Internal control chapter-

Learnings

# Description
1 A director of a corporation is best characterized as Fiduciary
2 Director cannot be responsbile for honest errors of judgment
One of the limiations of the audit comittees
a. Audit committees may be composed of independent directors .
However those directors may have close personal and professional
relationships with management
3
Most significant benefit provided by the audit committee to the
internal audit acitivity:
a. Protecting the independence of the internal audit activity from
undue management influence
4
One of the appropriate responsibilties of an audit committee:
a. Reviewing the internal audit acitivity (IAA's) engagement work
schedule submitted by the chied audit executive (CAE)
5
To avoid conflict between the CEO and the audit committee, the
CAE should board establishment of policies covering the internal
audit acitivity's (IAA's) relationship with the audit committee

6
Increase the public perception of their financial reporting:
a. Increased adoption of audit committees composed of outside
directors
7
Support for monitoring of the disposition of recommedations made
by the internal audit activity
8
Audit committee:
a. Approval and selection and dismissal of the chief audit executive
9
Operating and financial decisions made by numerous individuals is
least likely to be a risk for the auditors as it implies there is no
dependency on one person for the individuals

10
Risk assesement is a process designed to identify potential events
that may affect the entity
11
Example:
Some account balances such as those of pensions are results of
complex calculations. The suspectibilty to material misstatemeents
in these types of accounts is defined as Inherent risk

12
Control risk is not a component of internal control. It is of the
elements in the audit risk model
13
 Three components of audit risk:
a. Inherent risk
b. Control risk
c. Detection risk
14
Inherent risk is :
a. Suspectibilty of an assertion to a material misstatement,
assuming that there are no related internal control structure
policies or procedures

(When you see the words risk/suspectibilty, material misstatement

and most important assumption of no internal controls , that
should allow you to choose the right answer)

15
Most effective option in deterring/detecting the commission of
fraud:
a. Policies of strong internal control
b. Segregration of duties
c. Requiring employees to take vacations
16
COSO model component of Risk assement focuses on:
a. Identifying the risk in all areas and estabilsig the vulnerabilty of
the organization
17
In the COSO framework, the personnel policies and procedures
influence the control consciousness of personnel, so they are an
integral part of an efficient control enviroment

18
Proper segregation of duities reduces the opportunitues for
persons to both, perperate and conceal errors or fraud
19
The frequency of the comparison of recorded accountabilty with
assets should be determined by:
a. The nature and amount f the asset and the cost of making the
comparison
20
In a retail cash sales envirometn segregation of functions is often
absent as the sales clerk authorizes , records and takes custody of
the assets
21
Cancelleation of vouchers by treasurer personnel would best
disourage the resubission of the vendor invoices after they have
been paid
22
Strenght of internal control for purchasing and accounts payable:
a. Vendors invoices are matched against purchase orders and
receiving reports

23
Risk that agents in the purchasing departmet will use their positin
for personal gain, organisation should rotate purchasing agents
assignments periodically
24
Even the best internal control cannot guranterr the complete
elimination of employee fraud
25
Incompatible payroll activity example:
a. Preparing attendance data as well as the payroll
26
 Appropriate control over obsolete materials requires that they be:
Determined by an approved authority to be lacking in regular
usabilty. Since auditors, store keepers etc may not have the
technical expertise

27
Sales function:
Recording of unauthorized/improper credit memo can be one
explaination for the discrepancy of the sales and cash receipts are
properly recorded
28
Cash receipts function should be seperated from the related
recordkeeping in an organization:
Reason being- Minimize the undetected misappropriations of cash
receipts
29
Defeincy finding for a potential customer:
Sales people are responsible for evaluating and monitoring the
financial condition of prospective and continuing customers

30
Example:
Payroll clerk had added fictious employees and deposited checks in
accounts of close relative. The control that would have prevented
such action is Allowing changes to the payroll to be authorized only
by the personnel department
31
Definition of concept of control as recognized by internal auditors:
Management takes action to enhance the likelihood that
established goals and objectives will be achieved

32
Best method to detect fictious employee being exchanged with the
terminated employee by the payroll personnel ( Using the
employee identifcation number) is
Hash Totals
33
Best set of controls that payroll systems should have to elaborate
controls to prevent, detect and correct errors and unauthorized
tampering are:
a. Batch and hash totals
b. Record counts of each run
c. Proper separation of duties
d. Special control over unclaimed checks
e. Back up copies of activity and master files

34
Document that is used to record the actual work performed for a
specific product by each factory is called:
Job time ticket
35
Example:
If employee paychecks are distributed by hand to employees ,
cashier department can be given the custody of the unclaimed
paychecks. The reason for unclaimed checks should be given to a
department which has no authority or write those checks

36
 Effective internal control reduces the need for management to
review exception reports on a day to day basis
37
One of the primary reasons to establish internal control is:
Provide reasonable assurance that the objectives of the
organisation are achieved
38
Example:
Treasurer makes disbursements by check and reconciles the
monthly bank statements to accounting records. The best control
impact description for the situation is ' The treasurer will be in a
postin to make and conceal unauthorized payments

Reson:
Independent reconciliation of bank accounts is necessary for
effective internal control. Persons making the disbursements or
receving payments should not reconcile the bank statement with
the accounting record

39
Prelisting of cash receipts in the form of checks is a preventive
control
40
Example:
One of the most effective precentive control to ensure proper
handling of cash receipt transactions:
a. One employee issues a prenumbered receipt for all cash
collections, another employee reconciles the daily total of
prenumbered receipts to the bank deposits

41
Example:
One of the most effective way to emsure that terminated
employees have been removed from the payroll
a. Reconcile payroll and time keeping records.
42
Initiation of the purchase of materials and supplies would be
responsibilty of the Inventory control department.

Reason- It has acess to the inventory records and would therefore

know when the stocks are getting low
43
Various stake holders that should receive the authrized copy of the
purchase order:
a. Accounts payable- To ensure that all invoices paid are for
authorized items only
b. Receving - This team also should receive the copy of the
authrozied purchase order so as to certain that all incoming
inspections are authrozied. The report should preferable have an
qty stricken out to encourage honest count
c. Inventory control- As this team raises the purchase requistion,
they should receive a copy of the purchase order to have a
confirmation that order has been placed

44
 Purchasing department is fully responsible with respect to orders
pertaining to production materials and supplies, no
acknowledgement of the order received, partially received etc

45
Example:
Assesing control risk in a computerized information control system
is identifying necessary controls to prevent data from being lost,
added, duplicated or altered during processing
One of the type of contol is:
a. Use of control totals (Application control)
b. Limit and reasonableness checks
c. Sequence tests

46

To control purchasing and accounts payable, an information

systems must include cetrain source documents which include the
following:
a. Purchase requistion
b. Purchase orders
c. Receiving reports
47 d. Vendor invoices
Direct deposit in each employee's personal bank account is the
48 best internal control for the distributions of payroll
Comparing an internally created transaction with an external
source will test the effectiveness of accounting recordkeeping
controls
49
Being able to identify the model and serial number for the laptos
represent the best control in order to safeguard the laptops
50

Foreign corrupt practices act 1977:

Prevents U.S companies from paying bribes to foreign officials for
51 the purpose of obtaining or retaining business

Foreign corrupt practices act:

Requires/Includes:
a. Subject management to fines and imprisonment
b. Prohibits bribe to foreign officials
c. Requires internal control system to be developed and maintained

Does not require:

a. Establishment of independent audit committees
52
The role of the independent auditor relative to the foreign corrupt
53 practice act is to attest to the financial statements
SOX has strengthened auditor independency by requiring
54 management selects auditors through audit committees
 A major impact of the foreign corrupt practices act of 1977 is that
registrants subjected to SEC are now required to:
a. Keep records that refect the transactions and dispositions of
55 assets and to maintain a system of internal accounting controls

Section 404 of the SOX act of 2002 requires management of

publicly traded corporations :

Requirements:
a. Establish and document internal control procedures and to
include in the annual report on the company’s internal control over
financial reporting
b. Provide a report to include a statement of managements
responsibilty for internal control and management's assement of
thne effectivness of the internal contol as of end of companys most
recent financial year
c. Provide an identification of the frame work used to evaulate the
effectiveness of the internal contol and a statement that the
external auditor has issued an attestation report on management's
assesement

Does not require:

a. Statement that audit comimittee approves the choice of
56 accounting policies and practices

All corporations whose securities are registered pursunagt to the

SEC are subject to accounting requirements of the FCPA.
However bribing- It covers all domestic companies enagaged in
57 international commerce
58 Companies should rotate audit clients every 5 years

Top down approach (ICOFR) can be best described as :

a. At Financial statement level, focusing on entity level controls ,
and working down to significant accounts and disclosures and their
59 relevant assertions
1803