prepackaged and documented)

compensating (control)

controls that can be relied upon to reduce the risk that an existing material weakness results in a material misstatement

redundant

controls that cover the same financial statement assertion or control objective

complementary

controls that function together

management controls

controls that mitigate risks to the organization and promote effectiveness of decision making activities

manual controls

do not use information technology EX: bank recs, reviews

segregation of duties

employees should have different duties for things like authorization (responsible for only one)

segregation of duties

employees should only be responsible for one of the following operational decisions, authorization, custody of assets, and accounting transactions

physical controls

limiting access

process control have the ability to affect the ______ and ______ of risk

magnitude and likelihood

process controls

monitoring and reacting to process level risks (inventory count at Walmart)

processing controls

procedures and systems documentation

automated control

within a system EX system report over inventory level fluctuations

manual control with an automated component inventory example

you get the inventory report and then a human supervisor signs off on it


Set pelajaran terkait

The Biggest Animal on the Planet

View Set

Computer Input - Assignment (ALA)Assignment

View Set

SVSU Psych Quiz Qs 2, 8, 3, 4, 5

View Set

Chapter 2 IP Addressing and Related Topics

View Set